User’s Guide
Default Login Details
Version 4.33 Edition 1, 01/2019
LAN Port IP Address |
https://192.168.1.1 |
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
User Name |
|
|
admin |
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|||||||||||||
Password |
1234 |
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright © 2019 Zyxel Communications Corporation
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.
The version number on the cover page refers to the latest firmware version supported by the Zyxel Device.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
•Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and supplementary information.
•More Information
Go to support.zyxel.com to find other information on Zyxel Device.
ZyWALL ATP Series User’s Guide
2
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Syntax Conventions
•All models in this series may be referred to as the “Zyxel Device” in this guide.
•Product labels, screen names, field labels and field choices are all in bold font.
•A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration > Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.
Zyxel Device |
Generic Router |
Wireless Router / Access Point |
|
|
|
Switch |
Firewall |
Server |
|
|
|
Internet |
Network Cloud |
Smartphone |
|
|
|
USB Dongle |
|
|
|
|
|
ZyWALL ATP Series User’s Guide
3
|
Contents Overview |
|
Contents Overview |
Introduction ........................................................................................................................................... |
24 |
Initial Setup Wizard ............................................................................................................................... |
46 |
Hardware, Interfaces and Zones ........................................................................................................ |
63 |
Quick Setup Wizards ............................................................................................................................. |
70 |
Dashboard .......................................................................................................................................... |
104 |
Monitor ................................................................................................................................................. |
114 |
Licensing .............................................................................................................................................. |
179 |
Wireless ................................................................................................................................................. |
185 |
Interfaces ............................................................................................................................................. |
206 |
Routing ................................................................................................................................................. |
300 |
DDNS ................................................................................................................................................... |
327 |
NAT ....................................................................................................................................................... |
333 |
Redirect Service .................................................................................................................................. |
341 |
ALG ....................................................................................................................................................... |
347 |
UPnP ..................................................................................................................................................... |
354 |
IP/MAC Binding ................................................................................................................................... |
363 |
Layer 2 Isolation .................................................................................................................................. |
368 |
DNS Inbound LB .................................................................................................................................. |
372 |
IPnP ....................................................................................................................................................... |
378 |
IPSec VPN ............................................................................................................................................ |
380 |
SSL VPN ................................................................................................................................................ |
416 |
L2TP VPN .............................................................................................................................................. |
422 |
BWM (Bandwidth Management) .................................................................................................. |
427 |
Web Authentication .......................................................................................................................... |
442 |
Security Policy ..................................................................................................................................... |
471 |
Application Patrol ............................................................................................................................... |
497 |
Content Filter ....................................................................................................................................... |
506 |
Anti-Malware ....................................................................................................................................... |
525 |
Botnet Filter .......................................................................................................................................... |
537 |
IDP ........................................................................................................................................................ |
541 |
Sandboxing ......................................................................................................................................... |
558 |
Email Security ...................................................................................................................................... |
560 |
SSL Inspection ...................................................................................................................................... |
571 |
Object .................................................................................................................................................. |
583 |
Device HA ........................................................................................................................................... |
679 |
Cloud CNM ........................................................................................................................................ |
686 |
System .................................................................................................................................................. |
693 |
Log and Report ................................................................................................................................... |
753 |
File Manager ....................................................................................................................................... |
766 |
ZyWALL ATP Series User’s Guide |
4
|
Contents Overview |
Diagnostics ......................................................................................................................................... |
781 |
Packet Flow Explore .......................................................................................................................... |
798 |
Shutdown ............................................................................................................................................. |
805 |
Troubleshooting .................................................................................................................................. |
806 |
ZyWALL ATP Series User’s Guide
5
Table of Contents |
|
Table of Contents |
|
Document Conventions ...................................................................................................................... |
3 |
Contents Overview ............................................................................................................................. |
4 |
Table of Contents ................................................................................................................................. |
6 |
Part I: User’s Guide.......................................................................................... |
23 |
Chapter 1 |
|
Introduction ........................................................................................................................................ |
24 |
1.1 Overview ......................................................................................................................................... |
24 |
1.2 Registration at myZyxel .................................................................................................................. |
24 |
1.2.1 Grace Period ......................................................................................................................... |
25 |
1.2.2 Applications ........................................................................................................................... |
25 |
1.3 Management Overview ................................................................................................................ |
28 |
1.4 Web Configurator ........................................................................................................................... |
29 |
1.4.1 Web Configurator Access .................................................................................................... |
29 |
1.4.2 Web Configurator Screens Overview ................................................................................. |
32 |
1.4.3 Navigation Panel .................................................................................................................. |
35 |
1.4.4 Tables and Lists ...................................................................................................................... |
42 |
Chapter 2 |
|
Initial Setup Wizard............................................................................................................................. |
46 |
2.1 Initial Setup Wizard Screens .......................................................................................................... |
46 |
2.1.1 Internet Access Setup - WAN Interface ............................................................................. |
46 |
2.1.2 Internet Access: Ethernet .................................................................................................... |
47 |
2.1.3 Internet Access: PPPoE ......................................................................................................... |
48 |
2.1.4 Internet Access: PPTP ........................................................................................................... |
50 |
2.1.5 Internet Access: L2TP ............................................................................................................ |
52 |
2.1.6 Internet Access Setup - Second WAN Interface ............................................................... |
54 |
2.1.7 Internet Access: Congratulations ....................................................................................... |
55 |
2.1.8 Date and Time Settings ........................................................................................................ |
56 |
2.1.9 Register Device ..................................................................................................................... |
56 |
2.1.10 Activate Service .................................................................................................................. |
58 |
2.1.11 Service Settings .................................................................................................................... |
59 |
2.1.12 Wireless Settings: AP Controller ......................................................................................... |
60 |
2.1.13 Wireless Settings: SSID & Security ...................................................................................... |
61 |
