ZyWALL USG Series
Unified Security Gateway
Version 3.30
Edition 2, 9/2013
Quick Start Guide
User’s Guide
Default Login Details
LAN IP Address |
http://192.168.1.1 |
|
|
User Name |
admin |
Passwordwww.zyxel.com 1234
Copyright © 2013 ZyXEL Communications Corporation
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the ZyWALL and access the Web Configurator wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL.
Note: It is recommended you use the Web Configurator to configure the ZyWALL.
• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and supplementary information.
2 |
|
ZyWALL USG 20-2000 User’s Guide |
|
|
|
Contents
Introduction........................................................................................................................................... |
5 |
|
1.1 |
Overview ............................................................................................................................................. |
5 |
1.2 |
Default Zones, Interfaces, and Ports ................................................................................................... |
8 |
1.3 |
Management Overview ....................................................................................................................... |
9 |
1.4 |
Web Configurator .............................................................................................................................. |
10 |
1.5 |
Stopping the ZyWALL ....................................................................................................................... |
20 |
1.6 |
Rack-mounting .................................................................................................................................. |
20 |
1.8 |
Front Panel ........................................................................................................................................ |
22 |
How to Set Up Your Network ............................................................................................................. |
29 |
|
2.1 |
Wizard Overview ............................................................................................................................... |
29 |
2.2 |
How to Configure Interfaces, Port Roles, and Zones ........................................................................ |
29 |
2.3 |
How to Configure a Cellular Interface ............................................................................................... |
32 |
2.4 |
How to Set Up a Wireless LAN ......................................................................................................... |
34 |
2.5 |
How to Configure Ethernet, PPP, VLAN, Bridge and Policy Routing ................................................ |
37 |
2.6 |
How to Set Up IPv6 Interfaces For Pure IPv6 Routing ..................................................................... |
38 |
2.7 |
How to Set Up an IPv6 6to4 Tunnel .................................................................................................. |
44 |
2.8 |
How to Set Up an IPv6-in-IPv4 Tunnel ............................................................................................. |
48 |
Protecting Your Network.................................................................................................................... |
53 |
|
3.1 |
Firewall .............................................................................................................................................. |
53 |
3.2 |
User-aware Access Control .............................................................................................................. |
54 |
3.3 |
Endpoint Security (EPS) ................................................................................................................... |
55 |
3.4 |
Device and Service Registration ....................................................................................................... |
55 |
3.5 |
Anti-Virus Policy Configuration .......................................................................................................... |
56 |
3.6 |
IDP Profile Configuration ................................................................................................................... |
58 |
3.7 |
ADP Profile Configuration ................................................................................................................. |
59 |
3.8 |
Content Filter Profile Configuration ................................................................................................... |
61 |
3.9 |
Viewing Content Filter Reports ......................................................................................................... |
63 |
3.10 Anti-Spam Policy Configuration ....................................................................................................... |
66 |
|
Create Secure Connections Across the Internet ............................................................................. |
69 |
|
4.1 |
IPSec VPN ........................................................................................................................................ |
69 |
4.2 |
VPN Concentrator Example .............................................................................................................. |
71 |
4.3 |
Hub-and-spoke IPSec VPN Without VPN Concentrator ................................................................... |
73 |
4.4 |
ZyWALL IPSec VPN Client Configuration Provisioning .................................................................... |
75 |
4.5 SSL VPN ........................................................................................................................................... |
77 |
|
4.6 |
L2TP VPN with Android, iOS, and Windows ..................................................................................... |
79 |
4.7 |
One-Time Password Version 2 (OTPv2) ........................................................................................... |
92 |
Managing Traffic ................................................................................................................................ |
95 |
ZyWALL USG 20-2000 User’s Guide
3 |
Contents |
|
|
5.1 |
How to Configure Bandwidth Management ....................................................................................... |
95 |
5.2 |
How to Configure a Trunk for WAN Load Balancing ....................................................................... |
102 |
5.3 |
How to Use Multiple Static Public WAN IP Addresses for LAN-to-WAN Traffic .............................. |
104 |
5.4 |
How to Use Device HA to Backup Your ZyWALL ............................................................................ |
105 |
5.5 |
How to Configure DNS Inbound Load Balancing ............................................................................ |
110 |
5.6 |
How to Allow Public Access to a Web Server ................................................................................. |
112 |
5.7 |
How to Manage Voice Traffic .......................................................................................................... |
114 |
5.8 |
How to Limit Web Surfing and MSN to Specific People .................................................................. |
120 |
Maintenance ...................................................................................................................................... |
125 |
|
6.1 |
How to Allow Management Service from WAN ............................................................................... |
125 |
6.2 |
How to Use a RADIUS Server to Authenticate User Accounts based on Groups .......................... |
128 |
6.3 |
How to Use SSH for Secure Telnet Access .................................................................................... |
129 |
6.4 |
How to Manage ZyWALL Configuration Files ................................................................................. |
130 |
6.5 |
How to Manage ZyWALL Firmware ................................................................................................ |
131 |
6.6 |
How to Download and Upload a Shell Script .................................................................................. |
132 |
6.7 |
How to Change a Power Module .................................................................................................... |
133 |
6.8 |
How to Save System Logs to a USB Storage Device ..................................................................... |
135 |
6.9 |
How to Get the ZyWALL’s Diagnostic File ....................................................................................... |
138 |
6.10 How to Capture Packets on the ZyWALL ...................................................................................... |
139 |
|
6.11 How to Use Packet Flow Explore for Troubleshooting .................................................................. |
143 |
|
Appendix |
A Legal Information.......................................................................................................... |
145 |
4 |
ZyWALL USG 20-2000 User’s Guide
1
This guide covers the ZyWALL USG series and refers to all models as “ZyWALL”. Features and interface names vary by model. Key feature differences between ZyWALL models are as follows. Other features are common to all models although features may vary slightly by model. See the specific product’s datasheet for detailed specifications.
