ZyXEL ZyWall 110, USG60, USG60W, ZyWall 310, USG110 User Manual

...

Quick Start Guide

ZyWALL/USG Series

ZyWALL 110 / 310 / 1100

USG40 / USG40W / USG60 / USG60W / USG110 / USG210 / USG310 / USG1100 / USG1900

Security Firewalls

Version 4.11 Edition 1, 03/2015

User’s Guide

Default Login Details

LAN Port IP Address https://192.168.1.1 User Name admin Password 1234

www.zyxel.com

IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.

Related Documentation

•Quick Start Guide The Quick Start Guide shows how to connect the ZyWALL/USG and access the Web Configurator

wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.

• CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the

ZyWALL/USG.

Note: It is recommended you use the Web Configurator to configure the ZyWALL/USG.

• Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary

information.

ZyWALL/USG Series User’s Guide

Part I: User’s Guide .........................................................................................19

Chapter 1

Introduction.........................................................................................................................................21

1.1 Overview ........................................................................................................................................... 21

1.1.1 Applications .............................................................................................................................21

1.2 Management Overview .....................................................................................................................24

1.3 Web Configurator ..............................................................................................................................25

1.3.1 Web Configurator Access ........................................................................................................25

1.3.2 Web Configurator Screens Overview ......................................................................................28

1.3.3 Navigation Panel .....................................................................................................................31

1.3.4 Tables and Lists .......................................................................................................................38

Chapter 2

Installation Setup Wizard...................................................................................................................41

2.1 Installation Setup Wizard Screens ...................................................................................................41

2.1.1 Internet Access Setup - WAN Interface ..................................................................................41

2.1.2 Internet Access: Ethernet .......................................................................................................42

2.1.3 Internet Access: PPPoE ..........................................................................................................43

2.1.4 Internet Access: PPTP ...........................................................................................................45

2.1.5 Internet Access Setup - Second WAN Interface ......................................................................46

2.1.6 Internet Access Succeed ........................................................................................................ 47

2.1.7 Wireless Settings: AP Controller ............................................................................................ 47

2.1.8 Wireless Settings: SSID & Security ........................................................................................48

2.1.9 Internet Access - Device Registration ....................................................................................49

Chapter 3

Hardware, Interfaces and Zones .......................................................................................................50

3.1 Overview ........................................................................................................................................... 50

3.1.1 Front Panels ............................................................................................................................50

3.1.2 Rear Panels .............................................................................................................................51

3.1.3 Default Zones, Interfaces, and Ports .......................................................................................52

3.2 Mounting ........................................................................................................................................... 54

3.2.1 Rack-mounting ........................................................................................................................54

3.2.2 Wall-mounting .......................................................................................................................... 55

3.3 Stopping the ZyWALL/USG ..............................................................................................................55

Chapter 4

Quick Setup Wizards..........................................................................................................................56

4.1 Quick Setup Overview .......................................................................................................................56

4.2 WAN Interface Quick Setup ..............................................................................................................57

4.2.1 Choose an Ethernet Interface .................................................................................................. 57

4.2.2 Select WAN Type .....................................................................................................................58

ZyWALL/USG Series User’s Guide

4.2.3 Configure WAN IP Settings .....................................................................................................58

4.2.4 ISP and WAN and ISP Connection Settings ............................................................................59

4.2.5 Quick Setup Interface Wizard: Summary ................................................................................61

4.3 VPN Setup Wizard ............................................................................................................................ 62

4.3.1 Welcome .................................................................................................................................. 63

4.3.2 VPN Setup Wizard: Wizard Type .............................................................................................64

4.3.3 VPN Express Wizard - Scenario .............................................................................................64

4.3.4 VPN Express Wizard - Configuration .....................................................................................66

4.3.5 VPN Express Wizard - Summary ...........................................................................................66

4.3.6 VPN Express Wizard - Finish .................................................................................................67

4.3.7 VPN Advanced Wizard - Scenario .........................................................................................68

4.3.8 VPN Advanced Wizard - Phase 1 Settings ............................................................................. 69

4.3.9 VPN Advanced Wizard - Phase 2 ...........................................................................................71

4.3.10 VPN Advanced Wizard - Summary ......................................................................................72

4.3.11 VPN Advanced Wizard - Finish .............................................................................................72

4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ..................................................73

4.4.1 Configuration Provisioning Express Wizard - VPN Settings ...................................................74

4.4.2 Configuration Provisioning VPN Express Wizard - Configuration ..........................................75

4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary .............................76

4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ...................................77

4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ...........................78

4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings ..............79

4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 ............................81

4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ..........................81

4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish .................................83

4.5 VPN Settings for L2TP VPN Settings Wizard ...................................................................................84

4.5.1 L2TP VPN Settings ..................................................................................................................85

4.5.2 L2TP VPN Settings ..................................................................................................................86

4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary ........................................................87

4.5.4 VPN Settings for L2TP VPN Setting Wizard Completed ........................................................88

Chapter 5

Dashboard...........................................................................................................................................89

5.1 Overview ........................................................................................................................................... 89

5.1.1 What You Can Do in this Chapter ............................................................................................89

5.2 Main Dashboard Screen ...................................................................................................................89

5.2.1 Device Information Screen ......................................................................................................91

5.2.2 System Status Screen ............................................................................................................. 92

5.2.3 VPN Status Screen ..................................................................................................................93

5.2.4 DHCP Table Screen ................................................................................................................94

5.2.5 Number of Login Users Screen ...............................................................................................95

5.2.6 System Resources Screen ...................................................................................................... 96

5.2.7 CPU Usage Screen .................................................................................................................97

ZyWALL/USG Series User’s Guide

5.2.8 Memory Usage Screen ............................................................................................................98

5.2.9 Active Session Screen .............................................................................................................99