2.1.14 Remote Management ...................................................................................................... |
61 |
ZyWALL ATP Series User’s Guide |
|
6
Table of Contents |
|
Chapter 3 |
|
Hardware, Interfaces and Zones ...................................................................................................... |
63 |
3.1 Hardware Overview ....................................................................................................................... |
63 |
3.1.1 Front Panels ............................................................................................................................ |
63 |
3.1.2 Rear Panels ............................................................................................................................ |
65 |
3.2 Mounting ......................................................................................................................................... |
66 |
3.2.1 Rack-mounting ...................................................................................................................... |
66 |
3.2.2 Wall-mounting ....................................................................................................................... |
67 |
3.3 Default Zones, Interfaces, and Ports ............................................................................................ |
68 |
3.4 Stopping the Zyxel Device ............................................................................................................ |
69 |
Chapter 4 |
|
Quick Setup Wizards.......................................................................................................................... |
70 |
4.1 Quick Setup Overview ................................................................................................................... |
70 |
4.2 WAN Interface Quick Setup .......................................................................................................... |
71 |
4.2.1 Choose an Ethernet Interface ............................................................................................. |
71 |
4.2.2 Select WAN Type ................................................................................................................... |
72 |
4.2.3 Configure WAN IP Settings ................................................................................................... |
72 |
4.2.4 ISP and WAN and ISP Connection Settings ........................................................................ |
73 |
4.2.5 Quick Setup Interface Wizard: Summary ........................................................................... |
76 |
4.3 VPN Setup Wizard ........................................................................................................................... |
77 |
4.3.1 Welcome ................................................................................................................................ |
77 |
4.3.2 VPN Setup Wizard: Wizard Type .......................................................................................... |
78 |
4.3.3 VPN Express Wizard - Scenario ............................................................................................ |
79 |
4.3.4 VPN Express Wizard - Configuration ................................................................................... |
80 |
4.3.5 VPN Express Wizard - Summary ........................................................................................... |
80 |
4.3.6 VPN Express Wizard - Finish .................................................................................................. |
81 |
4.3.7 VPN Advanced Wizard - Scenario ..................................................................................... |
82 |
4.3.8 VPN Advanced Wizard - Phase 1 Settings ........................................................................ |
83 |
4.3.9 VPN Advanced Wizard - Phase 2 ....................................................................................... |
85 |
4.3.10 VPN Advanced Wizard - Summary .................................................................................. |
86 |
4.3.11 VPN Advanced Wizard - Finish ......................................................................................... |
88 |
4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ............................................. |
89 |
4.4.1 Configuration Provisioning Express Wizard - VPN Settings ............................................... |
89 |
4.4.2 Configuration Provisioning VPN Express Wizard - Configuration .................................... |
90 |
4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ........................ |
91 |
4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ................................ |
92 |
4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................... |
93 |
4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings ...... |
94 |
4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................... |
96 |
4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary .................. |
96 |
4.4.9 VPN Settings for Configuration Provisioning Advanced WizardFinish .......................... |
99 |
4.5 VPN Settings for L2TP VPN Settings Wizard ................................................................................... |
99 |
ZyWALL ATP Series User’s Guide |
|
7
|
Table of Contents |
|
|
4.5.1 L2TP VPN Settings ................................................................................................................ |
100 |
|
4.5.2 L2TP VPN Settings ................................................................................................................ |
101 |
|
4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... |
101 |
|
4.5.4 VPN Settings for L2TP VPN Setting Wizard Completed ................................................... |
103 |
Chapter 5 |
|
|
Dashboard........................................................................................................................................ |
104 |
|
5.1 |
Overview ....................................................................................................................................... |
104 |
|
5.1.1 What You Can Do in this Chapter ..................................................................................... |
104 |
5.2 |
The General Screen ..................................................................................................................... |
104 |
|
5.2.1 Device Information Screen ................................................................................................ |
106 |
|
5.2.2 System Status Screen .......................................................................................................... |
107 |
|
5.2.3 Tx/Rx Statistics ...................................................................................................................... |
107 |
|
5.2.4 The Latest Logs Screen ....................................................................................................... |
108 |
|
5.2.5 System Resources Screen ................................................................................................... |
108 |
|
5.2.6 DHCP Table Screen ............................................................................................................. |
109 |
|
5.2.7 Number of Login Users Screen ........................................................................................... |
110 |
|
5.2.8 Current Login User ............................................................................................................... |
111 |
|
5.2.9 VPN Status ............................................................................................................................ |
111 |
|
5.2.10 SSL VPN Status .................................................................................................................... |
111 |
5.3 |
The Advanced Threat Protection Screen .................................................................................. |
112 |
Part II: Technical Reference......................................................................... |
113 |
|
Chapter 6 |
|
|
Monitor.............................................................................................................................................. |
|
114 |
6.1 |
Overview ....................................................................................................................................... |
114 |
|
6.1.1 What You Can Do in this Chapter ..................................................................................... |
114 |
6.2 |
The Port Statistics Screen ............................................................................................................ |
116 |
|
6.2.1 The Port Statistics Graph Screen ....................................................................................... |
117 |
6.3 |
Interface Status Screen ................................................................................................................ |
118 |
6.4 |
The Traffic Statistics Screen .......................................................................................................... |
121 |
6.5 |
The Session Monitor Screen ........................................................................................................ |
124 |
6.6 |
The Login Users Screen ................................................................................................................ |
126 |
6.7 |
IGMP Statistics ............................................................................................................................... |
127 |
6.8 |
The DDNS Status Screen ............................................................................................................... |
128 |
6.9 |
IP/MAC Binding ............................................................................................................................. |
128 |
6.10 Cellular Status Screen ................................................................................................................ |
129 |
|
|
6.10.1 More Information .............................................................................................................. |
132 |
6.11 The UPnP Port Status Screen ..................................................................................................... |
133 |
|
6.12 USB Storage Screen .................................................................................................................... |
134 |
|
|
ZyWALL ATP Series User’s Guide |
|
8
|
Table of Contents |
|
6.13 |
Ethernet Neighbor Screen ........................................................................................................ |
135 |
6.14 FQDN Object Screen ................................................................................................................ |
136 |
|
6.15 |
AP Information: AP List ............................................................................................................... |
138 |
6.15.1 AP List: More Information ................................................................................................ |
140 |
|
6.15.2 AP List: Config AP ............................................................................................................. |
143 |
|
6.16 |
AP Information: Radio List .......................................................................................................... |
145 |
6.16.1 Radio List: More Information ............................................................................................ |
147 |
|
6.17 |
AP Information: Top N APs ........................................................................................................ |
148 |
6.18 |
AP Information: Single AP .......................................................................................................... |
150 |
6.19 |
ZyMesh ......................................................................................................................................... |
151 |
6.20 |
SSID Info ....................................................................................................................................... |
152 |
6.21 |
Station Info: Station List .............................................................................................................. |
152 |
6.22 |
Station Info: Top N Stations ........................................................................................................ |
153 |
6.23 |