Table 1 Model-Specific Features
FEATURE |
ZYWALL USG |
Application Patrol |
50, 100, 100-PLUS, 200, 300, |
|
1000, 2000 |
|
|
Anti-Virus |
50, 100, 100-PLUS, 200, 300, |
|
1000, 2000 |
|
|
Intrusion, Protection and Detection |
50, 100, 100-PLUS, 200, 300, |
|
1000, 2000 |
|
|
Two Ethernet WAN Ports |
50, 100, 100-PLUS |
|
|
Two Plus Ethernet WAN Ports |
200, 300, 1000, 2000 |
|
|
WiFi (embedded or optional card) |
20W, 300, 100, 200 |
|
|
Dual Personality Interfaces (1000Base-T/mini-GBIC combo ports) |
2000 |
|
|
Dual Internal Buses for Gigabit Interfaces |
2000 |
|
|
Rack-mounting |
50, 100, 100-PLUS, 200, 300, |
|
1000, 2000 |
|
|
Wall-mounting |
20, 20W |
|
|
Dual Power Modules |
2000 |
|
|
Security Extender Module Slot |
2000 |
|
|
Hard Disk SlotA |
2000 |
Device High Availability |
100, 200, 300, 1000, 2000 |
|
|
Auxiliary Port |
100, 200, 300, 1000, 2000 |
|
|
A.Reserved for future use.
Here are some ZyWALL application scenarios. The following chapters have configuration tutorials.
Security Router
Security features include a stateful inspection firewall, intrusion, detection & prevention, anomaly detection & prevention, content filtering, anti-virus, and anti-spam.
ZyWALL USG 20-2000 User’s Guide
5 |
Chapter 1 Introduction
Figure 1 Applications: Security Router
IPv6 Routing
The ZyWALL supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The ZyWALL can also route IPv6 packets through IPv4 networks using different tunneling methods.
Figure 2 Applications: IPv6 Routing
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also purchase the ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins.
Figure 3 Applications: VPN Connectivity
*****
OTP PIN
SafeWord 2008
Authentication Server
File |
Web-based |
|
Server |
Server |
Application |
6 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the ZyWALL’s web address and enters his user name and password to securely connect to the ZyWALL’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
Figure 4 SSL VPN With Full Tunnel Mode
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LAN (192.168.1.X) |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Web Mail File Share Non-Web |
|
|
|||||||||||||||||||||||||||||||||||||||||||
https:// |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Web-based Application Application Server |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in and cannot access either.
Figure 5 Applications: User-Aware Access Control
A
B
C
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Figure 6 Applications: Multiple WAN Interfaces
ZyWALL USG 20-2000 User’s Guide
7 |
Chapter 1 Introduction
The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “ge2” or” ge3”.
Figure 7 Zones, Interfaces, and Physical Ethernet Ports
Zones |
WAN |
DMZ |
|
|
|
|
Interfaces |
|
|
ge7 |
ge8 |
||
USG 2000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Physical Ports |
|
|
|
|
|
|
P1 P2 P3 |
P4 P5 P6 |
P7 |
P8 |
Zones |
LAN |
WAN |
DMZ |
|
USG 1000 Interfaces |
|
|
|
|
|
|
|
|
|
Physical Ports |
P1 |
P2 |
P3 P4 P5 |
Zones |
LAN |
WAN |
DMZ |
WLAN |
|
Interfaces |
|
|
|
|
|
USG 300 |
|
|
|
|
|
|
|
|
|
|
|
Physical Ports |
|
|
P3 |
P4 P5 |
P6 |
P1 P2 |
Configure the ZyWALL USG 200’s OPT (optional) Gigabit Ethernet port as a third WAN port, an additional LAN1, WLAN, or DMZ port or a separate network.
Zones |
|
|
|
|
|
|
WLAN |
Interfaces |
wan2 |
opt |
lan1 |
lan2 |
-wlan |
||
USG 200 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Physical Ports |
P1 P2 |
P3 |
P4 |
P5 |
P6 P7 |
||
|
|
|
|
|
|
|
|
8 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
Zones |
WLAN |
USG 100 Interfaces |
wan2 |
Physical Ports |
P1 P2 P3 P4 P5 P6 P7 |
|
Zones |
|
|
|
|
|
|
USG 100 |
Interfaces |
wan2 |
lan1 |
lan2 |
dmz |
||
|
|
|
|
|
|
||
PLUS |
|
|
|
|
|
|
|
Physical Ports |
P1 P2 |
P3 P4 |
P5 |
P6 |
|||
|
|
Zones |
wan2 |
|
lan2 |
|
|
USG 50 |
Interfaces |
lan1 |
dmz |
|||
|
|
|
|
|
|
|
|
Physical Ports |
P1 P2 |
P3 P4 |
|
|
P6 |
|
P5 |
Zones
USG 20/20W Interfaces
Physical Ports |
P1 |
P2 P3 P4 P5 |
You can manage the ZyWALL in the following ways.