5.2.10 Extension Slot Screen .........................................................................................................100

5.2.11 Interface Status Summary Screen .......................................................................................100

5.2.12 Secured Service Status Screen ...........................................................................................102

5.2.13 Content Filter Statistics Screen ...........................................................................................103

5.2.14 Top 5 Viruses Screen ...........................................................................................................103

5.2.15 Top 5 Intrusions Screen ....................................................................................................... 104

5.2.16 Top 5 IPv4/IPv6 Security Policy Rules that Blocked Traffic Screen .....................................104

5.2.17 The Latest Alert Logs Screen ..............................................................................................105

Part II: Technical Reference.......................................................................... 106

Chapter 6

Monitor...............................................................................................................................................108

6.1 Overview .........................................................................................................................................108

6.1.1 What You Can Do in this Chapter ..........................................................................................108

6.2 The Port Statistics Screen ..............................................................................................................109

6.2.1 The Port Statistics Graph Screen ......................................................................................... 110

6.3 Interface Status Screen ................................................................................................................... 111

6.4 The Traffic Statistics Screen ............................................................................................................ 114

6.5 The Session Monitor Screen .......................................................................................................... 117

6.6 IGMP Statistics ................................................................................................................................ 118

6.7 The DDNS Status Screen ............................................................................................................... 119

6.8 IP/MAC Binding ...............................................................................................................................120

6.9 The Login Users Screen ................................................................................................................120

6.10 Cellular Status Screen ...................................................................................................................121

6.10.1 More Information ................................................................................................................. 124

6.11 The UPnP Port Status Screen ...................................................................................................... 125

6.12 USB Storage Screen ..................................................................................................................... 126

6.13 Ethernet Neighbor Screen ............................................................................................................127

6.14 Wireless .......................................................................................................................................128

6.14.1 Wireless AP Information: AP List .........................................................................................128

6.14.2 AP List More Information ...................................................................................................129

6.14.3 Wireless AP Information: Radio List ....................................................................................131

6.14.4 Radio List More Information ................................................................................................133

6.14.5 Wireless Station Info ............................................................................................................134

6.14.6 Detected Device .................................................................................................................135

6.15 The IPSec Monitor Screen ............................................................................................................136

6.15.1 Regular Expressions in Searching IPSec SAs ....................................................................137

6.16 The SSL Screen ............................................................................................................................137

ZyWALL/USG Series User’s Guide

6.17 The L2TP over IPSec Session Monitor Screen .............................................................................138

6.18 The App Patrol Screen .................................................................................................................. 139

6.19 The Content Filter Screen .............................................................................................................140

6.20 The IDP Screen ............................................................................................................................. 142

6.21 The Anti-Virus Screen ...................................................................................................................144

6.22 The Anti-Spam Screens ................................................................................................................ 145

6.22.1 Anti-Spam Report ................................................................................................................ 146

6.22.2 The Anti-Spam Status Screen .............................................................................................148

6.23 The SSL Inspection Screens ......................................................................................................... 149

6.23.1 Certificate Cache List ..........................................................................................................150

6.24 Log Screens ..................................................................................................................................152

6.24.1 View Log ..............................................................................................................................152

6.24.2 View AP Log ........................................................................................................................153

Chapter 7

Licensing...........................................................................................................................................156

7.1 Registration Overview .....................................................................................................................156

7.1.1 What you Need to Know ........................................................................................................156

7.1.2 Registration Screen ............................................................................................................... 157

7.1.3 Service Screen ......................................................................................................................157

7.2 Signature Update ............................................................................................................................158

7.2.1 What you Need to Know ........................................................................................................158

7.2.2 The Anti-Virus Update Screen ...............................................................................................158

7.2.3 The IDP/AppPatrol Update Screen ........................................................................................160

Chapter 8

Wireless.............................................................................................................................................162

8.1 Overview .........................................................................................................................................162

8.1.1 What You Can Do in this Chapter ..........................................................................................162

8.2 Controller Screen ...........................................................................................................................162

8.3 AP Management Screen ................................................................................................................163

8.3.1 Edit AP List ...........................................................................................................................164

8.3.2 AP Policy ............................................................................................................................... 165

8.4 MON Mode ......................................................................................................................................166

8.4.1 Add/Edit Rogue/Friendly List .................................................................................................168

8.5 Load Balancing ...............................................................................................................................169

8.5.1 Disassociating and Delaying Connections ............................................................................170

8.6 DCS ................................................................................................................................................171

8.7 Auto Healing ....................................................................................................................................174

8.8 Technical Reference ........................................................................................................................175

8.8.1 Dynamic Channel Selection ..................................................................................................175

8.8.2 Load Balancing ......................................................................................................................176

ZyWALL/USG Series User’s Guide

Chapter 9

Interfaces...........................................................................................................................................177

9.1 Interface Overview ..........................................................................................................................177

9.1.1 What You Can Do in this Chapter ..........................................................................................177

9.1.2 What You Need to Know ........................................................................................................178

9.1.3 What You Need to Do First ....................................................................................................182

9.2 Port Role Screen .............................................................................................................................182

9.3 Ethernet Summary Screen ..............................................................................................................183

9.3.1 Ethernet Edit .........................................................................................................................185

9.3.2 Object References .................................................................................................................201

9.3.3 Add/Edit DHCPv6 Request/Release Options ........................................................................201

9.3.4 Add/Edit DHCP Extended Options ........................................................................................202

9.4 PPP Interfaces ................................................................................................................................204

9.4.1 PPP Interface Summary ........................................................................................................204

9.4.2 PPP Interface Add or Edit .....................................................................................................205

9.5 Cellular Configuration Screen ......................................................................................................... 210

9.5.1 Cellular Choose Slot .............................................................................................................213

