Zyxel USG100-PLUS User Manual [ru]

Quick Start Guide

ZyWALL USG Series

Unified Security Gateway

Version 3.30 Edition 2, 9/2013

User’s Guide

Default Login Details

LAN IP Address http://192.168.1.1 User Name admin Password 1234

www.zyxel.com

IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.

1.1 Overview

This guide covers the ZyWALL USG series and refers to all models as “ZyWALL”. Features and interface names vary by model. Key feature differences between ZyWALL models are as follows. Other features are common to all models although features may vary slightly by model. See the specific product’s datasheet for detailed specifications.

Table 1 Model-Specific Features

Dual Personality Interfaces (1000Base-T/mini-GBIC combo ports) 2000

Dual Internal Buses for Gigabit Interfaces 2000

A. Reserved for future use.

CHAPTER 1

Introduction

FEATURE ZYWALL USG

Application Patrol 50, 100, 100-PLUS, 200, 300,

Anti-Virus 50, 100, 100-PLUS, 200, 300,

Intrusion, Protection and Detection 50, 100, 100-PLUS, 200, 300,

Two Ethernet WAN Ports 50, 100, 100-PLUS

Two Plus Ethernet WAN Ports 200, 300, 1000, 2000

WiFi (embedded or optional card) 20W, 300, 100, 200

Rack-mounting 50, 100, 100-PLUS, 200, 300,

Wall-mounting 20, 20W

Dual Power Modules 2000

Security Extender Module Slot 2000

Hard Disk Slot

Device High Availability 100, 200, 300, 1000, 2000

Auxiliary Port 100, 200, 300, 1000, 2000

1000, 2000

2000

1.1.1 Key Applications

Here are some ZyWALL application scenarios. The following chapters have configuration tutorials.

Security Router

Security features include a stateful inspection firewall, intrusion, detection & prevention, anomaly detection & prevention, content filtering, anti-virus, and anti-spam.

ZyWALL USG 20-2000 User’s Guide 5

Chapter 1 Introduction

OTP PIN

SafeWord 2008 Authentication Server

File

Web-based

Server

Application

*****

Figure 1 Applications: Security Router

IPv6 Routing

The ZyWALL supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The ZyWALL can also route IPv6 packets through IPv4 networks using different tunneling methods.

Figure 2 Applications: IPv6 Routing

VPN Connectivity

Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also purchase the ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins.

Figure 3 Applications: VPN Connectivity

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Web Mail File Share

Web-based Application

https://

Application Server

Non-Web

LAN (192.168.1.X)

SSL VPN Network Access

SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the ZyWALL’s web address and enters his user name and password to securely connect to the ZyWALL’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.

Figure 4 SSL VPN With Full Tunnel Mode

User-Aware Access Control

Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in and cannot access either.

Figure 5 Applications: User-Aware Access Control

Load Balancing

Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.

Figure 6 Applications: Multiple WAN Interfaces

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Physical Ports

Interfaces

Zones LAN

P1 P2 P3 P4 P5 P6 P7

ge1 ge2 ge3 ge6

WAN

ge7

ge4 ge5

DMZ

ge8

USG 2000

Physical Ports

Interfaces

P1 P2 P3 P4 P5

ge1 ge2 ge3 ge5

ge4

USG 1000

Zones LAN WAN DMZ

Physical Ports

Interfaces

P1 P2 P3 P4 P5 P6

ge1 ge2 ge3

ge6

WLAN

ge4 ge5

USG 300

Zones LAN WAN DMZ

Physical Ports

Interfaces

Zones

ext-wlan

USG 200

LAN1

lan1

LAN2

lan2

WAN

wan1 wan2

P1 P2 P3 P4 P5 P6

WLAN DMZ

dmz

OPT

opt

1.2 Default Zones, Interfaces, and Ports

The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “ge2” or” ge3”.