Station Info: Single Station ......................................................................................................... |
154 |
6.24 Detected Device ....................................................................................................................... |
155 |
|
6.25 |
The IPSec Screen ........................................................................................................................ |
156 |
6.26 |
The SSL Screen ............................................................................................................................. |
158 |
6.27 |
The L2TP over IPSec Screen ....................................................................................................... |
158 |
6.28 |
The Content Filter Screen .......................................................................................................... |
159 |
6.29 |
The App Patrol Screen ............................................................................................................... |
161 |
6.30 |
The Anti-Malware Screen .......................................................................................................... |
162 |
6.31 |
The IDP Screen ............................................................................................................................ |
164 |
6.32 |
The Email Security Screens ......................................................................................................... |
166 |
6.32.1 Email Security Summary ................................................................................................... |
166 |
|
6.32.2 The Email Security Status Screen ..................................................................................... |
168 |
|
6.33 |
The Botnet Filter Screen .............................................................................................................. |
170 |
6.34 |
The Sandboxing Screen ............................................................................................................. |
171 |
6.35 |
The SSL Inspection Screens ........................................................................................................ |
172 |
6.35.1 Certificate Cache List ....................................................................................................... |
173 |
|
6.36 |
Log Screens ................................................................................................................................. |
174 |
6.36.1 View Log ............................................................................................................................ |
174 |
|
6.36.2 View AP Log ....................................................................................................................... |
176 |
|
Chapter 7 |
|
|
Licensing........................................................................................................................................... |
|
179 |
7.1 Registration Overview .................................................................................................................. |
179 |
|
7.1.1 What you Need to Know .................................................................................................... |
179 |
|
7.1.2 Registration Screen ............................................................................................................. |
180 |
|
7.1.3 Service Screen ..................................................................................................................... |
180 |
|
7.2 Signature Update ......................................................................................................................... |
182 |
|
7.2.1 What you Need to Know .................................................................................................... |
182 |
|
7.2.2 The Signature Screen .......................................................................................................... |
183 |
|
7.2.3 Auto Update ........................................................................................................................ |
183 |
|
|
ZyWALL ATP Series User’s Guide |
|
9
|
Table of Contents |
|
Chapter 8 |
|
|
Wireless ............................................................................................................................................. |
|
185 |
8.1 |
Overview ....................................................................................................................................... |
185 |
|
8.1.1 What You Can Do in this Chapter ..................................................................................... |
185 |
8.2 |
Controller Screen ......................................................................................................................... |
185 |
8.3 AP Management Screens ........................................................................................................... |
186 |
|
|
8.3.1 Mgnt. AP List ....................................................................................................................... |
186 |
|
8.3.2 AP Policy .............................................................................................................................. |
190 |
|
8.3.3 AP Group ............................................................................................................................. |
191 |
|
8.3.4 Firmware ............................................................................................................................... |
197 |
8.4 MON Mode ................................................................................................................................... |
198 |
|
|
8.4.1 Add/Edit Rogue/Friendly List .............................................................................................. |
200 |
8.5 |
Auto Healing ................................................................................................................................. |
201 |
8.6 |
RTLS Overview ............................................................................................................................... |
201 |
|
8.6.1 What You Can Do in this Chapter ..................................................................................... |
202 |
|
8.6.2 Before You Begin ................................................................................................................. |
202 |
|
8.6.3 Configuring RTLS .................................................................................................................. |
203 |
8.7 |
Technical Reference .................................................................................................................... |
204 |
|
8.7.1 Dynamic Channel Selection .............................................................................................. |
204 |
|
8.7.2 Load Balancing ................................................................................................................... |
205 |
Chapter 9 |
|
|
Interfaces |
.......................................................................................................................................... |
206 |
9.1 |
Interface Overview ...................................................................................................................... |
206 |
|
9.1.1 What You Can Do in this Chapter ..................................................................................... |
206 |
|
9.1.2 What You Need to Know ................................................................................................... |
206 |
|
9.1.3 What You Need to Do First ................................................................................................. |
211 |
9.2 |
Port Role ......................................................................................................................................... |
211 |
9.3 |
Ethernet Summary Screen ........................................................................................................... |
212 |
|
9.3.1 Ethernet Edit ........................................................................................................................ |
214 |
|
9.3.2 Proxy ARP ............................................................................................................................. |
229 |
|
9.3.3 Virtual Interfaces ................................................................................................................ |
230 |
|
9.3.4 References ........................................................................................................................... |
231 |
|
9.3.5 Add/Edit DHCPv6 Request/Release Options ................................................................... |
232 |
|
9.3.6 Add/Edit DHCP Extended Options ................................................................................... |
233 |
9.4 |
PPP Interfaces ............................................................................................................................... |
234 |
|
9.4.1 PPP Interface Summary ...................................................................................................... |
235 |
|
9.4.2 PPP Interface Add or Edit .................................................................................................. |
236 |
9.5 |
Cellular Configuration Screen ..................................................................................................... |
241 |
|
9.5.1 Cellular Choose Slot ........................................................................................................... |
244 |
|
9.5.2 Add / Edit Cellular Configuration ...................................................................................... |
244 |
9.6 |
Tunnel Interfaces .......................................................................................................................... |
250 |
|
9.6.1 Configuring a Tunnel .......................................................................................................... |
252 |
|
ZyWALL ATP Series User’s Guide |
|
10
|
Table of Contents |
|
9.6.2 Tunnel Add or Edit Screen .................................................................................................. |
253 |
|
9.7 VLAN Interfaces ........................................................................................................................... |
257 |
|
9.7.1 VLAN Summary Screen ....................................................................................................... |
258 |
|
9.7.2 VLAN Add/Edit ................................................................................................................... |
259 |
|
9.8 Bridge Interfaces .......................................................................................................................... |
270 |
|
9.8.1 Bridge Summary .................................................................................................................. |
272 |
|
9.8.2 Bridge Add/Edit .................................................................................................................. |
273 |
|
9.9 VTI ................................................................................................................................................... |
283 |
|
9.9.1 Restrictions for IPSec Virtual Tunnel Interface .................................................................. |
284 |
|
9.9.2 VTI Screen ............................................................................................................................ |
284 |
|
9.9.3 VTI Add/Edit ......................................................................................................................... |
285 |
|
9.10 |
Trunk Overview ........................................................................................................................... |
288 |
9.10.1 What You Need to Know ................................................................................................. |
288 |
|
9.11 The Trunk Summary Screen ........................................................................................................ |
291 |
|
9.11.1 Configuring a User-Defined Trunk ................................................................................... |
292 |
|
9.11.2 Configuring the System Default Trunk ............................................................................ |
294 |
|
9.12 |
Interface Technical Reference ................................................................................................. |
296 |