9.5.2 Add / Edit Cellular Configuration ...........................................................................................213

9.6 Tunnel Interfaces ............................................................................................................................219

9.6.1 Configuring a Tunnel .............................................................................................................221

9.6.2 Tunnel Add or Edit Screen .....................................................................................................222

9.7 VLAN Interfaces .............................................................................................................................226

9.7.1 VLAN Summary Screen ........................................................................................................227

9.7.2 VLAN Add/Edit ......................................................................................................................229

9.8 Bridge Interfaces ............................................................................................................................ 238

9.8.1 Bridge Summary ....................................................................................................................240

9.8.2 Bridge Add/Edit .....................................................................................................................241

9.9 Virtual Interfaces ............................................................................................................................250

9.9.1 Virtual Interfaces Add/Edit .....................................................................................................250

9.10 Interface Technical Reference .......................................................................................................252

9.11 Trunk Overview ............................................................................................................................255

9.11.1 What You Need to Know ......................................................................................................255

9.12 The Trunk Summary Screen .........................................................................................................258

9.12.1 Configuring a User-Defined Trunk .......................................................................................259

9.12.2 Configuring the System Default Trunk ................................................................................261

Chapter 10

Routing ..............................................................................................................................................263

10.1 Policy and Static Routes Overview ...............................................................................................263

10.1.1 What You Can Do in this Chapter ........................................................................................263

10.1.2 What You Need to Know .....................................................................................................264

10.2 Policy Route Screen ......................................................................................................................265

10.2.1 Policy Route Edit Screen .....................................................................................................267

ZyWALL/USG Series User’s Guide

10.3 IP Static Route Screen ..................................................................................................................272

10.3.1 Static Route Add/Edit Screen ..............................................................................................272

10.4 Policy Routing Technical Reference ..............................................................................................274

10.5 Routing Protocols Overview ......................................................................................................... 275

10.5.1 What You Need to Know ......................................................................................................275

10.6 The RIP Screen ............................................................................................................................. 275

10.7 The OSPF Screen .........................................................................................................................277

10.7.1 Configuring the OSPF Screen .............................................................................................280

10.7.2 OSPF Area Add/Edit Screen ..............................................................................................281

10.7.3 Virtual Link Add/Edit Screen ...............................................................................................283

10.8 Routing Protocol Technical Reference .......................................................................................... 284

Chapter 11

DDNS................................................................................................................................................286

11.1 DDNS Overview ............................................................................................................................286

11.1.1 What You Can Do in this Chapter ........................................................................................286

11.1.2 What You Need to Know ......................................................................................................286

11.2 The DDNS Screen .........................................................................................................................287

11.2.1 The Dynamic DNS Add/Edit Screen ....................................................................................288

Chapter 12

NAT.....................................................................................................................................................292

12.1 NAT Overview ...............................................................................................................................292

12.1.1 What You Can Do in this Chapter ........................................................................................292

12.1.2 What You Need to Know ......................................................................................................292

12.2 The NAT Screen ............................................................................................................................292

12.2.1 The NAT Add/Edit Screen ....................................................................................................294

12.3 NAT Technical Reference .............................................................................................................. 296

Chapter 13

HTTP Redirect...................................................................................................................................299

13.1 Overview ....................................................................................................................................... 299

13.1.1 What You Can Do in this Chapter ........................................................................................299

13.1.2 What You Need to Know ......................................................................................................299

13.2 The HTTP Redirect Screen ........................................................................................................... 300

13.2.1 The HTTP Redirect Edit Screen .......................................................................................... 301

Chapter 14

ALG ....................................................................................................................................................303

14.1 ALG Overview ............................................................................................................................... 303

14.1.1 What You Need to Know ......................................................................................................303

14.1.2 Before You Begin ................................................................................................................. 306

14.2 The ALG Screen ...........................................................................................................................306

ZyWALL/USG Series User’s Guide

14.3 ALG Technical Reference ............................................................................................................. 309

Chapter 15

UPnP ..................................................................................................................................................311

15.1 UPnP and NAT-PMP Overview ..................................................................................................... 311

15.2 What You Need to Know ............................................................................................................... 311

15.2.1 NAT Traversal ...................................................................................................................... 311

15.2.2 Cautions with UPnP and NAT-PMP .....................................................................................312

15.3 UPnP Screen ................................................................................................................................312

15.4 Technical Reference ......................................................................................................................313

15.4.1 Turning on UPnP in Windows 7 Example ............................................................................313

15.4.2 Using UPnP in Windows XP Example .................................................................................315

15.4.3 Web Configurator Easy Access ...........................................................................................317

Chapter 16

IP/MAC Binding.................................................................................................................................320

16.1 IP/MAC Binding Overview ............................................................................................................. 320

16.1.1 What You Can Do in this Chapter ........................................................................................320

16.1.2 What You Need to Know ......................................................................................................320

16.2 IP/MAC Binding Summary ............................................................................................................321

16.2.1 IP/MAC Binding Edit ............................................................................................................ 321

16.2.2 Static DHCP Edit ................................................................................................................. 322

16.3 IP/MAC Binding Exempt List .........................................................................................................323

Chapter 17

Layer 2 Isolation ...............................................................................................................................325

17.1 Overview ....................................................................................................................................... 325

17.1.1 What You Can Do in this Chapter ........................................................................................325

17.2 Layer-2 Isolation General Screen ................................................................................................326

17.3 White List Screen ..........................................................................................................................326

17.3.1 Add/Edit White List Rule .....................................................................................................327

Chapter 18

Inbound Load Balancing..................................................................................................................329

18.1 Inbound Load Balancing Overview ...............................................................................................329

18.1.1 What You Can Do in this Chapter ........................................................................................329

18.2 The Inbound LB Screen ................................................................................................................330