Figure 7 Zones, Interfaces, and Physical Ethernet Ports

Configure the ZyWALL USG 200’s OPT (optional) Gigabit Ethernet port as a third WAN port, an additional LAN1, WLAN, or DMZ port or a separate network.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Physical Ports

Interfaces

Zones

ext-wlan

USG 100

LAN1

lan1

LAN2

lan2

WAN

wan1 wan2

P1 P2 P3 P4 P5 P6

WLAN DMZ

dmz

Physical Ports

Interfaces

Zones LAN1 DMZ

lan1 dmz

LAN2

lan2

WAN

wan1 wan2

USG 50

P1 P2 P3 P4 P5 P6

Physical Ports

Interfaces

Zones LAN1 DMZ

lan1 dmz

LAN2

lan2

WAN

wan1 wan2

USG 100

P1 P2 P3 P4 P5 P6

PLUS

Physical Ports

Interfaces

Zones

USG 20/20W

LAN1 DMZ

lan1 dmz

LAN2

lan2

P1 P2 P3 P4 P5

WAN

wan1

1.3 Management Overview

ZyWALL USG 20-2000 User’s Guide

You can manage the ZyWALL in the following ways.

Web Configurator

The Web Configurator allows easy ZyWALL setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.

Chapter 1 Introduction

Figure 8 Managing the ZyWALL: Web Configurator

Command-Line Interface (CLI)

The CLI allows you to use text-based commands to configure the ZyWALL. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:

Table 2 Console Port Default Settings

SETTING VALUE

Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off

Vantage CNM

The browser-based Vantage CNM (Centralized Network Management) global management tool lets administrators to manage multiple devices. Use the System > Vantage CNM screen to allow your ZyWALL to be managed by the Vantage CNM server. See the Vantage CNM User’s Guide for details.

1.4 Web Configurator

In order to use the Web Configurator, you must:

• Use one of the following web browser versions or later: Internet Explorer 7, Firefox 3.5, Chrome

9.0, Opera 10.0, Safari 4.0

• Allow pop-up windows (blocked by default in Windows XP Service Pack 2)

• Enable JavaScripts, Java permissions, and cookies

The recommended screen resolution is 1024 x 768 pixels.

1.4.1 Web Configurator Access

1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

2 In your browser go to http://192.168.1.1. By default, the ZyWALL automatically routes this request

to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.

3 Type the user name (default: “admin”) and password (default: “1234”).

If you have a OTP (One-Time Password) token generate a number and enter it in the One-Time Password field. The number is only good for one login. You must use the token to generate a new number the next time you log in.

4 Click Login. If you logged in using the default user name and password, the Update Admin Info

screen appears. Otherwise, the dashboard appears.

5 The Network Risk Warning screen displays any unregistered or disabled security services. Select

how often to display the screen and click OK.

6 Follow the directions in the Update Admin Info screen. If you change the default password, the

opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

1.4.2 Web Configurator Screens Overview

The Web Configurator screen is divided into these parts (as illustrated on page 11):

• A - title bar

• B - navigation panel

• C - main window

Title Bar

Figure 9 Title Bar

The title bar icons in the upper right corner provide the following functions.

Table 3 Title Bar: Web Configurator Icons

LABEL DESCRIPTION

Logout Click this to log out of the Web Configurator. Help Click this to open the help page for the current screen. About Click this to display basic information about the ZyWALL. Site Map Click this to see an overview of links to the Web Configurator screens. Object Reference Click this to check which configuration items reference an object. Console Click this to open a Java-based console window from which you can run command line

interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.

CLI Click this to open a popup window that displays the CLI commands sent by the Web

Configurator to the ZyWALL.

1.4.3 Navigation Panel

Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the ZyWALL’s navigation panel menus and their screens.

Figure 10 Navigation Panel

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Dashboard

The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See the Web Help for details on the dashboard.

Monitor Menu

The monitor menu screens display status and statistics information.

Table 4 Monitor Menu Screens Summary

FOLDER OR LINK TAB FUNCTION

System Status

Port Statistics Displays packet statistics for each physical port. Interface

Status Traffic

Statistics Session

Monitor DDNS Status Displays the status of the ZyWALL’s DDNS domain names. IP/MAC Binding Lists the devices that have received an IP address from ZyWALL interfaces using

Login Users Lists the users currently logged into the ZyWALL. WLAN Status Displays the connection status of the ZyWALL’s wireless clients. Cellular Status Displays details about the ZyWALL’s 3G connection status. USB Storage Displays details about USB device connected to the ZyWALL.

AppPatrol Statistics

VPN Monitor

IPSec Displays and manages the active IPSec SAs. SSL Lists users currently logged into the VPN SSL client portal. You can also log out

L2TP over IPSec

Anti-X Statistics

Anti-Virus Collect and display statistics on the viruses that the ZyWALL has detected. IDP Collect and display statistics on the intrusions that the ZyWALL has detected. Content Filter Report Collect and display content filter statistics

Cache Manage the ZyWALL’s URL cache.