Web Configurator
The Web Configurator allows easy ZyWALL setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
ZyWALL USG 20-2000 User’s Guide
9 |
Chapter 1 Introduction
Figure 8 Managing the ZyWALL: Web Configurator
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the ZyWALL. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
Table 2 Console Port Default Settings
SETTING |
VALUE |
Speed |
115200 bps |
|
|
Data Bits |
8 |
|
|
Parity |
None |
|
|
Stop Bit |
1 |
|
|
Flow Control |
Off |
|
|
Vantage CNM
The browser-based Vantage CNM (Centralized Network Management) global management tool lets administrators to manage multiple devices. Use the System > Vantage CNM screen to allow your ZyWALL to be managed by the Vantage CNM server. See the Vantage CNM User’s Guide for details.
In order to use the Web Configurator, you must:
•Use one of the following web browser versions or later: Internet Explorer 7, Firefox 3.5, Chrome 9.0, Opera 10.0, Safari 4.0
•Allow pop-up windows (blocked by default in Windows XP Service Pack 2)
•Enable JavaScripts, Java permissions, and cookies
The recommended screen resolution is 1024 x 768 pixels.
1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide.
10 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
2In your browser go to http://192.168.1.1. By default, the ZyWALL automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
3Type the user name (default: “admin”) and password (default: “1234”).
If you have a OTP (One-Time Password) token generate a number and enter it in the One-Time Password field. The number is only good for one login. You must use the token to generate a new number the next time you log in.
4Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears.
5The Network Risk Warning screen displays any unregistered or disabled security services. Select how often to display the screen and click OK.
6Follow the directions in the Update Admin Info screen. If you change the default password, the Login screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.
A
B
C
ZyWALL USG 20-2000 User’s Guide
11 |
Chapter 1 Introduction
The Web Configurator screen is divided into these parts (as illustrated on page 11):
•A - title bar
•B - navigation panel
•C - main window
Title Bar
Figure 9 Title Bar
The title bar icons in the upper right corner provide the following functions.
Table 3 Title Bar: Web Configurator Icons
LABEL |
DESCRIPTION |
Logout |
Click this to log out of the Web Configurator. |
|
|
Help |
Click this to open the help page for the current screen. |
|
|
About |
Click this to display basic information about the ZyWALL. |
|
|
Site Map |
Click this to see an overview of links to the Web Configurator screens. |
|
|
Object Reference |
Click this to check which configuration items reference an object. |
|
|
Console |
Click this to open a Java-based console window from which you can run command line |
|
interface (CLI) commands. You will be prompted to enter your user name and password. |
|
See the Command Reference Guide for information about the commands. |
|
|
CLI |
Click this to open a popup window that displays the CLI commands sent by the Web |
|
Configurator to the ZyWALL. |
|
|
Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the ZyWALL’s navigation panel menus and their screens.
Figure 10 Navigation Panel
12 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See the Web Help for details on the dashboard.
Monitor Menu
The monitor menu screens display status and statistics information.
Table 4 Monitor Menu Screens Summary
FOLDER OR LINK |
TAB |
FUNCTION |
System Status |
|
|
|
|
|
Port Statistics |
|
Displays packet statistics for each physical port. |
|
|
|
Interface |
|
Displays general interface information and packet statistics. |
Status |
|
|
|
|
|
Traffic |
|
Collect and display traffic statistics. |
Statistics |
|
|
|
|
|
Session |
|
Displays the status of all current sessions. |
Monitor |
|
|
|
|
|
DDNS Status |
|
Displays the status of the ZyWALL’s DDNS domain names. |
|
|
|
IP/MAC Binding |
|
Lists the devices that have received an IP address from ZyWALL interfaces using |
|
|
IP/MAC binding. |
|
|
|
Login Users |
|
Lists the users currently logged into the ZyWALL. |
|
|
|
WLAN Status |
|
Displays the connection status of the ZyWALL’s wireless clients. |
|
|
|
Cellular Status |
|
Displays details about the ZyWALL’s 3G connection status. |
|
|
|
USB Storage |
|
Displays details about USB device connected to the ZyWALL. |
|
|
|
AppPatrol |
|
Displays bandwidth and protocol statistics. |
Statistics |
|
|
|
|
|
VPN Monitor |
|
|
|
|
|
IPSec |
|
Displays and manages the active IPSec SAs. |
|
|
|
SSL |
|
Lists users currently logged into the VPN SSL client portal. You can also log out |
|
|
individual users and delete related session information. |
|
|
|
L2TP over |
|
Displays details about current L2TP sessions. |
IPSec |
|
|
|
|
|
Anti-X Statistics |
|
|
|
|
|
Anti-Virus |
|
Collect and display statistics on the viruses that the ZyWALL has detected. |
|
|
|
IDP |
|
Collect and display statistics on the intrusions that the ZyWALL has detected. |
|
|
|
Content Filter |
Report |
Collect and display content filter statistics |
|
|
|
|
Cache |
Manage the ZyWALL’s URL cache. |
|
|
|
Anti-Spam |
Report |
Collect and display spam statistics. |
|
|
|
|
Status |
Displays how many mail sessions the ZyWALL is currently checking and DNSBL |
|
|
(Domain Name Service-based spam Black List) statistics. |
|
|
|
Log |
|
Lists log entries. |
|
|
|
ZyWALL USG 20-2000 User’s Guide
13 |
Chapter 1 Introduction
Configuration Menu
Use the configuration menu screens to configure the ZyWALL’s features.
