Zyxel USG300 user manual

ZyWALL USG 300

Unified Security Gateway

Default Login Details

LAN Port P1
IP Address https://192.168.1.1
User Name admin
Password 1234

www.zyxel.com

Firmware Version 2.20
Edition 2, 9/2010

www.zyxel.com

Copyright © 2010
ZyXEL Communications Corporation

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL
using the Web Configurator.

How To Use This Guide

•Read Chapter 1 on page 33 chapter for an overview of features available on the
ZyWALL.

•Read Chapter 3 on page 47 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL Web Configurator.

•Read Chapter 4 on page 65 if you’re using the installation wizard for first time
setup and you want more detailed information than what the real time online
help provides.

•Read Chapter 5 on page 75 if you’re using the quick setup wizards and y ou want
more detailed information than what the real time online help provides.

• It is highly recommended you read Chapter 6 on page 93 for detailed
information on essential terms us ed in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.

• It is highly recommended you read Chapter 7 on page 117 for ZyWALL
application examples.

• Subsequent chapters are arranged by menu item as defined in the Web
Configurator. Read each chapter carefully for detailed information on that menu
item.

• To find specific information in this guide, use the Contents Overview, the
Table of Contents, the Index, or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.

Related Documentation

•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL

hardware connections and access the Web Configurator wizards. (See the
wizard real time help for information on configuring each screen.) It also
contains a connection diagram and package contents list.

•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)

to configure the ZyWALL.

Note: It is recommended you use the Web Configurator to configure the ZyWALL.

ZyWALL USG 300 User’s Guide

3

About This User's Guide

• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and

supplementary information.

Documentation Feedback

Send your comments, questions or suggestions to: techwriters@zyxel.com.tw

Thank you!

The Technical Writing Team, ZyXEL Communications Corp.,
6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.

Need More Help?

More help is available at www.zyx el.com.

• Download Library
Search for the latest product updates and documentation from this link. Read

the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.

• Knowledge Base
If you have a specific question about your product, the answer may be here.

This is a collection of answers to previously asked questions about ZyXEL
products.

•Forum
This contains discussions on ZyXEL prod ucts. Learn from others who use ZyXEL

products and share your experiences as well.

Customer Support

Should problems arise that cannot be solved by the methods listed above, you
should conta ct your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.

4

ZyWALL USG 300 User’s Guide

About This User's Guide

See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following informatio n ready when you contact an office.

• Product model and serial number.

•Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Disclaimer

Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software fo r y our dev ice. Ev ery effort has been made to ensur e that the
information in this manual is accurate.

ZyWALL USG 300 User’s Guide

5

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

Document Conventions

• A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “return” key on you r keyboard.

• “Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click

Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.

6

ZyWALL USG 300 User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

ZyWALL USG 300 User’s Guide

7

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power
source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.

Safety Warnings

8

Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.

ZyWALL USG 300 User’s Guide

Contents Overview

Contents Overview

User’s Guide ........................................................................................................ ...................31

Introducing the ZyWALL ............................................................................................................ 33

Features and Applications ......................................................................................................... 39

Web Configurator ............................................. ... ... ... .... ............................................. ... ... .......... 47

Installation Setup Wizard .................................... ............................................................. ..........65

Quick Setup ...............................................................................................................................75

Configuration Basics .............. ... ... .............................................. ... ... ... ... .... ... ... ... .... ................... 93

Tutorials ...................................................................................................................................117

L2TP VPN Example .................................................................................................................185

Technical Reference ............................................................................................................223

Dashboard .............................................................................................................................. 225

Monitor .................................................................................................................................... 239

Registration ............................................................................................................................. 283

Signature Update .....................................................................................................................289

Interfaces ..................................... ....................................................... ..................................... 295

Trunks ..................................................................................................................................... 369

Policy and Static Routes ..........................................................................................................379

Routing Protocols ....................................................................................................................395

Zones .................................. ................... ................... .................... ................... ........................ 409

DDNS ...................................................................................................................................... 413

NAT ................................. ............................. .............................. ............................. ................. 419

HTTP Redirect ........................................................................................................................429

ALG ......................................................................................................................................... 435

IP/MAC Binding ...................................................................................................................... 443

Authentication Policy ... ... .... ... ... ... .... ... ................................................ ... .................................. 449

Firewall .................................................................................................................................... 457

IPSec VPN ................... ... .............................................. ... ... ... .... ... ........................................... 475

SSL VPN ................................................................................................................................. 517

SSL User Screens ................................................................................................................... 531

SSL User Application Screens ................................................................................................ 541

SSL User File Sharing ............................................................................................................. 543

ZyWALL SecuExtender ...................................................................... ... .................................. 551

L2TP VPN ................................................................................................................................ 555

Application Patrol .....................................................................................................................559

Anti-Virus ................................................................................................................................. 585

IDP .......................................................................................................................................... 601

ADP ........................................................................................................................................ 637

ZyWALL USG 300 User’s Guide

9

Contents Overview

Content Filtering ..................................................................................................................... 659

Content Filter Reports ............................................................................................................. 683

Anti-Spam ................................................................................................................................ 691

Device HA ................................................................................................................................ 709

User/Group .............................................................................................................................. 731

Addresses ............................................................................................................................... 747

Services ................................. ....................................................... ........................................... 753

Schedules ................................. ................................................. .............................................. 759

AAA Server ............................................................................................................................. 765

Authentication Method ............................................................................... .............................. 775

Certificates ................................... ....................... ....................... ...................... ........................ 781

ISP Accounts ................................... ... ... ... ... .... ... ... ... .... ... ............................................. ........... 803

SSL Application ....................................................................................................................... 807

Endpoint Security .................................................................................................................... 815

System ................................................................................................................................... 825

Log and Report ......................................................................................................................877

File Manager ........................................................................................................................... 893

Diagnostics .............................................................................................................................905

Reboot ..................................................................................................................................... 915

Shutdown ......................................... ............................. ............................. .............................. 917

Troubleshooting ..................................................... .................................................................. 919

Product Specifications ............................................................................................................. 939

10

ZyWALL USG 300 User’s Guide

Table of Contents

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................6

Safety Warnings ........................................................................................................................8

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

Part I: User’s Guide................................................................................ 31

Chapter 1

Introducing the ZyWALL ........................................................................................................33

1.1 Overview and Key Default Settings ..................................................................................... 33

1.2 Rack-mounted Installation ................................................................................................... 33

1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34

1.3 Front Panel ................................... ... ... ... .... ... ... ... .............................................. ... ... .............35