Anti-Spam Report Collect and display spam statistics.

Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL

Log Lists log entries.

Displays general interface information and packet statistics.

Collect and display traffic statistics.

Displays the status of all current sessions.

IP/MAC binding.

Displays bandwidth and protocol statistics.

individual users and delete related session information. Displays details about current L2TP sessions.

(Domain Name Service-based spam Black List) statistics.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Configuration Menu

Use the configuration menu screens to configure the ZyWALL’s features.

Table 5 Configuration Menu Screens Summary

FOLDER OR LINK TAB FUNCTION

Quick Setup Quickly configure WAN interfaces or VPN connections. Licensing

Registration Registration Register the device and activate trial services.

Signature Update

Network

Interface Port Grouping Configure physical port groups.

Routing Policy Route Create and manage routing policies.

Zone Configure zones used to define various policies. DDNS Profile Define and manage the ZyWALL’s DDNS domain names. NAT Set up and manage port forwarding rules. HTTP Redirect Set up and manage HTTP redirection rules. ALG Configure SIP, H.323, and FTP pass-through settings. IP/MAC

Binding

DNS Inbound LBDNS Load

Auth. Policy Define rules to force user authentication. Firewall Firewall Create and manage level-3 traffic rules.

Service View the licensed service status and upgrade licensed services. Anti-Virus Update anti-virus signatures immediately or by a schedule. IDP/AppPatrol Update IDP signatures immediately or by a schedule. System Protect View system-protect signatures status.

Port Role Use this screen to set the ZyWALL’s flexible ports as LAN1, WLAN,

or DMZ. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. PPP Create and manage PPPoE and PPTP interfaces. Cellular Configure a cellular Internet connection for an installed 3G card. Tunnel Configure tunneling between IPv4 and IPv6 networks. WLAN Configure settings for an installed wireless LAN card. VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. Bridge Create and manage bridges and virtual bridge interfaces. Auxiliary Manage the AUX port. Trunk Create and manage trunks (groups of interfaces) for load balancing

and link High Availability (HA).

Static Route Create and manage IP static routing information. RIP Configure device-level RIP settings. OSPF Configure device-level OSPF settings, including areas and virtual

links.

Summary Configure IP to MAC address bindings for devices connected to

each supported interface. Exempt List Configure ranges of IP addresses to which the ZyWALL does not

apply IP/MAC binding.

Configure DNS Load Balancing. Balancing

Session Limit Limit the number of concurrent client NAT/firewall sessions.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Table 5 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

VPN

IPSec VPN VPN Connection Configure IPSec tunnels.

VPN Gateway Configure IKE tunnels. Concentrator Combine IPSec VPN connections into a single secure network Configuration

Provisioning

SSL VPN Access Privilege Configure SSL VPN access rights for users and groups.

Global Setting Configure the ZyWALL’s SSL VPN settings that apply to all

L2TP VPN L2TP VPN Configure L2TP over IPSec tunnels.

AppPatrol General Enable or disable traffic management by application and see

Query Manage traffic management by application. Other Manage other kinds of traffic.

BWM BWM Enable and configure bandwidth management rules. Anti-X

Anti-Virus General Turn anti-virus on or off, set up anti-virus policies and check the

Black/White List Set up anti-virus black (blocked) and white (allowed) lists of virus

Signature Search for signatures by signature name or attributes and

IDP General Display and manage IDP bindings.

Profile Create and manage IDP profiles. Custom Signatures Create, import, or export custom signatures.

ADP General Display and manage ADP bindings.

Profile Create and manage ADP profiles.

Content Filter General Create and manage content filter policies.

Filter Profile Create and manage the detailed filtering rules for content filtering

Trusted Web Sites Create a list of allowed web sites that bypass content filtering

Forbidden Web Sites

Anti-Spam General Turn anti-spam on or off and manage anti-spam policies.

Mail Scan Configure e-mail scanning details. Black/White List Set up a black list to identify spam and a white list to identify

DNSBL Have the ZyWALL check e-mail against DNS Black Lists.