Table 5 Configuration Menu Screens Summary
FOLDER OR LINK |
TAB |
FUNCTION |
|
Quick Setup |
|
Quickly configure WAN interfaces or VPN connections. |
|
|
|
|
|
Licensing |
|
|
|
|
|
|
|
Registration |
Registration |
Register the device and activate trial services. |
|
|
|
|
|
|
Service |
View the licensed service status and upgrade licensed services. |
|
|
|
|
|
Signature |
Anti-Virus |
Update anti-virus signatures immediately or by a schedule. |
|
Update |
|
|
|
IDP/AppPatrol |
Update IDP signatures immediately or by a schedule. |
||
|
|||
|
|
|
|
|
System Protect |
View system-protect signatures status. |
|
|
|
|
|
Network |
|
|
|
|
|
|
|
Interface |
Port Grouping |
Configure physical port groups. |
|
|
|
|
|
|
Port Role |
Use this screen to set the ZyWALL’s flexible ports as LAN1, WLAN, |
|
|
|
or DMZ. |
|
|
|
|
|
|
Ethernet |
Manage Ethernet interfaces and virtual Ethernet interfaces. |
|
|
|
|
|
|
PPP |
Create and manage PPPoE and PPTP interfaces. |
|
|
|
|
|
|
Cellular |
Configure a cellular Internet connection for an installed 3G card. |
|
|
|
|
|
|
Tunnel |
Configure tunneling between IPv4 and IPv6 networks. |
|
|
|
|
|
|
WLAN |
Configure settings for an installed wireless LAN card. |
|
|
|
|
|
|
VLAN |
Create and manage VLAN interfaces and virtual VLAN interfaces. |
|
|
|
|
|
|
Bridge |
Create and manage bridges and virtual bridge interfaces. |
|
|
|
|
|
|
Auxiliary |
Manage the AUX port. |
|
|
|
|
|
|
Trunk |
Create and manage trunks (groups of interfaces) for load balancing |
|
|
|
and link High Availability (HA). |
|
|
|
|
|
Routing |
Policy Route |
Create and manage routing policies. |
|
|
|
|
|
|
Static Route |
Create and manage IP static routing information. |
|
|
|
|
|
|
RIP |
Configure device-level RIP settings. |
|
|
|
|
|
|
OSPF |
Configure device-level OSPF settings, including areas and virtual |
|
|
|
links. |
|
|
|
|
|
Zone |
|
Configure zones used to define various policies. |
|
|
|
|
|
DDNS |
Profile |
Define and manage the ZyWALL’s DDNS domain names. |
|
|
|
|
|
NAT |
|
Set up and manage port forwarding rules. |
|
|
|
|
|
HTTP Redirect |
|
Set up and manage HTTP redirection rules. |
|
|
|
|
|
ALG |
|
Configure SIP, H.323, and FTP pass-through settings. |
|
|
|
|
|
IP/MAC |
Summary |
Configure IP to MAC address bindings for devices connected to |
|
Binding |
|
each supported interface. |
|
|
|
|
|
|
Exempt List |
Configure ranges of IP addresses to which the ZyWALL does not |
|
|
|
apply IP/MAC binding. |
|
|
|
|
|
DNS Inbound |
DNS Load |
Configure DNS Load Balancing. |
|
LB |
Balancing |
|
|
|
|
|
|
Auth. Policy |
|
Define rules to force user authentication. |
|
|
|
|
|
Firewall |
Firewall |
Create and manage level-3 traffic rules. |
|
|
|
|
|
|
Session Limit |
Limit the number of concurrent client NAT/firewall sessions. |
|
|
|
|
14 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
Table 5 Configuration Menu Screens Summary (continued)
FOLDER OR LINK |
TAB |
FUNCTION |
VPN |
|
|
|
|
|
IPSec VPN |
VPN Connection |
Configure IPSec tunnels. |
|
|
|
|
VPN Gateway |
Configure IKE tunnels. |
|
|
|
|
Concentrator |
Combine IPSec VPN connections into a single secure network |
|
|
|
|
Configuration |
Set who can retrieve VPN rule settings from the ZyWALL using the |
|
Provisioning |
ZyWALL IPSec VPN Client. |
|
|
|
SSL VPN |
Access Privilege |
Configure SSL VPN access rights for users and groups. |
|
|
|
|
Global Setting |
Configure the ZyWALL’s SSL VPN settings that apply to all |
|
|
connections. |
|
|
|
L2TP VPN |
L2TP VPN |
Configure L2TP over IPSec tunnels. |
|
|
|
AppPatrol |
General |
Enable or disable traffic management by application and see |
|
|
registration and signature information. |
|
|
|
|
Query |
Manage traffic management by application. |
|
|
|
|
Other |
Manage other kinds of traffic. |
|
|
|
BWM |
BWM |
Enable and configure bandwidth management rules. |
|
|
|
Anti-X |
|
|
|
|
|
Anti-Virus |
General |
Turn anti-virus on or off, set up anti-virus policies and check the |
|
|
anti-virus engine type and the anti-virus license and signature |
|
|
status. |
|
|
|
|
Black/White List |
Set up anti-virus black (blocked) and white (allowed) lists of virus |
|
|
file patterns. |
|
|
|
|
Signature |
Search for signatures by signature name or attributes and |
|
|
configure how the ZyWALL uses them. |
|
|
|
IDP |
General |
Display and manage IDP bindings. |
|
|
|
|
Profile |
Create and manage IDP profiles. |
|
|
|
|
Custom Signatures |
Create, import, or export custom signatures. |
|
|
|
ADP |
General |
Display and manage ADP bindings. |
|
|
|
|
Profile |
Create and manage ADP profiles. |
|
|
|
Content Filter |
General |
Create and manage content filter policies. |
|
|
|
|
Filter Profile |
Create and manage the detailed filtering rules for content filtering |
|
|
policies. |
|
|
|
|
Trusted Web Sites |
Create a list of allowed web sites that bypass content filtering |
|
|
policies. |
|
|
|
|
Forbidden Web |
Create a list of web sites to block regardless of content filtering |
|
Sites |
policies. |
|
|
|
Anti-Spam |
General |
Turn anti-spam on or off and manage anti-spam policies. |