1.3.1 Front Panel LEDs ...................................... .... ... ... ... .... ... ... ... ... .... ................................ 35

1.4 Management Overview .......... .... ... ... ................................................ .... ................................35

1.5 Starting and Stopping the ZyWALL ............................ ... ... .... ................................................ 37

Chapter 2

Features and Applications.....................................................................................................39

2.1 Features ............................................. ... .... ... ............................................. ... .... ... ... .............39

2.2 Applications . .... ... ... ... .............................................. ... ... ... .... ... ............................................. 41

2.2.1 VPN Connectivity ...... ... .... ... ... ... ............................................. .... ... ... ... .... ................... 42

2.2.2 SSL VPN Network Access ..... ... ... .............................................. ... ... ... .... ... ... ............. 42

2.2.3 User-Aware Access Control ....................................................................................... 44

2.2.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ............................................. ... .... ... 44

2.2.5 Device HA .............. ... ... .... ... ... ... ............................................. .... ... ... ... .... ................... 45

Chapter 3

Web Configurator....................................................................................................................47

3.1 Web Configurator Requirements ......................................................................................... 47

3.2 Web Configurator Access ....................................................................................................47

3.3 Web Configurator Screens Overview .................................................................................. 49

3.3.1 Title Bar .................................. ............................................. ... .... ................................ 50

ZyWALL USG 300 User’s Guide

11

Table of Contents

3.3.2 Navigation Panel ....... ... .... ... ... ... ... .... ... ....................................................................... 51

3.3.3 Main Window .......................... ... ............................................. .... ... ... ... .... ... ................57

3.3.4 Tables and Lists ..................................................................... ....................................59

Chapter 4

Installation Setup Wizard.......................................................................................................65

4.1 Installation Setup Wizard Screens ...................................................................................... 65

4.1.1 Internet Access Setup - WAN Interface ..................................................................... 66

4.1.2 Internet Access: Ethernet .......................................................................................... 66

4.1.3 Internet Access: PPPoE ............................................................................................. 68

4.1.4 Internet Access: PPTP .............................................................................................. 69

4.1.5 ISP Parameters ................................... ... ... .... ... ............................................. ... ... .... ... 69

4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 71

4.1.7 Internet Access - Finish .............................................................................................71

4.2 Device Registration ........................................................................................................... 72

Chapter 5

Quick Setup.............................................................................................................................75

5.1 Quick Setup Overview ........................... .... ... ... ... .............................................. ... ... ... ... ....... 75

5.2 WAN Interface Quick Setup .................................................................................................76

5.2.1 Choose an Ethernet Interface ................ ... .... ... ... ... .... ................................................ 76

5.2.2 Select WAN Type ................................................................... .... ... ... .......................... 76

5.2.3 Configure WAN Settings ............................................................................................ 77

5.2.4 WAN and ISP Connection Settings ............................................................................ 78

5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 80

5.3 VPN Quick Setup .......... ... ... ... .... ............................................. ... ... ... .... ... ............................. 81

5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 82

5.5 VPN Express Wizard - Scenario .........................................................................................83

5.5.1 VPN Express Wizard - Configuration ........................ ... ... .......................................... 84

5.5.2 VPN Express Wizard - Summary ....................... ... .... ... ............................................. 85

5.5.3 VPN Express Wizard - Finish .................................................................................... 86

5.5.4 VPN Advanced Wizard - Scenario ............................................................................87

5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 88

5.5.6 VPN Advanced Wizard - Phase 2 .............................................................................90

5.5.7 VPN Advanced Wizard - Summary ........................................................................... 91

5.5.8 VPN Advanced Wizard - Finish ................................................................................. 92

Chapter 6

Configuration Basics..............................................................................................................93

12

6.1 Object-based Configuration .......................... ... ... .... ... ... ... .... ... ... ... ... .... ................................93

6.2 Zones, Interfaces, and Physical Ports ................................................................................. 94

6.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .......................... 95

6.2.2 Default Interface and Zone Configuration .................................................................. 96

ZyWALL USG 300 User’s Guide

Table of Contents

6.3 Terminology in the ZyWALL ................... .... ... ... ... .... ... ... ............................................. ... .... ... 97

6.4 Packet Flow .................................. ... ... ... .... ... ............................................. ... .... ... ... .............98

6.4.1 ZLD 2.20 Packet Flow Enhancements ....................................................................... 98

6.4.2 Routing Table Checking Flow Enhancements ............................................................ 99

6.4.3 NAT Table Checking Flow ...................... ... .... ... ... ... .... ... ... ... ..................................... 100

6.5 Feature Configuration Overview ....................................................................................... 101

6.5.1 Feature ...................................... ... .... ... ... ... .... ............................................. ... ... ... ..... 102

6.5.2 Licensing Registration ............................ ... .... ... ... ... .... ... ........................................... 102

6.5.3 Licensing Update ................................................... .... ... ... ... ... .... ... ... ... ..................... 102

6.5.4 Interface .............. ... ... ... .... ... ... ............................................. ... .... ... ... ... ..................... 103

6.5.5 Trunks ....... ... ... .... ... ... ... .... ............................................. ... ... ..................................... 103

6.5.6 Policy Routes ............ ... .... ... ... ... ............................................. .... ... ... ... .... ................. 103

6.5.7 Static Routes .................................... ... ... ............................................. .... ... ... ... ... .....105

6.5.8 Zones ........... ... .... ... ............................................. ... .... ... ........................................... 105

6.5.9 DDNS ............................................... ... ... ... .............................................. ... ... ...........105

6.5.10 NAT ........................................................................................................................ 105

6.5.11 HTTP Redirect ........................................................................................................ 106

6.5.12 ALG ........................................................................................................................ 107

6.5.13 Auth. Policy ............................................................................................................107

6.5.14 Firewall ................................................................................................................... 107

6.5.15 IPSec VPN ............................................................................................................. 108

6.5.16 SSL VPN ................................................................................................................ 108

6.5.17 L2TP VPN .............................................................................................................. 109

6.5.18 Application Patrol ...................................................................................................109

6.5.19 Anti-Virus .................................................................................................................110

6.5.20 IDP ..........................................................................................................................110

6.5.21 ADP .........................................................................................................................110

6.5.22 Content Filter ...........................................................................................................110

6.5.23 Anti-Spam ................................................................................................................111

6.5.24 Device HA ...............................................................................................................111

6.6 Objects ............................................ ... ... .... ............................................. ... ... .... ... ...............112