18.2.1 The Inbound LB Add/Edit Screen ........................................................................................331

18.2.2 The Inbound LB Member Add/Edit Screen ..........................................................................333

Chapter 19

Web Authentication .........................................................................................................................335

19.1 Web Auth Overview ......................................................................................................................335

ZyWALL/USG Series User’s Guide

19.1.1 What You Can Do in this Chapter ........................................................................................335

19.1.2 What You Need to Know ......................................................................................................336

19.2 Web Authentication Screen ...........................................................................................................336

19.2.1 Creating Exceptional Services .............................................................................................339

19.2.2 Creating/Editing an Authentication Policy ............................................................................339

19.3 SSO Overview ...............................................................................................................................340

19.4 SSO - ZyWALL/USG Configuration ..............................................................................................342

19.4.1 Configuration Overview .......................................................................................................342

19.4.2 Configure the ZyWALL/USG to Communicate with SSO ....................................................342

19.4.3 Enable Web Authentication .................................................................................................343

19.4.4 Create a Security Policy ......................................................................................................344

19.4.5 Configure User Information .................................................................................................345

19.4.6 Configure an Authentication Method ...................................................................................346

19.4.7 Configure Active Directory ...................................................................................................347

19.5 SSO Agent Configuration ..............................................................................................................348

Chapter 20

RTLS ..................................................................................................................................................352

20.1 Overview ....................................................................................................................................... 352

20.1.1 What You Can Do in this Chapter ........................................................................................352

20.2 Before You Begin ..........................................................................................................................353

20.3 Configuring RTLS ..........................................................................................................................353

Chapter 21

Security Policy..................................................................................................................................355

21.1 Overview ....................................................................................................................................... 355

21.1.1 What You Can Do in this Chapter ........................................................................................355

21.1.2 What You Need to Know ......................................................................................................356

21.2 The Security Policy Screen ...........................................................................................................357

21.2.1 Configuring the Security Policy Control Screen ...................................................................358

21.2.2 The Security Policy Control Add/Edit Screen ......................................................................361

21.3 Anomaly Detection and Prevention Overview ...............................................................................363

21.3.1 The Anomaly Detection and Prevention General Screen .................................................... 364

21.3.2 Creating New ADP Profiles ................................................................................................365

21.3.3 Traffic Anomaly Profiles ......................................................................................................366

21.3.4 Protocol Anomalies .............................................................................................................. 369

21.4 The Session Control Screen .........................................................................................................371

21.4.1 The Session Control Add/Edit Screen .................................................................................372

21.5 Security Policy Example Applications ...........................................................................................373

Chapter 22

IPSec VPN..........................................................................................................................................376

22.1 Virtual Private Networks (VPN) Overview .....................................................................................376

ZyWALL/USG Series User’s Guide

22.1.1 What You Can Do in this Chapter ........................................................................................378

22.1.2 What You Need to Know ......................................................................................................379

22.1.3 Before You Begin ................................................................................................................. 381

22.2 The VPN Connection Screen ........................................................................................................381

22.2.1 The VPN Connection Add/Edit (IKE) Screen .......................................................................382

22.3 The VPN Gateway Screen ............................................................................................................389

22.3.1 The VPN Gateway Add/Edit Screen .................................................................................... 390

22.4 VPN Concentrator ........................................................................................................................397

22.4.1 VPN Concentrator Requirements and Suggestions ............................................................ 397

22.4.2 VPN Concentrator Screen ...................................................................................................398

22.4.3 The VPN Concentrator Add/Edit Screen .............................................................................398

22.5 ZyWALL/USG IPSec VPN Client Configuration Provisioning .......................................................399

22.6 IPSec VPN Background Information .............................................................................................401

Chapter 23

SSL VPN ............................................................................................................................................411

23.1 Overview ....................................................................................................................................... 411

23.1.1 What You Can Do in this Chapter ........................................................................................ 411

23.1.2 What You Need to Know ...................................................................................................... 411

23.2 The SSL Access Privilege Screen ................................................................................................412

23.2.1 The SSL Access Privilege Policy Add/Edit Screen .............................................................413

23.3 The SSL Global Setting Screen ....................................................................................................416

23.3.1 How to Upload a Custom Logo ............................................................................................417

23.4 ZyWALL/USG SecuExtender ........................................................................................................418

23.4.1 Example: Configure ZyWALL/USG for SecuExtender .........................................................419

Chapter 24

SSL User Screens.............................................................................................................................422

24.1 Overview ....................................................................................................................................... 422

24.1.1 What You Need to Know ......................................................................................................422

24.2 Remote SSL User Login ...............................................................................................................423

24.3 The SSL VPN User Screens .........................................................................................................426

24.4 Bookmarking the ZyWALL/USG ....................................................................................................427

24.5 Logging Out of the SSL VPN User Screens ..................................................................................428

24.6 SSL User Application Screen ........................................................................................................ 428

24.7 SSL User File Sharing ...................................................................................................................429

24.7.1 The Main File Sharing Screen .............................................................................................429

24.7.2 Opening a File or Folder ......................................................................................................430

24.7.3 Downloading a File ..............................................................................................................431

24.7.4 Saving a File ........................................................................................................................431

24.7.5 Creating a New Folder .........................................................................................................432

24.7.6 Renaming a File or Folder ...................................................................................................432

24.7.7 Deleting a File or Folder ......................................................................................................433

ZyWALL/USG Series User’s Guide

24.7.8 Uploading a File ................................................................................................................... 433

Chapter 25

ZyWALL/USG SecuExtender (Windows) ........................................................................................435

25.1 The ZyWALL/USG SecuExtender Icon .........................................................................................435

25.2 Status ............................................................................................................................................ 435

25.3 View Log .......................................................................................................................................436