Chapter 10 |
|
|
Routing .............................................................................................................................................. |
|
300 |
10.1 |
Policy and Static Routes Overview ........................................................................................... |
300 |
10.1.1 What You Can Do in this Chapter ................................................................................... |
300 |
|
10.1.2 What You Need to Know ................................................................................................ |
301 |
|
10.2 |
Policy Route Screen ................................................................................................................... |
302 |
10.2.1 Policy Route Edit Screen .................................................................................................. |
304 |
|
10.3 |
IP Static Route Screen ................................................................................................................ |
309 |
10.3.1 Static Route Add/Edit Screen .......................................................................................... |
309 |
|
10.4 |
Policy Routing Technical Reference ........................................................................................ |
311 |
10.5 |
Routing Protocols Overview ..................................................................................................... |
311 |
10.5.1 What You Need to Know ................................................................................................. |
312 |
|
10.6 |
The RIP Screen ............................................................................................................................. |
312 |
10.7 The OSPF Screen ......................................................................................................................... |
314 |
|
10.7.1 Configuring the OSPF Screen .......................................................................................... |
317 |
|
10.7.2 OSPF Area Add/Edit Screen ........................................................................................... |
318 |
|
10.7.3 Virtual Link Add/Edit Screen ........................................................................................... |
320 |
|
10.8 |
BGP (Border Gateway Protocol) .............................................................................................. |
321 |
10.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................ |
322 |
|
10.8.2 Configuring the BGP Screen ............................................................................................ |
322 |
|
10.8.3 The BGP Neighbors Screen .............................................................................................. |
324 |
|
10.8.4 Example Scenario ............................................................................................................. |
325 |
|
Chapter 11 |
|
|
DDNS ................................................................................................................................................ |
|
327 |
|
ZyWALL ATP Series User’s Guide |
|
11
Table of Contents |
|
11.1 DDNS Overview ........................................................................................................................... |
327 |
11.1.1 What You Can Do in this Chapter ................................................................................... |
327 |
11.1.2 What You Need to Know ................................................................................................. |
327 |
11.2 The DDNS Screen ........................................................................................................................ |
328 |
11.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ |
329 |
Chapter 12 |
|
NAT .................................................................................................................................................... |
333 |
12.1 NAT Overview ............................................................................................................................. |
333 |
12.1.1 What You Can Do in this Chapter ................................................................................... |
333 |
12.1.2 What You Need to Know ................................................................................................. |
333 |
12.2 The NAT Screen ........................................................................................................................... |
334 |
12.2.1 The NAT Add/Edit Screen ................................................................................................. |
336 |
12.3 NAT Technical Reference .......................................................................................................... |
339 |
Chapter 13 |
|
Redirect Service............................................................................................................................... |
341 |
13.1 Overview ..................................................................................................................................... |
341 |
13.1.1 HTTP Redirect ..................................................................................................................... |
341 |
13.1.2 SMTP Redirect .................................................................................................................... |
341 |
13.1.3 What You Can Do in this Chapter ................................................................................... |
342 |
13.1.4 What You Need to Know ................................................................................................. |
342 |
13.2 The Redirect Service Screen ..................................................................................................... |
344 |
13.2.1 The Redirect Service Edit Screen ..................................................................................... |
345 |
Chapter 14 |
|
ALG.................................................................................................................................................... |
347 |
14.1 ALG Overview ............................................................................................................................. |
347 |
14.1.1 What You Need to Know ................................................................................................. |
347 |
14.1.2 Before You Begin ............................................................................................................... |
350 |
14.2 The ALG Screen .......................................................................................................................... |
350 |
14.3 ALG Technical Reference ......................................................................................................... |
352 |
Chapter 15 |
|
UPnP................................................................................................................................................... |
354 |
15.1 UPnP and NAT-PMP Overview ................................................................................................... |
354 |
15.2 What You Need to Know ........................................................................................................... |
354 |
15.2.1 NAT Traversal ..................................................................................................................... |
354 |
15.2.2 Cautions with UPnP and NAT-PMP .................................................................................. |
355 |
15.3 UPnP Screen ................................................................................................................................ |
355 |
15.4 Technical Reference .................................................................................................................. |
356 |
15.4.1 Turning on UPnP in Windows 7 Example ......................................................................... |
356 |
15.4.2 Web Configurator Easy Access ....................................................................................... |
360 |
ZyWALL ATP Series User’s Guide |
|
12
Table of Contents |
|
Chapter 16 |
|
IP/MAC Binding................................................................................................................................ |
363 |
16.1 IP/MAC Binding Overview ......................................................................................................... |
363 |
16.1.1 What You Can Do in this Chapter ................................................................................... |
363 |
16.1.2 What You Need to Know ................................................................................................. |
363 |
16.2 IP/MAC Binding Summary ......................................................................................................... |
364 |
16.2.1 IP/MAC Binding Edit .......................................................................................................... |
365 |
16.2.2 Static DHCP Edit ................................................................................................................ |
366 |
16.3 IP/MAC Binding Exempt List ....................................................................................................... |
367 |
Chapter 17 |
|
Layer 2 Isolation ............................................................................................................................... |
368 |
17.1 Overview ..................................................................................................................................... |
368 |
17.1.1 What You Can Do in this Chapter ................................................................................... |
368 |
17.2 Layer-2 Isolation General Screen ............................................................................................. |
368 |
17.3 White List Screen ......................................................................................................................... |
369 |
17.3.1 Add/Edit White List Rule ................................................................................................... |
370 |
Chapter 18 |
|
DNS Inbound LB................................................................................................................................ |
372 |
18.1 DNS Inbound Load Balancing Overview ................................................................................. |
372 |
18.1.1 What You Can Do in this Chapter ................................................................................... |
372 |
18.2 The DNS Inbound LB Screen ...................................................................................................... |
373 |
18.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ |
374 |
18.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ |
376 |
Chapter 19 |
|
IPnP.................................................................................................................................................... |
378 |
19.1 IPnP Overview ............................................................................................................................ |
378 |
19.1.1 What You Can Do in this Chapter ................................................................................... |
378 |
19.2 IPnP Screen .................................................................................................................................. |
379 |
Chapter 20 |
|
IPSec VPN ......................................................................................................................................... |
380 |
20.1 Virtual Private Networks (VPN) Overview ................................................................................. |
380 |
20.1.1 What You Can Do in this Chapter ................................................................................... |
382 |
20.1.2 What You Need to Know ................................................................................................. |
382 |
20.1.3 Before You Begin ............................................................................................................... |
385 |
20.2 The VPN Connection Screen ..................................................................................................... |
385 |
20.2.1 The VPN Connection Add/Edit Screen .......................................................................... |
387 |