6.6.1 User/Group ....................... ... ... ............................................. ... .... ... ... ... ......................112

6.7 System ............. ............................................. ... ... .... ............................................. ...............113

6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .... ... ... ... .... .. 113

6.7.2 Logs and Reports ......................................................................................................114

6.7.3 File Manager ................ .... ... ... ... ... .... ... ... ... .............................................. ... ... ... ... .... ..114

6.7.4 Diagnostics ................ ... .... ... ... ... ... .............................................. ... ... ... ......................114

6.7.5 Shutdown ............ ... ... ... .... ... ... ............................................. ... .... ... ... ... ......................114

Chapter 7

Tutorials................................................................................................................................117

7.1 How to Configure Interfaces, Port Grouping, and Zones . .... ... ............................................ 117

7.1.1 Configure a WAN Ethernet Interface ............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ..118

ZyWALL USG 300 User’s Guide

13

Table of Contents

7.1.2 Configure Zones ........................... .... ... ... ... .............................................. ... ... ... ... .... ..118

7.1.3 Configure Port Grouping ...........................................................................................119

7.2 How to Configure a Cellular Interface . ... .... ... ... ... .... ... ... ... .... .............................................. 120

7.3 How to Configure Load Balancing ..................................................................................... 122

7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 123

7.3.2 Configure the WAN Trunk ........................................................................................ 124

7.4 How to Set Up a Wireless LAN .......................................................................................... 125

7.4.1 Set Up User Accounts .............................................................................................. 125

7.4.2 Create the WLAN Interface ....... ... .... ... ................................................ ..................... 126

7.4.3 Set Up the Wireless Clients to Use the WLAN Interface .......................................... 129

7.5 How to Set Up an IPSec VPN Tunnel ................................................................................ 141

7.5.1 Set Up the VPN Gateway ......................................................................................... 142

7.5.2 Set Up the VPN Connection ..................................................................................... 142

7.5.3 Configure Security Policies for the VPN Tunnel ...................................... ................. 144

7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 144

7.7 How to Configure User-aware Access Control .................................................................. 146

7.7.1 Set Up User Accounts .............................................................................................. 147

7.7.2 Set Up User Groups ................................................................................................. 148

7.7.3 Set Up User Authentication Using the RADIUS Server ............................. ... ... ... .....148

7.7.4 Web Surfing Policies With Bandwidth Restrictions .................................................. 150

7.7.5 Set Up MSN Policies ................................................................................................ 153

7.7.6 Set Up Firewall Rules ............................................................................................... 154

7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 155

7.9 How to Use Endpoint Security and Authentication Policies ............................................... 157

7.9.1 Configure the Endpoint Security Objects .................................................................157

7.9.2 Configure the Authentication Policy ......................................................................... 159

7.10 How to Configure Service Control ................................................................................... 160

7.10.1 Allow HTTPS Administrator Access Only From the LAN ....................................... 161

7.11 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................ 163

7.11.1 Turn On the ALG .................................................................................................... 164

7.11.2 Set Up a NAT Policy For H.323 .............................................................................. 164

7.11.3 Set Up a Firewall Rule For H.323 ........................................................................... 166

7.12 How to Allow Public Access to a Web Server ............................. ... ....... ...... ....... ...... ....... . 167

7.12.1 Create the Address Objects ...................................................................................168

7.12.2 Configure NAT ........................................................................................................ 168

7.12.3 Set Up a Firewall Rule ........................................................................................... 169

7.13 How to Use an IPPBX on the DMZ ................................ .... ... ... ... ... .... ... ........................... 170

7.13.1 Turn On the ALG .................................................................................................... 172

7.13.2 Create the Address Objects ...................................................................................172

7.13.3 Setup a NAT Policy for the IPPBX ......................................................................... 173

7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP .........................................................174

7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP ........................................................... 175

7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ............... 176

14

ZyWALL USG 300 User’s Guide

Table of Contents

7.14.1 Create the Public IP Address Range Object ............ .............................................. 176

7.14.2 Configure the Policy Route .................................................................................... 177

7.15 How to Use Active-Passive Device HA ........................................................................... 177

7.15.1 Before You Start ..................................................................................................... 178

7.15.2 Configure Device HA on the Master ZyWALL ........................................................179

7.15.3 Configure the Backup ZyWALL .............................................................................. 181

7.15.4 Deploy the Backup ZyWALL .................................................................................. 183

7.15.5 Check Your Device HA Setup ................................................................................ 183

Chapter 8

L2TP VPN Example...............................................................................................................185

8.1 L2TP VPN Example ...........................................................................................................185

8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 185

8.3 Configuring the Default L2TP VPN Connection Example .................................................. 187

8.4 Configuring the L2TP VPN Settings Example ...................................................................188

8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 ..................................................... 189

8.5.1 Configuring L2TP in Windows Vista ......................................................................... 189

8.5.2 Configuring L2TP in Windows XP ............................................................................ 199

8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 205

Part II: Technical Reference................................................................ 223

Chapter 9

Dashboard............................................................................................................................225

9.1 Overview ............. ............................................. ... .... ... ... ... .................................................. 225

9.1.1 What Yo u Can Do in this Chapter ............................................................................ 225

9.2 The Dashboard Screen ..................................................................................................... 225

9.2.1 The CPU Usage Screen ........................................................................................... 232

9.2.2 The Memory Usage Screen ............. ... ... ... .... ... ... ... .... ... ... ... ... .................................. 233

9.2.3 The Session Usage Screen .......................................................... ........................... 234

9.2.4 The VPN Status Screen ...... ... ............................................. ... .... ... ... ... .... ... .............. 235

9.2.5 The DHCP Table Screen ..........................................................................................235

9.2.6 The Number of Login Users Screen .............................. ... ... ..................................... 236

Chapter 10

Monitor..................................................................................................................................239

10.1 Overview .......................................................................................................................... 239

10.1.1 What You Can Do in this Chapter .......................................................................... 239

10.2 The Port Statistics Screen .............................................................................................. 240

10.2.1 The Port Statistics Graph Screen .......................................................................... 242

10.3 Interface Status Screen ...................................................................................................243

ZyWALL USG 300 User’s Guide

15

Table of Contents

10.4 The Traffic Statistics Screen ............................................................................................ 247

10.5 The Session Monitor Screen .......................................................................................... 250

10.6 The DDNS Status Screen ................................................................................................252

10.7 IP/MAC Binding Monitor .................................................................................................. 253