25.4 Suspend and Resume the Connection .........................................................................................437

25.5 Stop the Connection ...................................................................................................................... 437

25.6 Uninstalling the ZyWALL/USG SecuExtender ...............................................................................437

Chapter 26

L2TP VPN...........................................................................................................................................439

26.1 Overview ....................................................................................................................................... 439

26.1.1 What You Can Do in this Chapter ........................................................................................439

26.1.2 What You Need to Know ......................................................................................................439

26.2 L2TP VPN Screen .........................................................................................................................440

26.2.1 Example: L2TP and ZyWALL/USG Behind a NAT Router ...................................................442

Chapter 27

BWM (Bandwidth Management) ...................................................................................................444

27.1 Overview ....................................................................................................................................... 444

27.1.1 What You Can Do in this Chapter ........................................................................................444

27.1.2 What You Need to Know .....................................................................................................444

27.2 The Bandwidth Management Screen ............................................................................................448

27.2.1 The Bandwidth Management Add/Edit Screen ....................................................................451

Chapter 28

Application Patrol.............................................................................................................................459

28.1 Overview ....................................................................................................................................... 459

28.1.1 What You Can Do in this Chapter ........................................................................................459

28.1.2 What You Need to Know .....................................................................................................459

28.2 Application Patrol Profile ...............................................................................................................460

28.2.1 The Application Patrol Profile Add/Edit Screen ...................................................................462

28.2.2 The Application Patrol Profile Rule Add Application Screen ...............................................463

Chapter 29

Content Filtering...............................................................................................................................465

29.1 Overview ....................................................................................................................................... 465

29.1.1 What You Can Do in this Chapter ........................................................................................465

29.1.2 What You Need to Know ......................................................................................................465

29.1.3 Before You Begin ................................................................................................................. 466

29.2 Content Filter Profile Screen .........................................................................................................467

ZyWALL/USG Series User’s Guide

29.3 Content Filter Profile Add or Edit Screen ...................................................................................... 468

29.3.1 Content Filter Add Profile Category Service ........................................................................469

29.3.2 Content Filter Add Filter Profile Custom Service ................................................................477

29.4 Content Filter Trusted Web Sites Screen .....................................................................................480

29.5 Content Filter Forbidden Web Sites Screen .................................................................................481

29.6 Content Filter Technical Reference ............................................................................................... 482

Chapter 30

IDP......................................................................................................................................................484

30.1 Overview ....................................................................................................................................... 484

30.1.1 What You Can Do in this Chapter ........................................................................................484

30.1.2 What You Need To Know .....................................................................................................484

30.1.3 Before You Begin ................................................................................................................. 484

30.2 The IDP Profile Screen .................................................................................................................485

30.2.1 Base Profiles .......................................................................................................................486

30.2.2 Adding / Editing Profiles .....................................................................................................487

30.2.3 Profile > Group View Screen ...............................................................................................488

30.2.4 Add Profile > Query View ................................................................................................... 491

30.2.5 Query Example ....................................................................................................................495

30.3 IDP Custom Signatures ................................................................................................................496

30.3.1 Add / Edit Custom Signatures ............................................................................................499

30.3.2 Custom Signature Example .................................................................................................503

30.3.3 Applying Custom Signatures ...............................................................................................505

30.3.4 Verifying Custom Signatures ...............................................................................................506

30.4 IDP Technical Reference ...............................................................................................................506

Chapter 31

Anti-Virus...........................................................................................................................................509

31.1 Overview ....................................................................................................................................... 509

31.1.1 What You Can Do in this Chapter ........................................................................................509

31.1.2 What You Need to Know ......................................................................................................510

31.2 Anti-Virus Profile Screen ............................................................................................................... 511

31.2.1 Anti-Virus Profile Add or Edit ...............................................................................................513

31.3 Anti-Virus Black List ......................................................................................................................515

31.3.1 Anti-Virus Black List or White List Add/Edit .........................................................................515

31.3.2 Anti-Virus White List ............................................................................................................517

31.4 AV Signature Searching ................................................................................................................518

31.5 Anti-Virus Technical Reference ..................................................................................................... 519

Chapter 32

Anti-Spam..........................................................................................................................................521

32.1 Overview ....................................................................................................................................... 521

32.1.1 What You Can Do in this Chapter ........................................................................................521

ZyWALL/USG Series User’s Guide

32.1.2 What You Need to Know ......................................................................................................521

32.2 Before You Begin ..........................................................................................................................522

32.3 The Anti-Spam Profile Screen .......................................................................................................523

32.3.1 The Anti-Spam Profile Add or Edit Screen ..........................................................................524

32.4 The Mail Scan Screen ...................................................................................................................526

32.5 The Anti-Spam Black List Screen .................................................................................................. 528

32.5.1 The Anti-Spam Black or White List Add/Edit Screen ...........................................................530

32.5.2 Regular Expressions in Black or White List Entries .............................................................531

32.6 The Anti-Spam White List Screen .................................................................................................531

32.7 The DNSBL Screen .......................................................................................................................533

32.8 Anti-Spam Technical Reference ....................................................................................................535

Chapter 33

SSL Inspection..................................................................................................................................539

33.1 Overview ....................................................................................................................................... 539

33.1.1 What You Can Do in this Chapter ........................................................................................539

33.1.2 What You Need To Know .....................................................................................................539

33.1.3 Before You Begin ................................................................................................................. 540

33.2 The SSL Inspection Profile Screen ............................................................................................... 540

33.2.1 Add / Edit SSL Inspection Profiles ......................................................................................541

33.3 Exclude List Screen .....................................................................................................................543

33.4 Certificate Update Screen ............................................................................................................545

33.5 Install a CA Certificate in a Browser ..............................................................................................546