20.3 The VPN Gateway Screen ......................................................................................................... |
394 |
20.3.1 The VPN Gateway Add/Edit Screen ............................................................................... |
395 |
20.4 VPN Concentrator ..................................................................................................................... |
402 |
ZyWALL ATP Series User’s Guide |
|
13
|
Table of Contents |
|
20.4.1 VPN Concentrator Requirements and Suggestions ...................................................... |
402 |
|
20.4.2 VPN Concentrator Screen ............................................................................................... |
403 |
|
20.4.3 The VPN Concentrator Add/Edit Screen ........................................................................ |
403 |
|
20.5 |
Zyxel Device IPSec VPN Client Configuration Provisioning .................................................... |
404 |
20.6 |
IPSec VPN Background Information ......................................................................................... |
406 |
Chapter 21 |
|
|
SSL VPN.............................................................................................................................................. |
|
416 |
21.1 |
Overview ..................................................................................................................................... |
416 |
21.1.1 What You Can Do in this Chapter ................................................................................... |
416 |
|
21.1.2 What You Need to Know ................................................................................................. |
416 |
|
21.2 |
The SSL Access Privilege Screen ................................................................................................ |
417 |
21.2.1 The SSL Access Privilege Policy Add/Edit Screen ......................................................... |
418 |
|
21.3 |
The SSL Global Setting Screen ................................................................................................... |
420 |
Chapter 22 |
|
|
L2TP VPN............................................................................................................................................ |
|
422 |
22.1 |
Overview ..................................................................................................................................... |
422 |
22.1.1 What You Can Do in this Chapter ................................................................................... |
422 |
|
22.1.2 What You Need to Know ................................................................................................. |
422 |
|
22.2 |
L2TP VPN Screen ......................................................................................................................... |
423 |
22.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................ |
425 |
|
Chapter 23 |
|
|
BWM (Bandwidth Management) ................................................................................................. |
427 |
|
23.1 |
Overview ..................................................................................................................................... |
427 |
23.1.1 What You Can Do in this Chapter ................................................................................... |
427 |
|
23.1.2 What You Need to Know ................................................................................................ |
427 |
|
23.2 The Bandwidth Management Configuration .......................................................................... |
431 |
|
23.2.1 The Bandwidth Management Add/Edit Screen ............................................................ |
434 |
|
Chapter 24 |
|
|
Web Authentication ........................................................................................................................ |
442 |
|
24.1 Web Auth Overview ................................................................................................................... |
442 |
|
24.1.1 What You Can Do in this Chapter ................................................................................... |
442 |
|
24.1.2 What You Need to Know ................................................................................................. |
443 |
|
24.2 |
Web Authentication General Screen ...................................................................................... |
443 |
24.2.1 User-aware Access Control Example ............................................................................. |
448 |
|
24.2.2 Authentication Type Screen ............................................................................................ |
454 |
|
24.2.3 Custom Web Portal / User Agreement File Screen ....................................................... |
458 |
|
24.3 SSO Overview .............................................................................................................................. |
459 |
|
24.4 |
SSO - Zyxel Device Configuration ............................................................................................. |
461 |
24.4.1 Configuration Overview ................................................................................................... |
461 |
|
|
ZyWALL ATP Series User’s Guide |
|
14
|
Table of Contents |
|
24.4.2 Configure the Zyxel Device to Communicate with SSO .............................................. |
461 |
|
24.4.3 Enable Web Authentication ............................................................................................ |
462 |
|
24.4.4 Create a Security Policy ................................................................................................... |
464 |
|
24.4.5 Configure User Information .............................................................................................. |
465 |
|
24.4.6 Configure an Authentication Method ........................................................................... |
466 |
|
24.4.7 Configure Active Directory .............................................................................................. |
467 |
|
24.5 |
SSO Agent Configuration .......................................................................................................... |
468 |
Chapter 25 |
|
|
Security Policy.................................................................................................................................. |
471 |
|
25.1 |
Overview ..................................................................................................................................... |
471 |
25.2 |
One Security ................................................................................................................................ |
472 |
25.3 What You Can Do in this Chapter ............................................................................................ |
475 |
|
25.3.1 What You Need to Know ................................................................................................. |
475 |
|
25.4 |
The Security Policy Screen ......................................................................................................... |
477 |
25.4.1 Configuring the Security Policy Control Screen ............................................................ |
478 |
|
25.4.2 The Security Policy Control Add/Edit Screen ................................................................. |
482 |
|
25.5 Anomaly Detection and Prevention Overview ...................................................................... |
483 |
|
25.5.1 The Anomaly Detection and Prevention General Screen ........................................... |
484 |
|
25.5.2 Creating New ADP Profiles .............................................................................................. |
485 |
|
25.5.3 Traffic Anomaly Profiles ................................................................................................... |
486 |
|
25.5.4 Protocol Anomaly Profiles ................................................................................................ |
489 |
|
25.6 |
The Session Control Screen ........................................................................................................ |
492 |
25.6.1 The Session Control Add/Edit Screen .............................................................................. |
493 |
|
25.7 |
Security Policy Example Applications ...................................................................................... |
494 |
Chapter 26 |
|
|
Application Patrol ............................................................................................................................ |
497 |
|
26.1 |
Overview ..................................................................................................................................... |
497 |
26.1.1 What You Can Do in this Chapter ................................................................................... |
497 |
|
26.1.2 What You Need to Know ................................................................................................ |
497 |
|
26.2 |
Application Patrol Profile ........................................................................................................... |
498 |
26.2.1 Apply to a Security Policy ................................................................................................ |
499 |
|
26.2.2 The Application Patrol Profile Add/Edit Screen - My Application ............................... |
502 |
|
26.2.3 The Application Patrol Profile Add/Edit Screen - Query Result .................................... |
503 |
|
Chapter 27 |
|
|
Content Filter .................................................................................................................................... |
506 |
|
27.1 |
Overview ..................................................................................................................................... |
506 |
27.1.1 What You Can Do in this Chapter ................................................................................... |
506 |
|
27.1.2 What You Need to Know ................................................................................................. |
506 |
|
27.1.3 Before You Begin ............................................................................................................... |
508 |
|
27.2 |
Content Filter Profile Screen ...................................................................................................... |
508 |
|
ZyWALL ATP Series User’s Guide |
|
15
|
Table of Contents |
|
27.2.1 Apply to a Security Policy ................................................................................................ |
509 |
|
27.2.2 Content Filter Add Profile Category Service .................................................................. |
512 |
|
27.2.3 Content Filter Add Filter Profile Custom Service ........................................................... |
518 |
|
27.3 |
Content Filter Trusted Web Sites Screen ................................................................................. |
521 |
27.4 |
Content Filter Forbidden Web Sites Screen ............................................................................ |
522 |
27.5 |
Content Filter Technical Reference ......................................................................................... |
523 |
Chapter 28 |
|
|
Anti-Malware.................................................................................................................................... |
525 |
|
28.1 |
Overview ..................................................................................................................................... |
525 |
28.1.1 What You Can Do in this Chapter ................................................................................... |
529 |
|
28.2 |
Anti-Malware Screen ................................................................................................................. |
530 |
28.2.1 Anti-Malware Black List or White List Add/Edit ............................................................... |
533 |
|
28.3 |
Anti-Malware Signature Searching ........................................................................................... |
534 |
28.4 |
Anti-Malware Technical Reference ......................................................................................... |
535 |
Chapter 29 |
|
|
Botnet Filter ....................................................................................................................................... |
537 |
|
29.1 |