10.8 The Login Users Screen ................................................................................... ... ... ... .... . 254

10.9 WLAN Interface Station Monitor Screen .......................................................................... 255

10.10 Cellular Status Screen ...................................................................................................256

10.11 USB Storage Screen ..................................................................................................... 258

10.12 Application Patrol Statistics ........................................................................................... 259

10.12.1 Application Patrol Statistics: General Setup ......................................................... 259

10.12.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 260

10.12.3 Application Patrol Statistics: Protocol Statistics ................................................... 261

10.12.4 Application Patrol Statistics: Individual Protocol Statistics by Rule .....................262

10.13 The IPSec Monitor Screen ........................................................................................... 263

10.13.1 Regular Expressions in Searching IPSec SAs ..................................................... 265

10.14 The SSL Connection Monitor Screen ............................................................................ 266

10.15 L2TP over IPSec Session Monitor Screen .................................................................... 267

10.16 The Anti-Virus Statistics Screen .................................................................................... 268

10.17 The IDP Statistics Screen .............................................................................................. 270

10.18 The Content Filter Statistics Screen ..............................................................................272

10.19 Content Filter Cache Screen ......................................................................................... 273

10.20 The Anti-Spam Statistics Screen ................................................................................... 276

10.21 The Anti-Spam Status Screen ....................................................................................... 278

10.22 Log Screen .................................................................................................................... 279

Chapter 11

Registration...........................................................................................................................283

11.1 Overview .......................................................................................................................... 283

11.1.1 What You Can Do in this Chapter ......................... .... ... ... ... ... .... ... ... ........................ 283

11.1.2 What you Need to Know .........................................................................................283

11.2 The Registration Screen .................................................................................................. 285

11.3 The Service Screen ......................................................................................................... 287

Chapter 12

Signature Update..................................................................................................................289

12.1 Overview .......................................................................................................................... 289

12.1.1 What You Can Do in this Chapter .......................................................................... 289

12.1.2 What you Need to Know ........................................................................................ 289

12.2 The Antivirus Update Screen ........................................................................................... 290

12.3 The IDP/AppPatrol Update Screen .................................................................................. 291

12.4 The System Protect Update Screen ............................................................................... 293

Chapter 13

Interfaces...............................................................................................................................295

16

ZyWALL USG 300 User’s Guide

Table of Contents

13.1 Interface Overview ........................................................................................................... 295

13.1.1 What You Can Do in this Chapter .......................................................................... 295

13.1.2 What You Need to Know ........................................................................................ 296

13.2 Port Grouping ................................................................................................................. 299

13.2.1 Port Grouping Overview .................... .......................................... ........................... 299

13.2.2 Port Grouping Screen ............................................................................................ 299

13.3 Ethernet Summary Screen .............................................................................................. 300

13.3.1 Ethernet Edit .........................................................................................................302

13.3.2 Object References ................................................................................................. 309

13.4 PPP Interfaces ................................................................................................................ 310

13.4.1 PPP Interface Summary ..........................................................................................311

13.4.2 PPP Interface Add or Edit ..................................................................................... 313

13.5 Cellular Configuration Screen (3G) ................................................................................. 317

13.5.1 Cellular Add/Edit Screen ......................... ............................................................... 319

13.6 WLAN Interface General Screen ..................................................................................... 326

13.6.1 WLAN Add/Edit Screen .. ... ... ... ... .... ... ... .................................................................. 329

13.6.2 WLAN Add/Edit: WEP Security ...................... ........................................................ 335

13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security ...................................................336

13.6.4 WLAN Add/Edit: WPA/WPA2 Security ................................................................... 337

13.7 WLAN Interface MAC Filter ............................................................................................ 339

13.8 VLAN Interfaces ............................................................................................................. 341

13.8.1 VLAN Summary Screen ............. .... ... ..................................................................... 343

13.8.2 VLAN Add/Edit ...................................................................................................... 344

13.9 Bridge Interfaces ............................................................................................................ 351

13.9.1 Bridge Summary ....................................................................................................353

13.9.2 Bridge Add/Edit .....................................................................................................354

13.10 Auxiliary Interface ......................................................................................................... 360

13.10.1 Auxiliary Interface Overview ................................................................................. 360

13.10.2 Auxiliary ................................................................................................................ 360

13.11 Virtual Interfaces ............ ... .............................................. ... ... ... ... .... .............................. 362

13.11.1 Virtual Interfaces Add/Edit ..................... .... ... ... ... .... ... ... ... ... .... .............................. 363

13.12 Interface Technical Reference ....................................................................................... 364

Chapter 14

Trunks...................................................................................................................................369

14.1 Overview .......................................................................................................................... 369

14.1.1 What You Can Do in this Chapter .......................................................................... 369

14.1.2 What You Need to Know ........................................................................................ 370

14.2 The Trunk Summary Screen ................................................. ... ... ... .... ... ... ... .... ... ... ... ... .....374

14.3 Configuring a Trunk ........................................................................................................ 375

14.4 Trunk Technical Reference ..............................................................................................377

Chapter 15

Policy and Static Routes......................................................................................................379

ZyWALL USG 300 User’s Guide

17

Table of Contents

15.1 Policy and Static Routes Overview .................................................................................. 379

15.1.1 What You Can Do in this Chapter .......................................................................... 379

15.1.2 What You Need to Know ....................................................................................... 380

15.2 Policy Route Screen ........................................................................................................ 382

15.2.1 Policy Route Edit Screen ....................................................................................... 385

15.3 IP Static Route Screen ....................................................................................................389

15.3.1 Static Route Add/Edit Screen ................................................................................. 390

15.4 Policy Routing Technical Reference ................................................................................ 391

Chapter 16

Routing Protocols .................................................................................................................395

16.1 Routing Protocols Overview ............................................................................................ 395

16.1.1 What You Can Do in this Chapter .......................................................................... 395

16.1.2 What You Need to Know ........................................................................................ 395

16.2 The RIP Screen ... ... .... ... ... ... .... ................................................ ........................................ 396

16.3 The OSPF Screen ......... ... ... .... ... ... ... ... .... ... ................................................ .... .................397

16.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 401

16.3.2 OSPF Area Add/Edit Screen .................................................................................404

16.3.3 Virtual Link Add/Edit Screen ................................................................................. 405

16.4 Routing Protocol Technical Reference ............................................................................ 406

Chapter 17

Zones .....................................................................................................................................409

17.1 Zones Overview ............................................................................................................... 409