Chapter 34

Device HA..........................................................................................................................................548

34.1 Overview ....................................................................................................................................... 548

34.1.1 What You Can Do in this Chapter ........................................................................................548

34.1.2 What You Need to Know ......................................................................................................548

34.1.3 Before You Begin ................................................................................................................. 549

34.2 Device HA General .......................................................................................................................549

34.3 The Active-Passive Mode Screen .................................................................................................550

34.3.1 Configuring Active-Passive Mode Device HA ......................................................................552

34.4 Active-Passive Mode Edit Monitored Interface .............................................................................555

34.5 Device HA Technical Reference ....................................................................................................556

Chapter 35

Object.................................................................................................................................................561

35.1 Zones Overview ............................................................................................................................561

35.1.1 What You Need to Know ......................................................................................................561

35.1.2 The Zone Screen ................................................................................................................. 562

35.2 User/Group Overview ....................................................................................................................563

35.2.1 What You Need To Know .....................................................................................................564

ZyWALL/USG Series User’s Guide

35.2.2 User/Group User Summary Screen .....................................................................................566

35.2.3 User/Group Group Summary Screen ..................................................................................569

35.2.4 User/Group Setting Screen ................................................................................................570

35.2.5 User/Group MAC Address Summary Screen .....................................................................575

35.2.6 User /Group Technical Reference .......................................................................................576

35.3 AP Profile Overview ......................................................................................................................577

35.3.1 Radio Screen .......................................................................................................................578

35.3.2 SSID Screen .......................................................................................................................583

35.4 MON Profile ..................................................................................................................................592

35.4.1 Overview ..............................................................................................................................592

35.4.2 MON Profile .........................................................................................................................592

35.4.3 Technical Reference ............................................................................................................595

35.5 Application .....................................................................................................................................596

35.5.1 Add Application Rule ...........................................................................................................598

35.5.2 Application Group Screen ...................................................................................................601

35.6 Address Overview .........................................................................................................................602

35.6.1 What You Need To Know .....................................................................................................603

35.6.2 Address Summary Screen ...................................................................................................603

35.7 Service Overview ..........................................................................................................................608

35.7.1 What You Need to Know ......................................................................................................609

35.7.2 The Service Summary Screen .............................................................................................609

35.7.3 The Service Group Summary Screen ................................................................................. 611

35.8 Schedule Overview ......................................................................................................................613

35.8.1 What You Need to Know ......................................................................................................613

35.8.2 The Schedule Summary Screen ..........................................................................................614

35.8.3 The Schedule Group Screen ...............................................................................................617

35.9 AAA Server Overview .................................................................................................................618

35.9.1 Directory Service (AD/LDAP) ..............................................................................................619

35.9.2 RADIUS Server ................................................................................................................... 619

35.9.3 ASAS ...................................................................................................................................619

35.9.4 What You Need To Know .....................................................................................................620

35.9.5 Active Directory or LDAP Server Summary .........................................................................621

35.9.6 RADIUS Server Summary ...................................................................................................625

35.10 Auth. Method Overview .............................................................................................................627

35.10.1 Before You Begin ...............................................................................................................627

35.10.2 Example: Selecting a VPN Authentication Method ............................................................627

35.10.3 Authentication Method Objects ..........................................................................................628

35.11 Certificate Overview ...................................................................................................................630

35.11.1 What You Need to Know ....................................................................................................630

35.11.2 Verifying a Certificate ......................................................................................................... 632

35.11.3 The My Certificates Screen ................................................................................................633

35.11.4 The Trusted Certificates Screen .......................................................................................640

35.11.5 Certificates Technical Reference .......................................................................................645

ZyWALL/USG Series User’s Guide

35.12 ISP Account Overview ...............................................................................................................645

35.12.1 ISP Account Summary ......................................................................................................646

35.13 SSL Application Overview ..........................................................................................................648

35.13.1 What You Need to Know .................................................................................................... 648

35.13.2 The SSL Application Screen ..............................................................................................650

35.14 DHCPv6 Overview ......................................................................................................................653

35.14.1 The DHCPv6 Request Screen ........................................................................................... 654

35.14.2 The DHCPv6 Lease Screen ..............................................................................................655

Chapter 36

System...............................................................................................................................................657

36.1 Overview ....................................................................................................................................... 657

36.1.1 What You Can Do in this Chapter ........................................................................................657

36.2 Host Name ....................................................................................................................................658

36.3 USB Storage .................................................................................................................................658

36.4 Date and Time ...............................................................................................................................659

36.4.1 Pre-defined NTP Time Servers List .....................................................................................662

36.4.2 Time Server Synchronization ...............................................................................................662

36.5 Console Port Speed ......................................................................................................................663

36.6 DNS Overview ...............................................................................................................................664

36.6.1 DNS Server Address Assignment .......................................................................................664

36.6.2 Configuring the DNS Screen ...............................................................................................664

36.6.3 Address Record .................................................................................................................. 668

36.6.4 PTR Record .........................................................................................................................668

36.6.5 Adding an Address/PTR Record .........................................................................................668

36.6.6 CNAME Record ...................................................................................................................669

36.6.7 Adding a CNAME Record ....................................................................................................669

36.6.8 Domain Zone Forwarder .....................................................................................................669

36.6.9 Adding a Domain Zone Forwarder ......................................................................................670

36.6.10 MX Record ........................................................................................................................671

36.6.11 Adding a MX Record .......................................................................................................... 671

36.6.12 Security Option Control .....................................................................................................671

36.6.13 Editing a Security Option Control ......................................................................................671

36.6.14 Adding a DNS Service Control Rule ..................................................................................672

36.7 WWW Overview ............................................................................................................................673

36.7.1 Service Access Limitations ..................................................................................................673