Set who can retrieve VPN rule settings from the ZyWALL using the

ZyWALL IPSec VPN Client.

connections.

registration and signature information.

anti-virus engine type and the anti-virus license and signature

status.

file patterns.

configure how the ZyWALL uses them.

policies.

Create a list of web sites to block regardless of content filtering

policies.

legitimate e-mail.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Table 5 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Device HA General Configure device HA global settings, and see the status of each

Object

User/Group User Create and manage users.

Address Address Create and manage host, range, and network (subnet) addresses.

Service Service Create and manage TCP and UDP services.

Schedule Schedule Create one-time and recurring schedules. AAA Server Active Directory Configure the Active Directory settings.

Auth. Method Authentication

Certificate My Certificates Create and manage the ZyWALL’s certificates.

ISP Account ISP Account Create and manage ISP account information for PPPoE/PPTP

SSL Application Create SSL web application objects. Endpoint

Security DHCPv6 Request Configure IPv6 DHCP request type and interface information.

System

Host Name Configure the system and domain name for the ZyWALL. USB Storage Settings Configure the settings for the connected USB devices. Date/Time Configure the current date, time, and time zone in the ZyWALL. Console Speed Set the console speed. DNS Configure the DNS server and address records for the ZyWALL. WWW Service Control Configure HTTP, HTTPS, and general authentication.

SSH Configure SSH server and SSH service settings. TELNET Configure telnet server settings for the ZyWALL. FTP Configure FTP server settings. SNMP Configure SNMP communities and services.

interface monitored by device HA. Active-Passive

Mode Legacy Mode Configure legacy mode device HA for use with ZyWALLs that

Group Create and manage groups of users. Setting Manage default settings for all users, general settings for user

Address Group Create and manage groups of addresses.

Service Group Create and manage groups of services.

LDAP Configure the LDAP settings. RADIUS Configure the RADIUS settings.

Method

Trusted Certificates Import and manage certificates from trusted sources.

Lease Configure IPv6 DHCP lease type and interface information.

Configure active-passive mode device HA.

already have device HA setup using a firmware version earlier than

2.10.

sessions, and rules to force user authentication.

Create and manage ways of authenticating users.

interfaces.

Create Endpoint Security (EPS) objects.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Table 5 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Dial-in Mgmt. Configure settings for an out of band management connection

through a modem connected to the AUX port.

Vantage CNM Configure and allow your ZyWALL to be managed by the Vantage

CNM server.

Language Select the Web Configurator language. IPv6 Enable IPv6 globally on the ZyWALL here.

Log & Report

Email Daily Report

Log Setting Configure the system log, e-mail logs, and remote syslog servers.

Configure where and how to send daily reports and what reports to

send.

Maintenance Menu

Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the ZyWALL.

Table 6 Maintenance Menu Screens Summary

FOLDER OR LINK

File Manager

Diagnostics Diagnostic Collect diagnostic information.

Packet Flow Explore

Reboot Restart the ZyWALL. Shutdown Turn off the ZyWALL.

TAB FUNCTION

Configuration File Manage and upload configuration files for the ZyWALL. Firmware Package View the current firmware version and to upload firmware. Shell Script Manage and run shell script files for the ZyWALL.

Packet Capture Capture packets for analysis. System Log Connect a USB device to the ZyWALL and archive the ZyWALL system logs

to it here. Routing Status Check how the ZyWALL determines where to route a packet. SNAT Status View a clear picture on how the ZyWALL converts a packet’s source IP

address and check the related settings.

1.4.4 Tables and Lists

Web Configurator tables and lists are flexible with several options for how to display their entries.

Click a column heading to sort the table’s entries according to that column’s criteria.

Figure 11 Sorting Table Entries by a Column’s Criteria

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:

• Sort in ascending or descending (reverse) alphabetical order

• Select which columns to display

• Group entries by field

• Show entries in groups

• Filter by mathematical operators (<, >, or =) or searching for text Figure 12 Common Table Column Options

Select a column heading cell’s right border and drag to re-size the column.

Figure 13 Resizing a Table Column

Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.

Figure 14 Moving Columns

Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Figure 15 Navigating Pages of Table Entries

The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.

Figure 16 Common Table Icons

Here are descriptions for the most common table icons.