|
|
|
|
Mail Scan |
Configure e-mail scanning details. |
|
|
|
|
Black/White List |
Set up a black list to identify spam and a white list to identify |
|
|
legitimate e-mail. |
|
|
|
|
DNSBL |
Have the ZyWALL check e-mail against DNS Black Lists. |
|
|
|
ZyWALL USG 20-2000 User’s Guide
15 |
Chapter 1 Introduction
Table 5 Configuration Menu Screens Summary (continued)
FOLDER OR LINK |
TAB |
FUNCTION |
Device HA |
General |
Configure device HA global settings, and see the status of each |
|
|
interface monitored by device HA. |
|
|
|
|
Active-Passive |
Configure active-passive mode device HA. |
|
Mode |
|
|
|
|
|
Legacy Mode |
Configure legacy mode device HA for use with ZyWALLs that |
|
|
already have device HA setup using a firmware version earlier than |
|
|
2.10. |
|
|
|
Object |
|
|
|
|
|
User/Group |
User |
Create and manage users. |
|
|
|
|
Group |
Create and manage groups of users. |
|
|
|
|
Setting |
Manage default settings for all users, general settings for user |
|
|
sessions, and rules to force user authentication. |
|
|
|
Address |
Address |
Create and manage host, range, and network (subnet) addresses. |
|
|
|
|
Address Group |
Create and manage groups of addresses. |
|
|
|
Service |
Service |
Create and manage TCP and UDP services. |
|
|
|
|
Service Group |
Create and manage groups of services. |
|
|
|
Schedule |
Schedule |
Create one-time and recurring schedules. |
|
|
|
AAA Server |
Active Directory |
Configure the Active Directory settings. |
|
|
|
|
LDAP |
Configure the LDAP settings. |
|
|
|
|
RADIUS |
Configure the RADIUS settings. |
|
|
|
Auth. Method |
Authentication |
Create and manage ways of authenticating users. |
|
Method |
|
|
|
|
Certificate |
My Certificates |
Create and manage the ZyWALL’s certificates. |
|
|
|
|
Trusted Certificates |
Import and manage certificates from trusted sources. |
|
|
|
ISP Account |
ISP Account |
Create and manage ISP account information for PPPoE/PPTP |
|
|
interfaces. |
|
|
|
SSL Application |
|
Create SSL web application objects. |
|
|
|
Endpoint |
|
Create Endpoint Security (EPS) objects. |
Security |
|
|
|
|
|
DHCPv6 |
Request |
Configure IPv6 DHCP request type and interface information. |
|
|
|
|
Lease |
Configure IPv6 DHCP lease type and interface information. |
|
|
|
System |
|
|
|
|
|
Host Name |
|
Configure the system and domain name for the ZyWALL. |
|
|
|
USB Storage |
Settings |
Configure the settings for the connected USB devices. |
|
|
|
Date/Time |
|
Configure the current date, time, and time zone in the ZyWALL. |
|
|
|
Console Speed |
|
Set the console speed. |
|
|
|
DNS |
|
Configure the DNS server and address records for the ZyWALL. |
|
|
|
WWW |
Service Control |
Configure HTTP, HTTPS, and general authentication. |
|
|
|
|
Login Page |
Configure how the login and access user screens look. |
|
|
|
SSH |
|
Configure SSH server and SSH service settings. |
|
|
|
TELNET |
|
Configure telnet server settings for the ZyWALL. |
|
|
|
FTP |
|
Configure FTP server settings. |
|
|
|
SNMP |
|
Configure SNMP communities and services. |
|
|
|
16 |
ZyWALL USG 20-2000 User’s Guide
|
|
|
Chapter 1 Introduction |
|
|
|
|
|
Table 5 Configuration Menu Screens Summary (continued) |
||
|
FOLDER OR LINK |
TAB |
FUNCTION |
|
Dial-in Mgmt. |
|
Configure settings for an out of band management connection |
|
|
|
through a modem connected to the AUX port. |
|
|
|
|
|
Vantage CNM |
|
Configure and allow your ZyWALL to be managed by the Vantage |
|
|
|
CNM server. |
|
|
|
|
|
Language |
|
Select the Web Configurator language. |
|
|
|
|
|
IPv6 |
|
Enable IPv6 globally on the ZyWALL here. |
|
|
|
|
|
Log & Report |
|
|
|
|
|
|
|
Email Daily |
|
Configure where and how to send daily reports and what reports to |
|
Report |
|
send. |
|
|
|
|
|
Log Setting |
|
Configure the system log, e-mail logs, and remote syslog servers. |
|
|
|
|
Maintenance Menu
Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the ZyWALL.
Table 6 Maintenance Menu Screens Summary
FOLDER |
TAB |
FUNCTION |
|
OR LINK |
|||
|
|
||
File |
Configuration File |
Manage and upload configuration files for the ZyWALL. |
|
Manager |
|
|
|
Firmware Package |
View the current firmware version and to upload firmware. |
||
|
|||
|
|
|
|
|
Shell Script |
Manage and run shell script files for the ZyWALL. |
|
|
|
|
|
Diagnostics |
Diagnostic |
Collect diagnostic information. |
|
|
|
|
|
|
Packet Capture |
Capture packets for analysis. |
|
|
|
|
|
|
System Log |
Connect a USB device to the ZyWALL and archive the ZyWALL system logs |
|
|
|
to it here. |
|
|
|
|
|
Packet |
Routing Status |
Check how the ZyWALL determines where to route a packet. |
|
Flow |
|
|
|
SNAT Status |
View a clear picture on how the ZyWALL converts a packet’s source IP |
||
Explore |
|||
|
address and check the related settings. |
||
|
|
||
|
|
|
|
Reboot |
|
Restart the ZyWALL. |
|
|
|
|
|
Shutdown |
|
Turn off the ZyWALL. |
|
|
|
|
Web Configurator tables and lists are flexible with several options for how to display their entries. Click a column heading to sort the table’s entries according to that column’s criteria.