36.7.2 System Timeout ...................................................................................................................674

36.7.3 HTTPS .................................................................................................................................674

36.7.4 Configuring WWW Service Control .....................................................................................675

36.7.5 Service Control Rules ..........................................................................................................678

36.7.6 Customizing the WWW Login Page ....................................................................................679

36.7.7 HTTPS Example ..................................................................................................................683

36.8 SSH ............................................................................................................................................690

ZyWALL/USG Series User’s Guide

36.8.1 How SSH Works ..................................................................................................................691

36.8.2 SSH Implementation on the ZyWALL/USG .........................................................................692

36.8.3 Requirements for Using SSH ...............................................................................................692

36.8.4 Configuring SSH ..................................................................................................................692

36.8.5 Secure Telnet Using SSH Examples ...................................................................................693

36.9 Telnet ............................................................................................................................................694

36.9.1 Configuring Telnet ................................................................................................................694

36.10 FTP ............................................................................................................................................696

36.10.1 Configuring FTP ................................................................................................................696

36.11 SNMP .........................................................................................................................................697

36.11.1 SNMP v3 and Security ....................................................................................................... 698

36.11.2 Supported MIBs .................................................................................................................699

36.11.3 SNMP Traps ......................................................................................................................699

36.11.4 Configuring SNMP .............................................................................................................699

36.12 Authentication Server ..................................................................................................................702

36.12.1 Add/Edit Trusted RADIUS Client ......................................................................................703

36.13 Language Screen ........................................................................................................................704

36.14 IPv6 Screen ................................................................................................................................. 704

36.15 ZyXEL One Network (ZON) Utility ..............................................................................................705

36.15.1 ZyXEL One Network (ZON) System Screen ..................................................................... 706

Chapter 37

Log and Report .................................................................................................................................708

37.1 Overview ....................................................................................................................................... 708

37.1.1 What You Can Do In this Chapter ........................................................................................708

37.2 Email Daily Report ........................................................................................................................708

37.3 Log Setting Screens ..................................................................................................................... 710

37.3.1 Log Setting Summary .......................................................................................................... 711

37.3.2 Edit System Log Settings ...................................................................................................712

37.3.3 Edit Log on USB Storage Setting .......................................................................................717

37.3.4 Edit Remote Server Log Settings .......................................................................................719

37.3.5 Log Category Settings Screen .............................................................................................722

Chapter 38

File Manager......................................................................................................................................727

38.1 Overview ....................................................................................................................................... 727

38.1.1 What You Can Do in this Chapter ........................................................................................727

38.1.2 What you Need to Know ......................................................................................................727

38.2 The Configuration File Screen ......................................................................................................729

38.3 The Firmware Package Screen ....................................................................................................733

38.4 The Shell Script Screen ............................................................................................................... 736

Chapter 39

Diagnostics ......................................................................................................................................738

ZyWALL/USG Series User’s Guide

39.1 Overview ....................................................................................................................................... 738

39.1.1 What You Can Do in this Chapter ........................................................................................738

39.2 The Diagnostic Screen ..................................................................................................................738

39.2.1 The Diagnostics Files Screen ..............................................................................................739

39.3 The Packet Capture Screen ..........................................................................................................740

39.3.1 The Packet Capture Files Screen ........................................................................................742

39.4 The System Log Screen ................................................................................................................743

39.5 The Network Tool Screen ..............................................................................................................744

39.6 The Wireless Frame Capture Screen ...........................................................................................745

39.6.1 The Wireless Frame Capture Files Screen ........................................................................746

Chapter 40

Packet Flow Explore ........................................................................................................................748

40.1 Overview ....................................................................................................................................... 748

40.1.1 What You Can Do in this Chapter ........................................................................................748

40.2 The Routing Status Screen ........................................................................................................... 748

40.3 The SNAT Status Screen ..............................................................................................................753

Chapter 41

Shutdown...........................................................................................................................................756

41.1 Overview ....................................................................................................................................... 756

41.1.1 What You Need To Know .....................................................................................................756

41.2 The Shutdown Screen ...................................................................................................................756

Chapter 42

Troubleshooting................................................................................................................................ 757

42.1 Resetting the ZyWALL/USG .........................................................................................................769

42.2 Getting More Troubleshooting Help ..............................................................................................770

Appendix A Customer Support ........................................................................................................771

Appendix B Legal Information..........................................................................................................777

Appendix C Product Features..........................................................................................................788

Index ..................................................................................................................................................795

ZyWALL/USG Series User’s Guide

PART I

User’s Guide

1.1 Overview

ZyWALL/USG refers to all ZyWALL and USG models in the series.

Table 1 ZyWALL/USG Models

ZYWALL MODELS USG MODELS

ZyWALL 110 USG40 ZyWALL 310 USG40W ZyWALL 1100 USG60

CHAPTER 1

Introduction

USG60W USG110 USG210 USG310 USG1100 USG1900

Besides performance variance, the following are the key feature differences between the models:

• ZyWALL models need a license for UTM (Unified Threat Management) functionality

• USG models need a UTM license after one year

• The following UTM features work without a UTM license:

• Configuration > Content Filter > Trusted Web Sites

• Configuration > IDP > Custom Signatures

• Configuration > Anti-Virus > Black/White List

• Configuration > Anti-Spam > Black/White List

• ZyWALL models do not support SSL Inspection

• USG40 / USG40W / USG60 / USG60W support UTM but not SSL Inspection

• USG40W / USG60W have built-in Wi-Fi functionality

• Some interface names vary by model - see Table 13 on page 53 for default port / interface name mapping. See Table 14 on page 53 for default interface / zone mapping.

See the product’s datasheet for detailed information on a specific model.