17.1.1 What You Can Do in this Chapter .......................................................................... 409

17.1.2 What You Need to Know ........................................................................................ 410

17.2 The Zone Screen .................................................................................. ... .........................411

17.3 Zone Edit ........................................................................................................................ 412

Chapter 18

DDNS......................................................................................................................................413

18.1 DDNS Overview .............................................................................................................. 413

18.1.1 What You Can Do in this Chapter .......................................................................... 413

18.1.2 What You Need to Know ........................................................................................ 413

18.2 The DDNS Screen ...........................................................................................................414

18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 416

Chapter 19

NAT.........................................................................................................................................419

19.1 NAT Overview .................................................................................................................. 419

19.1.1 What You Can Do in this Chapter .......................................................................... 419

19.1.2 What You Need to Know ........................................................................................ 420

19.2 The NAT Screen ............................ ... ... .... ... ... ... .... ... ... ... .... .............................................. 420

18

ZyWALL USG 300 User’s Guide

Table of Contents

19.2.1 The NAT Add/Edit Screen . ... ... ... .... ........................................................................ 422

19.3 NAT Technical Reference ................................................................................................ 425

Chapter 20

HTTP Redirect......................................................................................................................429

20.1 Overview .......................................................................................................................... 429

20.1.1 What You Can Do in this Chapter .......................................................................... 429

20.1.2 What You Need to Know ........................................................................................ 430

20.2 The HTTP Redirect Screen ............................................................................................. 431

20.2.1 The HTTP Redirect Edit Screen ............................................................................. 432

Chapter 21

ALG ........................................................................................................................................435

21.1 ALG Overview ................................................................................................................. 435

21.1.1 What You Can Do in this Chapter .......................................................................... 435

21.1.2 What You Need to Know ........................................................................................ 436

21.1.3 Before You Begin ................................................................................................... 439

21.2 The ALG Screen ..............................................................................................................439

21.3 ALG Technical Reference ................................................................................................ 441

Chapter 22

IP/MAC Binding....................................................................................................................443

22.1 IP/MAC Binding Overview ............................................................................................... 443

22.1.1 What You Can Do in this Chapter .......................................................................... 443

22.1.2 What You Need to Know ........................................................................................ 444

22.2 IP/MAC Binding Summary ............................................................................................... 444

22.2.1 IP/MAC Binding Edit ............................................................................................... 445

22.2.2 Static DHCP Edit .................................................................................................... 446

22.3 IP/MAC Binding Exempt List ........................................................................................... 447

Chapter 23

Authentication Policy...........................................................................................................449

23.1 Overview .......................................................................................................................... 449

23.1.1 What You Can Do in this Chapter .......................................................................... 449

23.1.2 What You Need to Know ........................................................................................ 450

23.2 Authentication Policy Screen ........................................................................................... 450

23.2.1 Adding Exceptional Services .................................................................................. 452

23.2.2 Creating/Editing an Authentication Policy .............................................................. 453

Chapter 24

Firewall...................................................................................................................................457

24.1 Overview .......................................................................................................................... 457

24.1.1 What You Can Do in this Chapter .......................................................................... 457

ZyWALL USG 300 User’s Guide

19

Table of Contents

24.1.2 What You Need to Know ........................................................................................ 458

24.1.3 Firewall Rule Example Applications ....................................................................... 460

24.1.4 Firewall Rule Configuration Example ..................................................................... 463

24.2 The Firewall Screen ................. ... ... ... ... ................................................. ... ........................ 465

24.2.1 Configuring the Firewall Screen ............................... .............................................. 466

24.2.2 The Firewall Add/Edit Screen ................................................................................. 469

24.3 The Session Limit Screen ................................................................................................ 470

24.3.1 The Session Limit Add/Edit Screen ........................................................................ 472

Chapter 25

IPSec VPN..............................................................................................................................475

25.1 IPSec VPN Overview .......................................................................................................475

25.1.1 What You Can Do in this Chapter .......................................................................... 475

25.1.2 What You Need to Know ........................................................................................ 476

25.1.3 Before You Begin ................................................................................................... 478

25.2 The VPN Connection Screen .......................................................................................... 478

25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 480

25.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 487

25.3 The VPN Gateway Screen .............................................................................................. 490

25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 491

25.4 VPN Concentrator ..........................................................................................................499

25.4.1 IPSec VPN Concentrator Example ........................................................................ 499

25.4.2 VPN Concentrator Screen ...................................................................................... 502

25.4.3 The VPN Concentrator Add/Edit Screen .............................. .... ... ... ... .... ... ... ........... 5 02

25.5 IPSec VPN Background Information ............................................................................... 503

Chapter 26

SSL VPN.................................................................................................................................517

26.1 Overview .......................................................................................................................... 517

26.1.1 What You Can Do in this Chapter .......................................................................... 517

26.1.2 What You Need to Know ........................................................................................ 517

26.2 The SSL Access Privilege Screen ................................................................................... 520

26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 522

26.3 The SSL Global Setting Screen .................. ... ... .... ................................................ ... ... .... . 524

26.3.1 How to Upload a Custom Logo .............................................................................. 526

26.4 Establishing an SSL VPN Connection ............................................................................. 527

Chapter 27

SSL User Screens.................................................................................................................531

27.1 Overview .......................................................................................................................... 531

27.1.1 What You Need to Know ........................................................................................ 531

27.2 Remote User Login ..........................................................................................................532

27.3 The SSL VPN User Screens ................................................ ... ... ... .... ... ... ... .... ... ... ... ........537

20

ZyWALL USG 300 User’s Guide

Table of Contents

27.4 Bookmarking the ZyWALL ............................................................................................... 538

27.5 Logging Out of the SSL VPN User Screens .................................................................... 538

Chapter 28

SSL User Application Screens ............................................................................................541

28.1 SSL User Application Screens Overview ........................................................................ 541

28.2 The Application Screen ...................................................................................................541

Chapter 29

SSL User File Sharing ..........................................................................................................543

29.1 Overview .......................................................................................................................... 543

29.1.1 What You Need to Know ........................................................................................ 543

29.2 The Main File Sharing Screen ......................................................................................... 544

29.3 Opening a File or Folder ................................... ....................................................... ........544

29.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 546

29.3.2 Saving a File ..........................................................................................................547

29.4 Creating a New Folder ......................... ....................... ....................... ...................... ........547

29.5 Renaming a File or Folder ............................................................................................... 548

29.6 Deleting a File or Folder ..................................................................................................548