Table 7 Common Table Icons

LABEL DESCRIPTION

Add Click this to create a new entry. For features where the entry’s position in the numbered list is

Edit Double-click an entry or select it and click Edit to open a screen where you can modify the

Remove To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it

Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Connect To connect an entry, select it and click Connect. Disconnect To disconnect an entry, select it and click Disconnect. Object

References Move To change an entry’s position in a numbered list, select it and click Move to display a field to

important (features where the ZyWALL applies the table’s entries in order like the firewall for example), you can select an entry and click Add to create a new entry after the selected entry.

entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied.

before doing so.

Select an entry and click Object References to check which settings use the entry.

type a number for where you want to put that entry and press [ENTER] to move the entry to the number that you typed. For example, if you type 6, the entry you are moving becomes number 6 and the previous entry 6 (if there is one) gets pushed up (or down) one.

Working with Lists

When a list of available entries displays next to a list of selected entries, you can often just doubleclick an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Figure 17 Working with Lists

1.5 Stopping the ZyWALL

Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power. Not doing so can cause the firmware to become corrupt.

1.6 Rack-mounting

See Table 1 on page 5 for the ZyWALL USG models that can be rack mounted. Use the following steps to mount the ZyWALL on an EIA standard size, 19-inch rack or in a wiring closet with other equipment using a rack-mounting kit. Make sure the rack will safely support the combined weight of all the equipment it contains and that the position of the ZyWALL does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.

Note: Leave 10 cm of clearance at the sides and 20 cm in the rear.

Use a #2 Phillips screwdriver to install the screws.

Note: Failure to use the proper screws may damage the unit.

1 Align one bracket with the holes on one side of the ZyWALL and secure it with the included bracket

screws (smaller than the rack-mounting screws).

2 Attach the other bracket in a similar fashion.

3 After attaching both mounting brackets, position the ZyWALL in the rack and up the bracket holes

with the rack holes. Secure the ZyWALL to the rack with the rack-mounting screws.

ZyWALL USG 20-2000 User’s Guide

1.7 Wall-mounting

See Table 1 on page 5 for the ZyWALL USG models that can be wall-mounted. Do the following to attach your ZyWALL to a wall.

Chapter 1 Introduction

1 Screw two screws with 6 mm ~ 8 mm (0.24" ~ 0.31") wide heads into the wall 150 mm apart (see

the figure in step 2). Do not screw the screws all the way in to the wall; leave a small gap between the head of the screw and the wall.

The gap must be big enough for the screw heads to slide into the screw slots and the connection cables to run down the back of the ZyWALL.

Note: Make sure the screws are securely fixed to the wall and strong enough to hold the

weight of the ZyWALL with the connection cables.

2 Use the holes on the bottom of the ZyWALL to hang the ZyWALL on the screws.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

USG 20W

USG 2000 USG 1000

USG 300

Wall-mount the ZyWALL horizontally. The ZyWALL's side panels with ventilation slots should not be facing up or down as this position is less safe.

1.8 Front Panel

This section introduces the ZyWALL’s front panel.

Figure 18 ZyWALL Front Panel

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

USG 200

USG 100

USG 100 PLUS

USG 50

USG 20W

USG 20

1.8.1 Dual Personality Interfaces

A dual personality interface is a 1000Base-T/mini-GBIC combo port. For each interface you can connect either to the 1000Base-T port or the mini-GBIC port. The mini-GBIC port has priority over the 1000Base-T port so the 1000Base-T port is disabled if both are connected at the same time.

1000Base-T Ports

The 1000Base-T auto-negotiating, auto-crossover Ethernet ports support 100/1000 Mbps Gigabit Ethernet so the speed can be 100 Mbps or 1000 Mbps. The duplex mode is full at 1000 Mbps and half or full at 100 Mbps. An auto-negotiating port can detect and adjust to the optimum Ethernet speed (100/1000 Mbps) and duplex mode (full duplex or half duplex) of the connected device. An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable. The factory default negotiation settings for the Ethernet ports on the ZyWALL are speed: auto, duplex: auto, and flow control: on (you cannot configure the flow control setting, but the ZyWALL can negotiate with the peer and turn it off if needed)

Mini-GBIC Slots

These are slots for Small Form-Factor Pluggable (SFP) transceivers (not included). A transceiver is a single unit that houses a transmitter and a receiver. Use a transceiver to connect a fiber-optic cable to the ZyWALL. Use transceivers that comply with the Small Form-Factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

1.0 for details. You can change transceivers while the ZyWALL is operating. You can use different transceivers to connect to devices with different types of fiber-optic connectors.