1.1.1 Applications

These are some ZyWALL/USG application scenarios.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

Security Router

Security includes a Stateful Packet Inspection (SPI) firewall, and UTM (Unified Threat Management). ZyWALL models need a license to use UTM (Unified Threat Management) features. UTM features include the following:

• Application Patrol (AP)

• Intrusion Detection & Prevention (IDP)

• Anomaly Detection & Prevention (ADP)

• Content Filtering (CF)

• Anti-Virus (AV)

• Anti-Spam (AS)

• Secure Socket Layer (SSL) encrypted traffic Inspection

Figure 1 Applications: Security RouterApplications: Security Router

IPv6 Routing

The ZyWALL/USG supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The ZyWALL/USG can also route IPv6 packets through IPv4 networks using different tunneling methods.

Figure 2 Applications: IPv6 Routing

VPN Connectivity

Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also purchase the ZyWALL/USG OTPv2 One-Time Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

OTP PIN

SafeWord 2008 Authentication Server

File

Web-based

Server

Application

*****

Web Mail File Share

Web-based Application

https://

Application Server

Non-Web

LAN (192.168.1.X)

Figure 3 Applications: VPN Connectivity

SSL VPN Network Access

SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the ZyWALL/USG’s web address and enters his user name and password to securely connect to the ZyWALL/USG’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.

Figure 4 SSL VPN With Full Tunnel Mode

User-Aware Access Control

Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in, so and cannot access either the Internet or the file server.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

Figure 5 Applications: User-Aware Access Control

Load Balancing

Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.

Figure 6 Applications: Multiple WAN Interfaces

1.2 Management Overview

You can manage the ZyWALL/USG in the following ways.

Web Configurator

The Web Configurator allows easy ZyWALL/USG setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.

Figure 7 Managing the ZyWALL/USG: Web Configurator

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

Command-Line Interface (CLI)

The CLI allows you to use text-based commands to configure the ZyWALL/USG. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:

Table 2 Console Port Default Settings

SETTING VALUE

Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off

FTP

Use File Transfer Protocol for firmware upgrades and configuration backup/restore.

SNMP

The device can be monitored and/or managed by an SNMP manager. See Section 43.3 on page 359.

1.3 Web Configurator

In order to use the Web Configurator, you must:

• Use one of the following web browser versions or later: Internet Explorer 7, Firefox 3.5, Chrome

9.0

• Allow pop-up windows (blocked by default in Windows XP Service Pack 2)

• Enable JavaScripts, Java permissions, and cookies

The recommended screen resolution is 1024 x 768 pixels.

Note: Most screen shots in this guide come from the USG110 and USG60W. Screen shots

for other models may vary a little.

1.3.1 Web Configurator Access

1 Make sure your ZyWALL/USG hardware is properly connected. See the Quick Start Guide.

2 In your browser go to http://192.168.1.1. By default, the ZyWALL/USG automatically routes this

request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

3 Type the user name (default: “admin”) and password (default: “1234”).

If you have a OTP (One-Time Password) token generate a number and enter it in the One-Time Password field. The number is only good for one login. You must use the token to generate a new number the next time you log in.

4 Click Login. If you logged in using the default user name and password, the Update Admin Info

screen appears. Otherwise, the dashboard appears.

5 The Network Risk Warning screen displays any unregistered or disabled security services. Select

how often to display the screen and click OK.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

If you select Never and you later want to bring this screen back, use these commands (note the space before the underscore).

Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after-30-days every-time never Router(config)# service-register _setremind every-time Router(config)#

See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands.

6 Follow the directions in the Update Admin Info screen. If you change the default password, the

opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

1.3.2 Web Configurator Screens Overview

The Web Configurator screen is divided into these parts (as illustrated on page 27):

• A - title bar

• B - navigation panel

• C - main window

Title Bar

Figure 8 Title Bar

The title bar icons in the upper right corner provide the following functions.

Table 3 Title Bar: Web Configurator Icons

LABEL DESCRIPTION

Logout Click this to log out of the Web Configurator. Help Click this to open the help page for the current screen. About Click this to display basic information about the ZyWALL/USG. Site Map Click this to see an overview of links to the Web Configurator screens. Object Reference Click this to check which configuration items reference an object. Console Click this to open a Java-based console window from which you can run command line

CLI Click this to open a popup window that displays the CLI commands sent by the Web

interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.

Configurator to the ZyWALL/USG.

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

About

Click About to display basic information about the ZyWALL/USG.

Figure 9 About

Table 4 About

LABEL DESCRIPTION

Current Version This shows the firmware version of the ZyWALL/USG. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. OK Click this to close the screen.

Site Map

Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen.

Figure 10 Site Map

ZyWALL/USG Series User’s Guide

Chapter 1 Introduction

Object Reference

Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.

Figure 11 Object Reference

The fields vary with the type of object. This table describes labels that can appear in this screen.

Table 5 Object References

LABEL DESCRIPTION

Object Name This identifies the object for which the configuration settings that use it are displayed. Click the

# This field is a sequential value, and it is not associated with any entry. Service This is the type of setting that references the selected object. Click a service’s name to display

Priority If it is applicable, this field lists the referencing configuration item’s position in its list,

Name This field identifies the configuration item that references the object. Description If the referencing configuration item has a description configured, it displays here. Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen.

object’s name to display the object’s configuration screen in the main window.

the service’s configuration screen in the main window.

otherwise N/A displays.

Console

Click Console to open a Java-based console window from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.

ZyWALL/USG Series User’s Guide

+ 785 hidden pages

ZyXEL ZyWall 110, USG60, USG60W, ZyWall 310, USG110 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

ZyWALL/USG Series

User’s Guide

1.1 Overview

Introduction

1.1.1 Applications

1.2 Management Overview

1.3 Web Configurator

1.3.1 Web Configurator Access

1.3.2 Web Configurator Screens Overview