Figure 11 Sorting Table Entries by a Column’s Criteria
ZyWALL USG 20-2000 User’s Guide
17 |
Chapter 1 Introduction
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:
•Sort in ascending or descending (reverse) alphabetical order
•Select which columns to display
•Group entries by field
•Show entries in groups
•Filter by mathematical operators (<, >, or =) or searching for text Figure 12 Common Table Column Options
Select a column heading cell’s right border and drag to re-size the column.
Figure 13 Resizing a Table Column
Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Figure 14 Moving Columns
Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
18 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
Figure 15 Navigating Pages of Table Entries
The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.
Figure 16 Common Table Icons
Here are descriptions for the most common table icons.
Table 7 Common Table Icons
LABEL |
DESCRIPTION |
Add |
Click this to create a new entry. For features where the entry’s position in the numbered list is |
|
important (features where the ZyWALL applies the table’s entries in order like the firewall for |
|
example), you can select an entry and click Add to create a new entry after the selected entry. |
|
|
Edit |
Double-click an entry or select it and click Edit to open a screen where you can modify the |
|
entry’s settings. In some tables you can just click a table entry and edit it directly in the table. |
|
For those types of tables small red triangles display for table entries with changes that you have |
|
not yet applied. |
|
|
Remove |
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it |
|
before doing so. |
|
|
Activate |
To turn on an entry, select it and click Activate. |
|
|
Inactivate |
To turn off an entry, select it and click Inactivate. |
|
|
Connect |
To connect an entry, select it and click Connect. |
|
|
Disconnect |
To disconnect an entry, select it and click Disconnect. |
|
|
Object |
Select an entry and click Object References to check which settings use the entry. |
References |
|
|
|
Move |
To change an entry’s position in a numbered list, select it and click Move to display a field to |
|
type a number for where you want to put that entry and press [ENTER] to move the entry to the |
|
number that you typed. For example, if you type 6, the entry you are moving becomes number 6 |
|
and the previous entry 6 (if there is one) gets pushed up (or down) one. |
|
|
Working with Lists
When a list of available entries displays next to a list of selected entries, you can often just doubleclick an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.
ZyWALL USG 20-2000 User’s Guide
19 |
Chapter 1 Introduction
Figure 17 Working with Lists
Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power. Not doing so can cause the firmware to become corrupt.
See Table 1 on page 5 for the ZyWALL USG models that can be rack mounted. Use the following steps to mount the ZyWALL on an EIA standard size, 19-inch rack or in a wiring closet with other equipment using a rack-mounting kit. Make sure the rack will safely support the combined weight of all the equipment it contains and that the position of the ZyWALL does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.
Note: Leave 10 cm of clearance at the sides and 20 cm in the rear.
Use a #2 Phillips screwdriver to install the screws.
Note: Failure to use the proper screws may damage the unit.
1Align one bracket with the holes on one side of the ZyWALL and secure it with the included bracket screws (smaller than the rack-mounting screws).
2Attach the other bracket in a similar fashion.
3After attaching both mounting brackets, position the ZyWALL in the rack and up the bracket holes with the rack holes. Secure the ZyWALL to the rack with the rack-mounting screws.
20 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
See Table 1 on page 5 for the ZyWALL USG models that can be wall-mounted. Do the following to attach your ZyWALL to a wall.
1Screw two screws with 6 mm ~ 8 mm (0.24" ~ 0.31") wide heads into the wall 150 mm apart (see the figure in step 2). Do not screw the screws all the way in to the wall; leave a small gap between the head of the screw and the wall.
The gap must be big enough for the screw heads to slide into the screw slots and the connection cables to run down the back of the ZyWALL.
Note: Make sure the screws are securely fixed to the wall and strong enough to hold the weight of the ZyWALL with the connection cables.
2Use the holes on the bottom of the ZyWALL to hang the ZyWALL on the screws.
ZyWALL USG 20-2000 User’s Guide
21 |
Chapter 1 Introduction
USG 20W
Wall-mount the ZyWALL horizontally. The ZyWALL's side panels with ventilation slots should not be facing up or down as this position is less safe.
This section introduces the ZyWALL’s front panel.
Figure 18 ZyWALL Front Panel
USG 2000
USG 1000
USG 300
22 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
USG 200
USG 100
PLUS
USG 100
USG 50
USG 20W
USG 20
A dual personality interface is a 1000Base-T/mini-GBIC combo port. For each interface you can connect either to the 1000Base-T port or the mini-GBIC port. The mini-GBIC port has priority over the 1000Base-T port so the 1000Base-T port is disabled if both are connected at the same time.