Overview ..................................................................................................................................... |
537 |
29.1.1 What You Can Do in this Chapter ................................................................................... |
537 |
|
29.2 |
Botnet Filter Screen ..................................................................................................................... |
537 |
Chapter 30 |
|
|
IDP ..................................................................................................................................................... |
|
541 |
30.1 |
Overview ..................................................................................................................................... |
541 |
30.1.1 What You Can Do in this Chapter ................................................................................... |
541 |
|
30.1.2 What You Need To Know ................................................................................................. |
541 |
|
30.1.3 Before You Begin ............................................................................................................... |
541 |
|
30.2 |
The IDP Screen ............................................................................................................................ |
541 |
30.2.1 Query Example .................................................................................................................. |
546 |
|
30.3 |
IDP Custom Signatures .............................................................................................................. |
547 |
30.3.1 Add / Edit Custom Signatures ......................................................................................... |
548 |
|
30.3.2 Custom Signature Example ............................................................................................. |
552 |
|
30.3.3 Applying Custom Signatures ............................................................................................ |
554 |
|
30.3.4 Verifying Custom Signatures ............................................................................................ |
555 |
|
30.4 |
IDP Technical Reference ........................................................................................................... |
555 |
Chapter 31 |
|
|
Sandboxing ...................................................................................................................................... |
558 |
|
31.1 |
Overview ..................................................................................................................................... |
558 |
31.1.1 What You Can Do in this Chapter ................................................................................... |
558 |
|
31.2 Sandboxing Screen .................................................................................................................... |
558 |
|
|
ZyWALL ATP Series User’s Guide |
|
16
|
Table of Contents |
|
Chapter 32 |
|
|
Email Security ................................................................................................................................... |
560 |
|
32.1 |
Overview ..................................................................................................................................... |
560 |
32.1.1 What You Can Do in this Chapter ................................................................................... |
560 |
|
32.1.2 What You Need to Know ................................................................................................. |
560 |
|
32.2 |
Before You Begin ........................................................................................................................ |
561 |
32.3 |
The Email Security Screen .......................................................................................................... |
562 |
32.4 |
The Black List / White List Screen ............................................................................................... |
565 |
32.4.1 The Black or White List Add/Edit Screen ......................................................................... |
566 |
|
32.4.2 Regular Expressions in Black or White List Entries ........................................................... |
567 |
|
32.5 |
Email Security Technical Reference ......................................................................................... |
567 |
Chapter 33 |
|
|
SSL Inspection................................................................................................................................... |
571 |
|
33.1 |
Overview ..................................................................................................................................... |
571 |
33.1.1 What You Can Do in this Chapter ................................................................................... |
571 |
|
33.1.2 What You Need To Know ................................................................................................. |
571 |
|
33.1.3 Before You Begin ............................................................................................................... |
572 |
|
33.2 |
The SSL Inspection Profile Screen .............................................................................................. |
572 |
33.2.1 Apply to a Security Policy ................................................................................................ |
573 |
|
33.2.2 Add / Edit SSL Inspection Profiles .................................................................................... |
576 |
|
33.3 |
Exclude List Screen .................................................................................................................... |
577 |
33.4 |
Certificate Update Screen ....................................................................................................... |
579 |
33.5 |
Install a CA Certificate in a Browser ......................................................................................... |
580 |
Chapter 34 |
|
|
Object ............................................................................................................................................... |
|
583 |
34.1 |
Zones Overview .......................................................................................................................... |
583 |
34.1.1 What You Need to Know ................................................................................................. |
583 |
|
34.1.2 The Zone Screen ................................................................................................................ |
584 |
|
34.2 |
User/Group Overview ................................................................................................................ |
586 |
34.2.1 What You Need To Know ................................................................................................. |
586 |
|
34.2.2 User/Group User Summary Screen .................................................................................. |
588 |
|
34.2.3 User/Group Group Summary Screen .............................................................................. |
591 |
|
34.2.4 User/Group Setting Screen ............................................................................................. |
593 |
|
34.2.5 User/Group MAC Address Summary Screen ................................................................ |
598 |
|
34.2.6 User /Group Technical Reference .................................................................................. |
600 |
|
34.3 |
AP Profile Overview .................................................................................................................... |
600 |
34.3.1 Radio Screen ..................................................................................................................... |
601 |
|
34.3.2 SSID Screen ....................................................................................................................... |
607 |
|
34.4 |
MON Profile ................................................................................................................................ |
616 |
34.4.1 Overview ............................................................................................................................ |
616 |
|
34.4.2 Configuring MON Profile ................................................................................................. |
617 |
|
|
ZyWALL ATP Series User’s Guide |
|
17
Table of Contents |
|
34.4.3 Add/Edit MON Profile ....................................................................................................... |
618 |
34.4.4 Technical Reference ........................................................................................................ |
619 |
34.5 ZyMesh Overview ....................................................................................................................... |
620 |
34.5.1 ZyMesh Profile .................................................................................................................... |
622 |
34.5.2 Add/Edit ZyMesh Profile ................................................................................................... |
623 |
34.6 Address/Geo IP Overview ......................................................................................................... |
623 |
34.6.1 What You Need To Know ................................................................................................. |
624 |
34.6.2 Address Summary Screen ................................................................................................ |
624 |
34.6.3 Address Group Summary Screen .................................................................................... |
628 |
34.6.4 Geo IP Summary Screen .................................................................................................. |
630 |
34.7 Service Overview ........................................................................................................................ |
632 |
34.7.1 What You Need to Know ................................................................................................. |
632 |
34.7.2 The Service Summary Screen .......................................................................................... |
633 |
34.7.3 The Service Group Summary Screen ............................................................................. |
635 |
34.8 Schedule Overview ................................................................................................................... |
636 |
34.8.1 What You Need to Know ................................................................................................. |
637 |
34.8.2 The Schedule Screen ........................................................................................................ |
637 |
34.8.3 The Schedule Group Screen ............................................................................................ |
640 |
34.9 AAA Server Overview ............................................................................................................... |
642 |
34.9.1 Directory Service (AD/LDAP) ........................................................................................... |
642 |
34.9.2 RADIUS Server .................................................................................................................... |
642 |
34.9.3 ASAS .................................................................................................................................... |
643 |
34.9.4 What You Need To Know ................................................................................................. |
643 |
34.9.5 Active Directory or LDAP Server Summary ..................................................................... |
645 |
34.9.6 RADIUS Server Summary ................................................................................................... |
648 |
34.10 Auth. Method Overview ........................................................................................................ |
651 |
34.10.1 Before You Begin ............................................................................................................. |
651 |
34.10.2 Example: Selecting a VPN Authentication Method ................................................... |
651 |
34.10.3 Authentication Method Objects ................................................................................... |
652 |
34.10.4 Two-Factor Authentication ............................................................................................ |