• Type: SFP connection interface

• Connection speed: 1 Gigabit per second (Gbps)

Transceiver and Fiber-optic Cable Installation

Use the following steps to install a mini GBIC transceiver (SFP module).

1 Insert the transceiver into the slot with the exposed section of

PCB board facing down.

To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors or fiber-optic cable.

2 Press the transceiver firmly until it clicks into place.

3 Push the end of the fiber-optic cable firmly into the

transceiver until it locks into place. When the other end of the fiber-optic cable is connected, check the LEDs to verify the link status.

Fiber-optic Cable and T ransceiver Removal

Use the following steps to remove a mini GBIC transceiver (SFP module).

1 Press down on the top of the fiber-optic cable where it

connects to the transceiver to release it. Then pull the fiberoptic cable out.

ZyWALL USG 20-2000 User’s Guide

2 Open the transceiver’s latch (latch styles vary).

3 Pull the transceiver out of the slot.

1.8.2 Maximizing Throughput

A ZyWALL USG with dual internal buses (see Table 1 on page 5) for Gigabit interfaces has one internal bus for ports P1-P7 and another for port P8. To maximize the ZyWALL’s throughput, use P8 for your connection with the most traffic.

Figure 19 Gigabit Interfaces and Internal Buses

Chapter 1 Introduction

Some ZyWALLs (see Table 1 on page 5) let you add an optional Security Extension Module (SEM) to enhance the VPN or VPN and Unified Threat Management (UTM) capabilities.

Figure 20 Security Extension Module

• The VPN module (SEM-VPN) increases the maximum VPN throughput from 100 Mbps to 500 Mbps, the maximum number of IPSec VPN tunnels from 1,000 to 2,000 and the maximum number of SSL VPN users from 250 (with a license) to 750 (with a license).

• The SEM-DUAL module provides the VPN performance enhancements and increases the maximum anti-virus and IDP traffic throughput from 100 Mbps to 400 Mbps.

1.8.3 Front Panel LEDs

The following tables describe the LEDs.

Table 8 ZyWALL USG 20 ~ USG 1000 Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR Off The ZyWALL is turned off.

Green On The ZyWALL is turned on. Red On There is a hardware component failure. Shut down the device, wait for a few

minutes and then restart the device (see Section 1.5 on page 20). If the LED turns red again, then please contact your vendor.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Table 8 ZyWALL USG 20 ~ USG 1000 Front Panel LEDs (continued)

LED COLOR STATUS DESCRIPTION

SYS Green Off The ZyWALL is not ready or has failed.

AUX Green Off The AUX port is not connected.

1, 2 ... Green Off There is no traffic on this port.

USB Green Off No device is connected to the ZyWALL’s USB port or the connected device is

WLAN Green Off The wireless function is disabled on the ZyWALL.

P1~P5 Green Off There is no traffic on this port.

Card1,2 Green Off There is no card in the slot.

On The ZyWALL is ready and running. Blinking The ZyWALL is booting.

Red On The ZyWALL had an error or has failed.

Flashing The AUX port is sending or receiving packets. On The AUX port is connected.

Blinking The ZyWALL is sending or receiving packets on this port.

Orange Off There is no connection on this port.

On This port has a successful link.

not supported by the ZyWALL.

On A 3G USB card or USB storage device is connected to the USB port.

Orange On Connected to a 3G network through the connected 3G USB card.

On The wireless function is enabled on the ZyWALL.

Blinking The ZyWALL is sending or receiving packets on this port.

Orange Off There is no connection on this port.

On This port has a successful link.

On There is a card in the slot. Flashing The card in the slot is sending or receiving traffic.

Table 9 ZyWALL USG 2000 Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR1, PWR2

SYS Off The ZyWALL is turned off.

AUX Off The AUX port is not connected.

Green On The power module is operating. Red On The power module has malfunctioned. Turn the power module off, wait a few

Green On The ZyWALL is ready and operating normally.

Red On The ZyWALL is malfunctioning.

Orange On The AUX port has a dial-in management connection.

Green On The AUX port has a dial backup connection.

Off Both power modules are turned off, not receiving power, or not functioning.

minutes, and turn the power module back on (see Section 1.5 on page 20). If the LED shines red again, then please contact your vendor.