29.7 Uploading a File ............................. ....................... ...................... ....................... .............. 549

Chapter 30

ZyWALL SecuExtender.........................................................................................................551

30.1 The ZyWALL SecuExtender Icon .................................................................................... 551

30.2 Statistics .......................................................................................................................... 552

30.3 View Log ..........................................................................................................................553

30.4 Suspend and Resume the Connection ....................... ..................................................... 553

30.5 Stop the Connection ........................................................................................................ 554

30.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 554

Chapter 31

L2TP VPN...............................................................................................................................555

31.1 Overview .......................................................................................................................... 555

31.1.1 What You Can Do in this Chapter .......................................................................... 555

31.1.2 What You Need to Know ........................................................................................ 555

31.2 L2TP VPN Screen ......... ... ... .... ... ... ... ... .... ... ................................................ .... .................557

Chapter 32

Application Patrol.................................................................................................................559

32.1 Overview .......................................................................................................................... 559

32.1.1 What You Can Do in this Chapter .......................................................................... 559

32.1.2 What You Need to Know ....................................................................................... 560

32.1.3 Application Patrol Bandwidth Management Examples ........................................... 565

ZyWALL USG 300 User’s Guide

21

Table of Contents

32.2 Application Patrol General Screen ..................................................................................569

32.3 Application Patrol Applications ........................................................................................ 570

32.3.1 The Application Patrol Edit Screen ........................................................................ 571

32.3.2 The Application Patrol Policy Edit Screen ............................................................. 575

32.4 The Other Applications Screen ........................................................................................ 578

32.4.1 The Other Applications Add/Edit Screen ................................................................ 581

Chapter 33

Anti-Virus...............................................................................................................................585

33.1 Overview .......................................................................................................................... 585

33.1.1 What You Can Do in this Chapter .......................................................................... 585

33.1.2 What You Need to Know ........................................................................................ 586

33.1.3 Before You Begin ................................................................................................... 588

33.2 Anti-Virus Summary Screen ....... ... ... ... .... ... ... ... .... ... ... ................................................ .... . 588

33.2.1 Anti-Virus Policy Add or Edit Screen ......................................................................591

33.3 Anti-Virus Black List .........................................................................................................593

33.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 594

33.5 Anti-Virus White List ... ... ... ... ................................................. ... ........................................ 595

33.6 Signature Searching ........................................................................................................ 596

33.7 Anti-Virus Technical Reference ........................................................................................ 599

Chapter 34

IDP.........................................................................................................................................601

34.1 Overview .......................................................................................................................... 601

34.1.1 What You Can Do in this Chapter .......................................................................... 601

34.1.2 What You Need To Know ....................................................................................... 601

34.1.3 Before You Begin ................................................................................................... 602

34.2 The IDP General Screen .................................................................................................603

34.3 Introducing IDP Profiles ................................................................................................. 605

34.3.1 Base Profiles ..........................................................................................................606

34.4 The Profile Summary Screen .......................................................................................... 607

34.5 Creating New Profiles ...................................................................................................... 608

34.5.1 Procedure To Create a New Profile ........................................................................ 608

34.6 Profiles: Packet Inspection ............................................................................................. 609

34.6.1 Profile > Group View Screen .................................................................................. 609

34.6.2 Policy Types ........................................................................................................... 612

34.6.3 IDP Service Groups ...............................................................................................613

34.6.4 Profile > Query View Screen .................................................................................. 614

34.6.5 Query Example ...................................................................................................... 617

34.7 Introducing IDP Custom Signatures ............................................................................... 619

34.7.1 IP Packet Header ...................................................................................................619

34.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 620

34.8.1 Creating or Editing a Custom Signature ................................................................622

22

ZyWALL USG 300 User’s Guide

Table of Contents

34.8.2 Custom Signature Example ........................................... ... ..................................... 628

34.8.3 Applying Custom Signatures .................................................................................. 630

34.8.4 Verifying Custom Signatures .................................................................................. 631

34.9 IDP Technical Reference ................................................................................................. 632

Chapter 35

ADP .......................................................................................................................................637

35.1 Overview .......................................................................................................................... 637

35.1.1 ADP and IDP Comparison ..................................................................................... 637

35.1.2 What You Can Do in this Chapter ......................................................................... 637

35.1.3 What You Need To Know ....................................................................................... 637

35.1.4 Before You Begin ................................................................................................... 638

35.2 The ADP General Screen ........................ ................................................... ..................... 639

35.3 The Profile Summary Screen .......................................................................................... 640

35.3.1 Base Profiles ..........................................................................................................641

35.3.2 Configuring The ADP Profile Summary Screen ..................................................... 641

35.3.3 Creating New ADP Profiles ............................ ........................................................ 642

35.3.4 Traffic Anomaly Profiles ........................................................................................ 642

35.3.5 Protocol Anomaly Profiles .......................................................................... ... ... .... . 645

35.3.6 Protocol Anomaly Configuration ............................................................................. 645

35.4 ADP Technical Reference ................................................................................................ 649

Chapter 36

Content Filtering..................................................................................................................659

36.1 Overview .......................................................................................................................... 659

36.1.1 What You Can Do in this Chapter .......................................................................... 659

36.1.2 What You Need to Know ........................................................................................ 659

36.1.3 Before You Begin ................................................................................................... 661

36.2 Content Filter General Screen .................... ....................................................... ..............661

36.3 Content Filter Policy Add or Edit Screen ......................................................................... 664

36.4 Content Filter Profile Screen ..........................................................................................666

36.5 Content Filter Categories Screen ................................................................................... 666

36.5.1 Content Filter Blocked and Warning Messages ..................................................... 678

36.6 Content Filter Customization Screen .............................................................................. 679

36.7 Content Filter Technical Reference ................................................................................. 681

Chapter 37

Content Filter Reports..........................................................................................................683

37.1 Overview .......................................................................................................................... 683

37.2 Viewing Content Filter Reports ............................................. ........................................... 683

Chapter 38

Anti-Spam..............................................................................................................................691

ZyWALL USG 300 User’s Guide

23

Table of Contents

38.1 Overview .......................................................................................................................... 691

38.1.1 What You Can Do in this Chapter .......................................................................... 691

38.1.2 What You Need to Know ........................................................................................ 691

38.2 Before You Begin ............................................................................................................. 693

38.3 The Anti-Spam General Screen ....................................................................................... 693

38.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 695

38.4 The Anti-Spam Black List Screen .................................................................................... 697