654 |
34.11 Certificate Overview ............................................................................................................... |
657 |
34.11.1 What You Need to Know ............................................................................................... |
657 |
34.11.2 Verifying a Certificate .................................................................................................... |
659 |
34.11.3 The My Certificates Screen ............................................................................................ |
660 |
34.11.4 The Trusted Certificates Screen .................................................................................... |
667 |
34.11.5 Certificates Technical Reference ................................................................................. |
672 |
34.12 ISP Account Overview ............................................................................................................ |
672 |
34.12.1 ISP Account Summary .................................................................................................... |
672 |
34.13 DHCPv6 Overview .................................................................................................................... |
675 |
34.13.1 The DHCPv6 Request Screen ......................................................................................... |
675 |
34.13.2 The DHCPv6 Lease Screen ............................................................................................. |
677 |
Chapter 35 |
|
Device HA......................................................................................................................................... |
679 |
ZyWALL ATP Series User’s Guide |
|
18
Table of Contents |
|
35.1 Device HA Overview .................................................................................................................. |
679 |
35.1.1 What You Can Do in These Screens ................................................................................ |
679 |
35.2 Device HA Status ........................................................................................................................ |
679 |
35.3 Device HA Pro ............................................................................................................................. |
681 |
35.3.1 Deploying Device HA Pro ................................................................................................ |
682 |
35.3.2 Configuring Device HA Pro .............................................................................................. |
682 |
35.4 View Log ...................................................................................................................................... |
684 |
Chapter 36 |
|
Cloud CNM...................................................................................................................................... |
686 |
36.1 Cloud CNM Overview ................................................................................................................ |
686 |
36.1.1 What You Can Do in this Chapter ................................................................................... |
686 |
36.2 Cloud CNM SecuManager ....................................................................................................... |
686 |
36.3 Cloud CNM SecuReporter ......................................................................................................... |
689 |
Chapter 37 |
|
System............................................................................................................................................... |
693 |
37.1 Overview ..................................................................................................................................... |
693 |
37.1.1 What You Can Do in this Chapter ................................................................................... |
693 |
37.2 Host Name ................................................................................................................................... |
694 |
37.3 USB Storage ................................................................................................................................. |
694 |
37.4 Date and Time ............................................................................................................................ |
695 |
37.4.1 Pre-defined NTP Time Servers List ..................................................................................... |
698 |
37.4.2 Time Server Synchronization ............................................................................................ |
698 |
37.5 Console Port Speed ................................................................................................................... |
699 |
37.6 DNS Overview ............................................................................................................................. |
700 |
37.6.1 DNS Server Address Assignment ...................................................................................... |
700 |
37.6.2 Configuring the DNS Screen ............................................................................................ |
700 |
37.6.3 (IPv6) Address Record ...................................................................................................... |
704 |
37.6.4 PTR Record ......................................................................................................................... |
704 |
37.6.5 Adding an (IPv6) Address/PTR Record .......................................................................... |
704 |
37.6.6 CNAME Record ................................................................................................................. |
705 |
37.6.7 Adding a CNAME Record ................................................................................................ |
705 |
37.6.8 Domain Zone Forwarder ................................................................................................. |
706 |
37.6.9 Adding a Domain Zone Forwarder ................................................................................. |
706 |
37.6.10 MX Record ...................................................................................................................... |
707 |
37.6.11 Adding a MX Record ...................................................................................................... |
707 |
37.6.12 Security Option Control .................................................................................................. |
708 |
37.6.13 Editing a Security Option Control .................................................................................. |
708 |
37.6.14 Adding a DNS Service Control Rule .............................................................................. |
709 |
37.7 WWW Overview .......................................................................................................................... |
710 |
37.7.1 Service Access Limitations ............................................................................................... |
710 |
37.7.2 System Timeout .................................................................................................................. |
710 |
ZyWALL ATP Series User’s Guide |
|
19
Table of Contents |
|
37.7.3 HTTPS ................................................................................................................................... |
710 |
37.7.4 Configuring WWW Service Control ................................................................................. |
711 |
37.7.5 Service Control Rules ........................................................................................................ |
714 |
37.7.6 Customizing the WWW Login Page ................................................................................ |
715 |
37.7.7 HTTPS Example ................................................................................................................... |
720 |
37.8 SSH ............................................................................................................................................. |
727 |
37.8.1 How SSH Works .................................................................................................................. |
728 |
37.8.2 SSH Implementation on the Zyxel Device ...................................................................... |
729 |
37.8.3 Requirements for Using SSH .............................................................................................. |
729 |
37.8.4 Configuring SSH ................................................................................................................. |
729 |
37.8.5 Service Control Rules ........................................................................................................ |
730 |
37.8.6 Secure Telnet Using SSH Examples .................................................................................. |
731 |
37.9 Telnet ........................................................................................................................................... |
732 |
37.9.1 Configuring Telnet ............................................................................................................. |
732 |
37.9.2 Service Control Rules ........................................................................................................ |
734 |
37.10 FTP .............................................................................................................................................. |
734 |
37.10.1 Configuring FTP ................................................................................................................ |
734 |
37.10.2 Service Control Rules ...................................................................................................... |
736 |
37.11 SNMP ......................................................................................................................................... |
736 |
37.11.1 SNMPv3 and Security ...................................................................................................... |
737 |
37.11.2 Supported MIBs ............................................................................................................... |
738 |
37.11.3 SNMP Traps ....................................................................................................................... |
738 |
37.11.4 Configuring SNMP ........................................................................................................... |
738 |
37.11.5 Add SNMPv3 User ............................................................................................................ |
741 |
37.11.6 Service Control Rules ...................................................................................................... |
741 |
37.12 Authentication Server .............................................................................................................. |
742 |
37.12.1 Add/Edit Trusted RADIUS Client .................................................................................... |
744 |
37.13 Notification > Mail Server ......................................................................................................... |
744 |
37.14 Notification > SMS ..................................................................................................................... |
746 |
37.15 Language Screen ..................................................................................................................... |
747 |
37.16 IPv6 Screen ................................................................................................................................ |
747 |
37.17 Zyxel One Network (ZON) Utility ............................................................................................. |
748 |
37.17.1 Requirements ................................................................................................................... |
748 |
37.17.2 Run the ZON Utility ........................................................................................................... |
749 |
37.17.3 Zyxel One Network (ZON) System Screen .................................................................... |
752 |
Chapter 38 |
|
Log and Report................................................................................................................................. |
753 |