Flashing The ZyWALL is self-testing.

Flashing The AUX port is sending or receiving packets for the dial-in management

connection.

Flashing The AUX port is sending or receiving packets for the dial backup connection.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

Table 9 ZyWALL USG 2000 Front Panel LEDs (continued)

LED COLOR STATUS DESCRIPTION

CARD Green Off Reserved for future use. There is no card in the CARD SLOT.

On There is a card in the CARD SLOT.

HDD This LED is reserved for future use. P1~P8 Green Off There is no traffic on this port.

Flashing The ZyWALL is sending or receiving packets on this port.

Orange Off There is no connection on this port.

On This port has a successful link.

LNK Orange Off The Ethernet link is down.

On The Ethernet link is up.

ACT Green Off The system is not transmitting/receiving Ethernet traffic.

Blinking The system is transmitting/receiving Ethernet traffic.

ZyWALL USG 20-2000 User’s Guide

Chapter 1 Introduction

ZyWALL USG 20-2000 User’s Guide

CHAPTER 2

How to Set Up Your Network

Here are examples of using the Web Configurator to set up your network in the ZyWALL.

Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator, see Section 1.4 on page 10 for details. For field descriptions of individual screens, see the Web Configurator Online Help.

• Wizard Overview on page 29

• How to Configure Interfaces, Port Roles, and Zones on page 29

• How to Configure a Cellular Interface on page 32

• How to Set Up a Wireless LAN on page 34

• How to Configure Ethernet, PPP, VLAN, Bridge and Policy Routing on page 37

• How to Set Up IPv6 Interfaces For Pure IPv6 Routing on page 38

• How to Set Up an IPv6 6to4 Tunnel on page 44

• How to Set Up an IPv6-in-IPv4 Tunnel on page 48

2.1 Wizard Overview

Use the wizards to quickly configure Internet connection and VPN settings as well as activate subscription services.

WIZARD DESCRIPTION

Installation Setup Wizard Use this wizard the first time log into the Web Configurator to configure WAN

Quick Setup You can find the following wizards in the CONFIGURATION navigation panel.

WAN Interface Use these wizard screens to quickly configure a WAN interface’s encapsulation

VPN Setup Use these wizard screens to quickly configure an IPSec VPN or IPSec VPN

After you complete a wizard, you can go to the CONFIGURATION screens to configure advanced settings.

connections and register your ZyWALL.

and IP address settings.

configuration provisioning.

2.2 How to Configure Interfaces, Port Roles, and Zones

This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration.

ZyWALL USG 20-2000 User’s Guide 29

Chapter 2 How to Set Up Your Network

•The wan1 interface uses a static IP address of 1.2.3.4.

•Add P5 (lan2) to the DMZ interface (Note: In USG 20/20W, use P4 (lan2) instead of P5 in this example). The DMZ interface is used for a protected local network. It uses IP address

192.168.3.1 and serves as a DHCP server by default.

• You want to be able to apply specific security settings for the VPN tunnel created by the Quick Setup - VPN Setup wizard (named WIZ_VPN). So you create a new zone and add WIZ_VPN to it.

Figure 21 Ethernet Interface, Port Roles, and Zone Configuration Example

2.2.1 Configure a WAN Ethernet Interface

You need to assign the ZyWALL’s wan1 interface a static IP address of 1.2.3.4.

Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface’s entry in the Configuration section. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK.

ZyWALL USG 20-2000 User’s Guide

+ 120 hidden pages

Zyxel USG100-PLUS User Manual [ru]

Contents

1.1 Overview

Introduction

1.1.1 Key Applications

1.2 Default Zones, Interfaces, and Ports

1.3 Management Overview

1.4 Web Configurator

1.4.1 Web Configurator Access

1.4.2 Web Configurator Screens Overview

1.4.3 Navigation Panel

1.4.4 Tables and Lists

1.5 Stopping the ZyWALL

1.6 Rack-mounting

1.7 Wall-mounting

1.8 Front Panel

1.8.1 Dual Personality Interfaces

1.8.2 Maximizing Throughput

1.8.3 Front Panel LEDs

How to Set Up Your Network

2.1 Wizard Overview

2.2 How to Configure Interfaces, Port Roles, and Zones

2.2.1 Configure a WAN Ethernet Interface