38.4.1 The Anti-Spam Black or White List Add/Edit Screen ...................................... ... .... . 699

38.4.2 Regular Expressions in Black or White List Entries ............................................... 700

38.5 The Anti-Spam White List Screen ....................................................................................701

38.6 The DNSBL Screen ......................................................................................................... 702

38.7 Anti-Spam Technical Reference ...................................................................................... 704

Chapter 39

Device HA..............................................................................................................................709

39.1 Overview .......................................................................................................................... 709

39.1.1 What You Can Do in this Chapter .......................................................................... 709

39.1.2 What You Need to Know ........................................................................................ 709

39.1.3 Before You Begin ................................................................................................... 710

39.2 Device HA General ...........................................................................................................711

39.3 The Active-Passive Mode Screen ................................................................................... 712

39.3.1 Configuring Active-Passive Mode Device HA ........................................................ 714

39.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 717

39.5 The Legacy Mode Screen ............................................................................................... 719

39.6 Configuring the Legacy Mode Screen ............................................... ... ... ... .... ... .............. 720

39.7 Device HA Technical Reference ...................................................................................... 724

Chapter 40

User/Group............................................................................................................................731

40.1 Overview .......................................................................................................................... 731

40.1.1 What You Can Do in this Chapter .......................................................................... 731

40.1.2 What You Need To Know ....................................................................................... 731

40.2 User Summary Screen .................................................................................................... 734

40.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 734

40.3 User Group Summary Screen ......................................................................................... 737

40.3.1 Group Add/Edit Screen .......................................................................................... 738

40.4 Setting Screen ................................................................................................................ 739

40.4.1 Default User Authentication Timeout Settings Edit Screens .................................. 742

40.4.2 User Aware Login Example ............... ... ... .... ... ............................................. ... ... .... . 744

40.5 User /Group Technical Reference ................................................................................... 745

Chapter 41

Addresses.............................................................................................................................747

24

ZyWALL USG 300 User’s Guide

Table of Contents

41.1 Overview .......................................................................................................................... 747

41.1.1 What You Can Do in this Chapter .......................................................................... 747

41.1.2 What You Need To Know ....................................................................................... 747

41.2 Address Summary Screen ....................... ........................................................................ 747

41.2.1 Address Add/Edit Screen ....................................................................................... 749

41.3 Address Group Summary Screen ............................... ....................... ......................... ..... 750

41.3.1 Address Group Add/Edit Screen ............................................................................ 751

Chapter 42

Services.................................................................................................................................753

42.1 Overview .......................................................................................................................... 753

42.1.1 What You Can Do in this Chapter .......................................................................... 753

42.1.2 What You Need to Know ........................................................................................ 753

42.2 The Service Summary Screen ....................... .......................... .......................... .............. 754

42.2.1 The Service Add/Edit Screen ............................ ..................................................... 756

42.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... ................. 756

42.3.1 The Service Group Add/Edit Screen ...................................................................... 758

Chapter 43

Schedules..............................................................................................................................759

43.1 Overview .......................................................................................................................... 759

43.1.1 What You Can Do in this Chapter .......................................................................... 759

43.1.2 What You Need to Know ........................................................................................ 759

43.2 The Schedule Summary Screen ...................................................................................... 760

43.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 761

43.2.2 The Recurring Schedule Add/Edit Screen ............................................... ... ... ... .... . 762

Chapter 44

AAA Server...........................................................................................................................765

44.1 Overview .......................................................................................................................... 765

44.1.1 Directory Service (AD/LDAP) ................................................................ ................. 765

44.1.2 RADIUS Server ...................................................................................................... 766

44.1.3 ASAS ......................................................................................................................766

44.1.4 What You Can Do in this Chapter .......................................................................... 766

44.1.5 What You Need To Know ....................................................................................... 767

44.2 Active Directory or LDAP Server Summary ..................................................................... 769

44.2.1 Adding an Active Directory or LDAP Server ............. ............ ............. ............. ........ 769

44.3 RADIUS Server Summary ............................................................................................... 771

44.3.1 Adding a RADIUS Server ...................................................................................... 773

Chapter 45

Authentication Method.........................................................................................................775

45.1 Overview .......................................................................................................................... 775

ZyWALL USG 300 User’s Guide

25

Table of Contents

45.1.1 What You Can Do in this Chapter .......................................................................... 775

45.1.2 Before You Begin ................................................................................................... 775

45.1.3 Example: Selecting a VPN Authentication Method ................................................ 775

45.2 Authentication Method Objects ...................................... .................................... .............. 776

45.2.1 Creating an Authentication Method Object ........................................... ... ... ... ... .... . 777

Chapter 46

Certificates ............................................................................................................................781

46.1 Overview .......................................................................................................................... 781

46.1.1 What You Can Do in this Chapter .......................................................................... 781

46.1.2 What You Need to Know ........................................................................................ 781

46.1.3 Verifying a Certificate ............................................................................................. 783

46.2 The My Certificates Screen ............................................................................................. 785

46.2.1 The My Certificates Add Screen ............................................................................ 786

46.2.2 The My Certificates Edit Screen ........... ............................................. .... ... ... ... ... .....791

46.2.3 The My Certificates Import Screen ........................................................................ 794

46.3 The Trusted Certificates Screen ..................................................................................... 795

46.3.1 The Trusted Certificates Edit Screen .................................................................... 796

46.3.2 The Trusted Certificates Import Screen ................................................................800

46.4 Certificates Technical Reference .....................................................................................801

Chapter 47

ISP Accounts.........................................................................................................................803

47.1 Overview .......................................................................................................................... 803

47.1.1 What You Can Do in this Chapter .......................................................................... 803

47.2 ISP Account Summary .................................................................................................... 803

47.2.1 ISP Account Edit ................................................................................................... 804

Chapter 48

SSL Application ....................................................................................................................807

48.1 Overview .......................................................................................................................... 807

48.1.1 What You Can Do in this Chapter .......................................................................... 807

48.1.2 What You Need to Know ........................................................................................ 807

48.1.3 Example: Specifying a Web Site for Access .......................................................... 808

48.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 809

48.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 810

48.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 812

Chapter 49

Endpoint Security.................................................................................................................815

26

49.1 Overview .......................................................................................................................... 815

49.1.1 What You Can Do in this Chapter .......................................................................... 816

49.1.2 What You Need to Know ........................................................................................ 816

ZyWALL USG 300 User’s Guide

Table of Contents

49.2 Endpoint Security Screen .... .... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... .............. 817

49.3 Endpoint Security Add/Edit .............................................................................................. 819