1000Base-T Ports
The 1000Base-T auto-negotiating, auto-crossover Ethernet ports support 100/1000 Mbps Gigabit Ethernet so the speed can be 100 Mbps or 1000 Mbps. The duplex mode is full at 1000 Mbps and half or full at 100 Mbps. An auto-negotiating port can detect and adjust to the optimum Ethernet speed (100/1000 Mbps) and duplex mode (full duplex or half duplex) of the connected device. An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable. The factory default negotiation settings for the Ethernet ports on the ZyWALL are speed: auto, duplex: auto, and flow control: on (you cannot configure the flow control setting, but the ZyWALL can negotiate with the peer and turn it off if needed)
Mini-GBIC Slots
These are slots for Small Form-Factor Pluggable (SFP) transceivers (not included). A transceiver is a single unit that houses a transmitter and a receiver. Use a transceiver to connect a fiber-optic cable to the ZyWALL. Use transceivers that comply with the Small Form-Factor Pluggable (SFP)
Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev
ZyWALL USG 20-2000 User’s Guide
23 |
Chapter 1 Introduction
1.0 for details. You can change transceivers while the ZyWALL is operating. You can use different transceivers to connect to devices with different types of fiber-optic connectors.
•Type: SFP connection interface
•Connection speed: 1 Gigabit per second (Gbps)
To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors or fiber-optic cable.
Transceiver and Fiber-optic Cable Installation
Use the following steps to install a mini GBIC transceiver (SFP module).
1Insert the transceiver into the slot with the exposed section of PCB board facing down.
2Press the transceiver firmly until it clicks into place.
3Push the end of the fiber-optic cable firmly into the transceiver until it locks into place. When the other end of the fiber-optic cable is connected, check the LEDs to verify the link status.
Fiber-optic Cable and Transceiver Removal
Use the following steps to remove a mini GBIC transceiver (SFP module).
1Press down on the top of the fiber-optic cable where it connects to the transceiver to release it. Then pull the fiberoptic cable out.
24 |
ZyWALL USG 20-2000 User’s Guide
Chapter 1 Introduction
2Open the transceiver’s latch (latch styles vary).
3Pull the transceiver out of the slot.
A ZyWALL USG with dual internal buses (see Table 1 on page 5) for Gigabit interfaces has one internal bus for ports P1-P7 and another for port P8. To maximize the ZyWALL’s throughput, use P8 for your connection with the most traffic.
Figure 19 Gigabit Interfaces and Internal Buses
Some ZyWALLs (see Table 1 on page 5) let you add an optional Security Extension Module (SEM) to enhance the VPN or VPN and Unified Threat Management (UTM) capabilities.
Figure 20 Security Extension Module
•The VPN module (SEM-VPN) increases the maximum VPN throughput from 100 Mbps to 500 Mbps, the maximum number of IPSec VPN tunnels from 1,000 to 2,000 and the maximum number of SSL VPN users from 250 (with a license) to 750 (with a license).
•The SEM-DUAL module provides the VPN performance enhancements and increases the maximum anti-virus and IDP traffic throughput from 100 Mbps to 400 Mbps.
The following tables describe the LEDs.
Table 8 ZyWALL USG 20 ~ USG 1000 Front Panel LEDs
LED |
COLOR |
STATUS |
DESCRIPTION |
PWR |
|
Off |
The ZyWALL is turned off. |
|
|
|
|
|
Green |
On |
The ZyWALL is turned on. |
|
|
|
|
|
Red |
On |
There is a hardware component failure. Shut down the device, wait for a few |
|
|
|
minutes and then restart the device (see Section 1.5 on page 20). If the LED |
|
|
|
turns red again, then please contact your vendor. |
|
|
|
|
ZyWALL USG 20-2000 User’s Guide
25 |
Chapter 1 Introduction
Table 8 ZyWALL USG 20 ~ USG 1000 Front Panel LEDs (continued)
LED |
COLOR |
STATUS |
DESCRIPTION |
|
SYS |
Green |
Off |
The ZyWALL is not ready or has failed. |
|
|
|
|
|
|
|
|
On |
The ZyWALL is ready and running. |
|
|
|
|
|
|
|
|
Blinking |
The ZyWALL is booting. |
|
|
|
|
|
|
|
Red |
On |
The ZyWALL had an error or has failed. |
|
|
|
|
|
|
AUX |
Green |
Off |
The AUX port is not connected. |
|
|
|
|
|
|
|
|
Flashing |
The AUX port is sending or receiving packets. |
|
|
|
|
|
|
|
|
On |
The AUX port is connected. |
|
|
|
|
|
|
1, 2 ... |
Green |
Off |
There is no traffic on this port. |
|
|
|
|
|
|
|
|
Blinking |
The ZyWALL is sending or receiving packets on this port. |
|
|
|
|
|
|
|
Orange |
Off |
There is no connection on this port. |
|
|
|
|
|
|
|
|
On |
This port has a successful link. |
|
|
|
|
|
|
USB |
Green |
Off |
No device is connected to the ZyWALL’s USB port or the connected device is |
|
|
|
|
not supported by the ZyWALL. |
|
|
|
|
|
|
|
|
On |
A 3G USB card or USB storage device is connected to the USB port. |
|
|
|
|
|
|
|
Orange |
On |
Connected to a 3G network through the connected 3G USB card. |
|
|
|
|
|
|
WLAN |
Green |
Off |
The wireless function is disabled on the ZyWALL. |
|
|
|
|
|
|
|
|
On |
The wireless function is enabled on the ZyWALL. |
|
|
|
|
|
|
P1~P5 |
Green |
Off |