38.1 Overview ..................................................................................................................................... |
753 |
38.1.1 What You Can Do In this Chapter .................................................................................. |
753 |
38.2 Email Daily Report ....................................................................................................................... |
753 |
38.3 Log Setting Screens ................................................................................................................... |
755 |
38.3.1 Log Setting Summary ........................................................................................................ |
755 |
ZyWALL ATP Series User’s Guide |
|
20
|
Table of Contents |
|
38.3.2 Edit System Log Settings .................................................................................................. |
756 |
|
38.3.3 Edit Log on USB Storage Setting ..................................................................................... |
760 |
|
38.3.4 Edit Remote Server Log Settings ..................................................................................... |
761 |
|
38.3.5 Log Category Settings Screen ......................................................................................... |
763 |
|
Chapter 39 |
|
|
File Manager .................................................................................................................................... |
766 |
|
39.1 |
Overview ..................................................................................................................................... |
766 |
39.1.1 What You Can Do in this Chapter ................................................................................... |
766 |
|
39.1.2 What you Need to Know .................................................................................................. |
766 |
|
39.2 |
The Configuration File Screen ................................................................................................... |
768 |
39.3 |
Firmware Management ........................................................................................................... |
773 |
39.3.1 Cloud Helper ..................................................................................................................... |
773 |
|
39.3.2 The Firmware Management Screen ............................................................................... |
775 |
|
39.3.3 Firmware Upgrade via USB Stick ...................................................................................... |
778 |
|
39.4 |
The Shell Script Screen .............................................................................................................. |
778 |
Chapter 40 |
|
|
Diagnostics ...................................................................................................................................... |
781 |
|
40.1 |
Overview ..................................................................................................................................... |
781 |
40.1.1 What You Can Do in this Chapter ................................................................................... |
781 |
|
40.2 |
The Diagnostics Screens ............................................................................................................ |
781 |
40.2.1 The Diagnostics Collect Screen ....................................................................................... |
782 |
|
40.2.2 The Diagnostics Collect on AP Screen ........................................................................... |
783 |
|
40.2.3 The Diagnostics Files Screen ............................................................................................ |
784 |
|
40.3 |
The Packet Capture Screen ...................................................................................................... |
785 |
40.3.1 The Packet Capture Files Screen .................................................................................... |
787 |
|
40.4 The CPU / Memory Status Screen ............................................................................................. |
788 |
|
40.5 |
The System Log Screen .............................................................................................................. |
790 |
40.6 |
The Remote Assistance Screen ................................................................................................. |
790 |
40.7 |
The Network Tool Screen ........................................................................................................... |
792 |
40.8 |
The Routing Traces Screen ........................................................................................................ |
794 |
40.9 |
The Wireless Frame Capture Screen ........................................................................................ |
795 |
40.9.1 The Wireless Frame Capture Files Screen ...................................................................... |
797 |
|
Chapter 41 |
|
|
Packet Flow Explore ....................................................................................................................... |
798 |
|
41.1 |
Overview ..................................................................................................................................... |
798 |
41.1.1 What You Can Do in this Chapter ................................................................................... |
798 |
|
41.2 |
The Routing Status Screen ......................................................................................................... |
798 |
41.3 |
The SNAT Status Screen .............................................................................................................. |
802 |
Chapter 42 |
|
|
Shutdown .......................................................................................................................................... |
|
805 |
|
ZyWALL ATP Series User’s Guide |
|
21
|
Table of Contents |
|
42.1 |
Overview ..................................................................................................................................... |
805 |
42.1.1 What You Need To Know ................................................................................................. |
805 |
|
42.2 The Shutdown Screen ................................................................................................................ |
805 |
|
Chapter 43 |
|
|
Troubleshooting................................................................................................................................ |
806 |
|
43.1 |
Resetting the Zyxel Device ........................................................................................................ |
818 |
43.2 |
Getting More Troubleshooting Help ......................................................................................... |
819 |
Appendix A Customer Support ..................................................................................................... |
820 |
|
Appendix B Product Features ........................................................................................................ |
826 |
|
Appendix C Legal Information ...................................................................................................... |
830 |
|
Index ................................................................................................................................................. |
|
838 |
ZyWALL ATP Series User’s Guide
22
PART I
23
CHAPTER 1
Zyxel Device refers to these models as outlined below.
•ATP200
•ATP500
•ATP800
Most screen shots in this guide come from the ATP200.
Note the following differences between the device models:
•ATP500 and ATP800 support Device HA Pro.
•Some interface names vary by model - see Table 13 on page 68 and Table 14 on page 68 for default port / interface name mapping. See Table 15 on page 69 for default interface / zone mapping.
See the product’s datasheet for detailed information on a specific model.
myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
•For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
•For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can register your device and activate the services at myZyxel.
You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
ZyWALL ATP Series User’s Guide
24
Chapter 1 Introduction
Figure 1 myZyxel Login
SecuReporter and service licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your license(s). New license(s) are valid for 1 year from the date of purchase.
These are some Zyxel Device application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
Figure 2 Applications: Security Router Applications: Security Router
ZyWALL ATP Series User’s Guide
25
Chapter 1 Introduction
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
Figure 3 Applications: IPv6 Routing
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
Figure 4 Applications: VPN Connectivity
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
ZyWALL ATP Series User’s Guide
26
Chapter 1 Introduction
Figure 5 SSL VPN With Full Tunnel Mode
|
|
|
|
|
|
|
|
|
|
|
LAN (192.168.1.X) |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||||||
https:// |
|
|
|
|
|
|
|
|
Web Mail File Share Non-Web |
|
|
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
Web-based Application Application Server |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in, so and cannot access either the Internet or the file server.
Figure 6 Applications: User-Aware Access Control
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Figure 7 Applications: Multiple WAN Interfaces
ZyWALL ATP Series User’s Guide
27
Chapter 1 Introduction
You can manage the Zyxel Device in the following ways.
Web Configurator
The Web Configurator allows easy Zyxel Device setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
Figure 8 Managing the Zyxel Device: Web Configurator
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the Zyxel Device. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
Table 1 Console Port Default Settings
SETTING |
VALUE |
|
|
Speed |
115200 bps |
|
|
Data Bits |
8 |
|
|
Parity |
None |
|
|
Stop Bit |
1 |
|
|
Flow Control |
Off |
|
|
FTP
Use File Transfer Protocol for firmware upgrades and configuration backup/restore.
SNMP
The device can be monitored and/or managed by an SNMP manager. See Section 37.11 on page 736.
ZyWALL ATP Series User’s Guide
28
Chapter 1 Introduction
CloudCNM
Use the CloudCNM screen (see Section 37.15 on page 747) to enable and configure management of the Zyxel Device by a Central Network Management system.
Management Authentication
Managers must be authenticated with a username and password, using one of:
•Local Zyxel Device authentication
•An external RADIUS server
•An external LDAP server
•Certificates
In order to use the Web Configurator, you must:
•Use one of the following web browser versions or later:
•Internet Explorer 10.x, 11.x
•Chrome latest version (45 or above)
•Firefox latest version (45 or above)
•Safari latest version (9.0 or above)
•Allow pop-up windows (blocked by default in some browsers)
•Enable JavaScripts, Java permissions, and cookies
The recommended screen resolution is 1024 x 768 pixels.
Note: Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Most screen shots in this guide come from the USG110 and USG60W.
1Make sure your Zyxel Device hardware is properly connected. See the Quick Start Guide.
2In your browser go to http://192.168.1.1. By default, the Zyxel Device automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
ZyWALL ATP Series User’s Guide
29
Chapter 1 Introduction
3Type the user name (default: “admin”) and password (default: “1234”).
4Click Login. After you log in for the first time using the default user name and password, you must change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.
In Configuration > Object > User/Group > Setting, you can enable Password Complexity to require a new password to consist of at least 8 characters and at most 64, where at least 1 character must be a number, at least 1 a lower case letter, at least 1 an upper case letter and at least 1 a special character from the keyboard, such as !@#$%^&*()_+. You can also require periodic changing of the password in that screen by configuring Password must changed every (days).
Make a note of your new password, enter it in the following screen, then click Apply.
5A Terms of Use screen displays. Read the statement, then click Acknowledge to proceed.
Note: If you are using an Internet Explorer browser, the Terms of Use will be downloaded automatically.
ZyWALL ATP Series User’s Guide
30