Chapter 50

System.................................................................................................................................825

50.1 Overview .......................................................................................................................... 825

50.1.1 What You Can Do in this Chapter .......................................................................... 825

50.2 Host Name ....................................................................................................................... 826

50.3 USB Storage .................................................................................................................... 827

50.4 Date and Time ................................................................................................................ 828

50.4.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 830

50.4.2 Time Server Synchronization ................................................................................. 831

50.5 Console Port Speed ......................................................................................................... 832

50.6 DNS Overview .................................................................................................................832

50.6.1 DNS Server Address Assignment ..........................................................................833

50.6.2 Configuring the DNS Screen ................................ .......................................... ........ 8 33

50.6.3 Address Record .................................................................................................... 836

50.6.4 PTR Record ........................................................................................................... 836

50.6.5 Adding an Address/PTR Record ............................................................................836

50.6.6 Domain Zone Forwarder ........ ... .... ... ... ............................................. .... ... ... ........... 837

50.6.7 Adding a Domain Zone Forwarder ................................. ........................................ 837

50.6.8 MX Record ............................................................................................................ 838

50.6.9 Adding a MX Record ..............................................................................................839

50.6.10 Adding a DNS Service Control Rule ................................................................... . 839

50.7 WWW Overview ..............................................................................................................840

50.7.1 Service Access Limitations .................................................................................... 841

50.7.2 System Timeout .....................................................................................................841

50.7.3 HTTPS ...................................................................................................................841

50.7.4 Configuring WWW Service Control ........................................................................ 842

50.7.5 Service Control Rules ............................................................................................ 846

50.7.6 Customizing the WWW Login Page ....................................................................... 846

50.7.7 HTTPS Example ....................................................................................................850

50.8 SSH ..............................................................................................................................857

50.8.1 How SSH Works ......................................................... ... ... ... .... ... ... ........................ 858

50.8.2 SSH Implementation on the ZyWALL ..................................................................... 859

50.8.3 Requirements for Using SSH .................................................................................859

50.8.4 Configuring SSH ....................................................................................................859

50.8.5 Secure Telnet Using SSH Examples ...................................................................... 861

50.9 Telnet .............................................................................................................................. 862

50.9.1 Configuring Telnet .................................................................................................. 863

50.10 FTP ...............................................................................................................................864

50.10.1 Configuring FTP ...................................................................................................864

50.11 SNMP .................................... ... ... ... ... .... ............................................. ... ... .... ... ... ...........866

ZyWALL USG 300 User’s Guide

27

Table of Contents

50.11.1 Supported MIBs ............ ... ... ... ... .... ... ............................................. ... .... ... ... ... ... .... . 868

50.11.2 SNMP Traps ....................... ... ... .... ... ... ... .... ... ... ............................................. ... .... . 868

50.11.3 Configuring SNMP ........... ... ... ... .... ... ... ............................................. .... ... ... ... ... .... . 868

50.12 Dial-in Management ......................................................................................................870

50.12.1 Configuring Dial-in Mgmt ...................................................................................... 871

50.13 Vantage CNM ...............................................................................................................872

50.13.1 Configuring Vantage CNM ................................................................................... 873

50.14 Language Screen .........................................................................................................875

Chapter 51

Log and Report ...................................................................................................................877

51.1 Overview .......................................................................................................................... 877

51.1.1 What You Can Do In this Chapter .......................................................................... 877

51.2 Email Daily Report ..........................................................................................................877

51.3 Log Setting Screens ....................................................................................................... 879

51.3.1 Log Setting Summary ............................................................................................. 880

51.3.2 Edit System Log Settings ...................................................................................... 881

51.3.3 Edit Log on USB Storage Setting .. ... ... ... .... ... ... ... ............................................. .... . 886

51.3.4 Edit Remote Server Log Settings ..........................................................................888

51.3.5 Active Log Summary Screen ................................ ............. .......... ............. ............. . 890

Chapter 52

File Manager.........................................................................................................................893

52.1 Overview .......................................................................................................................... 893

52.1.1 What You Can Do in this Chapter .......................................................................... 893

52.1.2 What you Need to Know ........................................................................................ 893

52.2 The Configuration File Screen .............................. ...................................................... .....896

52.3 The Firmware Package Screen ...................................................................................... 900

52.4 The Shell Script Screen .......................... ....................................................... .................902

Chapter 53

Diagnostics...........................................................................................................................905

53.1 Overview .......................................................................................................................... 905

53.1.1 What You Can Do in this Chapter .......................................................................... 905

53.2 The Diagnostic Screen ....................................................................................................905

53.2.1 The Diagnostics Files Screen ................................................................................ 906

53.3 The Packet Capture Screen ............................................................................................ 907

53.3.1 The Packet Capture Files Screen .......................................................................... 910

53.3.2 Example of Viewing a Packet Capture File .......................... .... ... ... .........................911

53.4 Core Dump Screen ..........................................................................................................912

53.4.1 Core Dump Files Screen ......................... .......................................... ..................... 912

53.5 The System Log Screen .................................................................................................. 913

28

ZyWALL USG 300 User’s Guide

Table of Contents

Chapter 54

Reboot....................................................................................................................................915

54.1 Overview .......................................................................................................................... 915

54.1.1 What You Need To Know ....................................................................................... 915

54.2 The Reboot Screen .........................................................................................................915

Chapter 55

Shutdown...............................................................................................................................917

55.1 Overview .......................................................................................................................... 917

55.1.1 What You Need To Know ....................................................................................... 917

55.2 The Shutdown Screen ..................................................................................................... 917

Chapter 56

Troubleshooting....................................................................................................................919

56.1 Resetting the ZyWALL .....................................................................................................936

56.2 Getting More Troubleshooting Help ................................................................................. 937

Chapter 57

Product Specifications.........................................................................................................939

57.1 3G PCMCIA Card Installation .................................. ........................................................ 945

Appendix A Log Descriptions...............................................................................................947

Appendix B Common Services...........................................................................................1009

Appendix C Displaying Anti-Virus Alert Messages in Windows..........................................1013

Appendix D Importing Certificates......................................................................................1019

Appendix E Wireless LANs ................................................................................................1045

Appendix F Open Software Announcements.....................................................................1061

Appendix G Legal Information............................................................................................ 1119

Index.....................................................................................................................................1123

ZyWALL USG 300 User’s Guide

29

Table of Contents

30

ZyWALL USG 300 User’s Guide