There is no traffic on this port. |
|
|
|
|
|
|
|
|
Blinking |
The ZyWALL is sending or receiving packets on this port. |
|
|
|
|
|
|
|
Orange |
Off |
There is no connection on this port. |
|
|
|
|
|
|
|
|
On |
This port has a successful link. |
|
|
|
|
|
|
Card1,2 |
Green |
Off |
There is no card in the slot. |
|
|
|
|
|
|
|
|
On |
There is a card in the slot. |
|
|
|
|
|
|
|
|
Flashing |
The card in the slot is sending or receiving traffic. |
|
|
|
|
|
|
Table 9 ZyWALL USG 2000 Front Panel LEDs |
||||
LED |
COLOR |
STATUS |
DESCRIPTION |
|
PWR1, |
|
Off |
Both power modules are turned off, not receiving power, or not functioning. |
|
PWR2 |
|
|
|
|
Green |
On |
The power module is operating. |
||
|
||||
|
|
|
|
|
|
Red |
On |
The power module has malfunctioned. Turn the power module off, wait a few |
|
|
|
|
minutes, and turn the power module back on (see Section 1.5 on page 20). |
|
|
|
|
If the LED shines red again, then please contact your vendor. |
|
SYS |
|
Off |
The ZyWALL is turned off. |
|
|
|
|
|
|
|
Green |
On |
The ZyWALL is ready and operating normally. |
|
|
|
|
|
|
|
|
Flashing |
The ZyWALL is self-testing. |
|
|
|
|
|
|
|
Red |
On |
The ZyWALL is malfunctioning. |
|
|
|
|
|
|
AUX |
|
Off |
The AUX port is not connected. |
|
|
|
|
|
|
|
Orange |
On |
The AUX port has a dial-in management connection. |
|
|
|
|
|
|
|
|
Flashing |
The AUX port is sending or receiving packets for the dial-in management |
|
|
|
|
connection. |
|
|
Green |
On |
The AUX port has a dial backup connection. |
|
|
|
|
|
|
|
|
Flashing |
The AUX port is sending or receiving packets for the dial backup connection. |
|
|
|
|
|
26 |
ZyWALL USG 20-2000 User’s Guide
|
|
|
|
Chapter 1 Introduction |
|
|
|
|
|
|
Table 9 ZyWALL USG 2000 Front Panel LEDs (continued) |
|||
|
LED |
COLOR |
STATUS |
DESCRIPTION |
|
CARD |
Green |
Off |
Reserved for future use. There is no card in the CARD SLOT. |
|
|
|
|
|
|
|
|
On |
There is a card in the CARD SLOT. |
|
|
|
|
|
|
HDD |
|
|
This LED is reserved for future use. |
|
|
|
|
|
|
P1~P8 |
Green |
Off |
There is no traffic on this port. |
|
|
|
|
|
|
|
|
Flashing |
The ZyWALL is sending or receiving packets on this port. |
|
|
|
|
|
|
|
Orange |
Off |
There is no connection on this port. |
|
|
|
|
|
|
|
|
On |
This port has a successful link. |
|
|
|
|
|
|
LNK |
Orange |
Off |
The Ethernet link is down. |
|
|
|
|
|
|
|
|
On |
The Ethernet link is up. |
|
|
|
|
|
|
ACT |
Green |
Off |
The system is not transmitting/receiving Ethernet traffic. |
|
|
|
|
|
|
|
|
Blinking |
The system is transmitting/receiving Ethernet traffic. |
|
|
|
|
|
ZyWALL USG 20-2000 User’s Guide
27 |
Chapter 1 Introduction
28 |
ZyWALL USG 20-2000 User’s Guide
2
Here are examples of using the Web Configurator to set up your network in the ZyWALL.
Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator, see Section 1.4 on page 10 for details. For field descriptions of individual screens, see the Web Configurator Online Help.
•Wizard Overview on page 29
•How to Configure Interfaces, Port Roles, and Zones on page 29
•How to Configure a Cellular Interface on page 32
•How to Set Up a Wireless LAN on page 34
•How to Configure Ethernet, PPP, VLAN, Bridge and Policy Routing on page 37
•How to Set Up IPv6 Interfaces For Pure IPv6 Routing on page 38
•How to Set Up an IPv6 6to4 Tunnel on page 44
•How to Set Up an IPv6-in-IPv4 Tunnel on page 48
Use the wizards to quickly configure Internet connection and VPN settings as well as activate subscription services.
WIZARD |
DESCRIPTION |
Installation Setup Wizard |
Use this wizard the first time log into the Web Configurator to configure WAN |
|
connections and register your ZyWALL. |
|
|
Quick Setup |
You can find the following wizards in the CONFIGURATION navigation panel. |
|
|
WAN Interface |
Use these wizard screens to quickly configure a WAN interface’s encapsulation |
|
and IP address settings. |
|
|
VPN Setup |
Use these wizard screens to quickly configure an IPSec VPN or IPSec VPN |
|
configuration provisioning. |
|
|
After you complete a wizard, you can go to the CONFIGURATION screens to configure advanced settings.
This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration.
ZyWALL USG 20-2000 User’s Guide
29 |
Chapter 2 How to Set Up Your Network
•The wan1 interface uses a static IP address of 1.2.3.4.
•Add P5 (lan2) to the DMZ interface (Note: In USG 20/20W, use P4 (lan2) instead of P5 in this example). The DMZ interface is used for a protected local network. It uses IP address 192.168.3.1 and serves as a DHCP server by default.
•You want to be able to apply specific security settings for the VPN tunnel created by the Quick Setup - VPN Setup wizard (named WIZ_VPN). So you create a new zone and add WIZ_VPN to it.
Figure 21 Ethernet Interface, Port Roles, and Zone Configuration Example
You need to assign the ZyWALL’s wan1 interface a static IP address of 1.2.3.4.
Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface’s entry in the Configuration section. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK.
30 |
ZyWALL USG 20-2000 User’s Guide