How it Works
Zyxel
Loading...
USG60W
CLI Reference Guide
594 pgs4.36 Mb0
Datasheet
12 pgs1.51 Mb0
Handbook
297 pgs15.85 Mb0
Handbook
810 pgs28.94 Mb0
Quick Start Manual
8 pgs3.08 Mb0
User Manual
1053 pgs29.78 Mb0
User Manual
994 pgs29.96 Mb0
User Manual
742 pgs21.51 Mb0
User Manual
815 pgs23.83 Mb0
User Manual
829 pgs24.77 Mb0
User's Guide
1142 pgs34.99 Mb0

Zyxel USG60, USG2200, USG40W, USG40, USG210 Handbook

...
1/810
www.zyxel.com
ZyWALL/USG/ATP /VPN Series
ATP200/ ATP500/ ATP800
USG20-VPN / USG20W-VPN / USG40 / USG40W / USG60 / USG60W / USG110 / UGS210 / USG310/ USG1100 /USG1900 / USG2200-VPN
VPN50 / VPN100 /VPN300 /VPN1000
Security Firewalls
Firmware Version 4.60 Edition 1, 12/2020
Handbook
Default Login Details
LAN Port IP Address
https://192.168.1.1
User Name
admin
Password
1234
2/810
www.zyxel.com
copyright © 2018 ZyXEL Communications Corporation
Table of Content
How to Configure Site-to-site IPSec VPN with Amazon VPC .................. 19
Set Up the IPSec VPN Tunnel on the Amazon VPC ............................ 20
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ............................. 24
Test the IPSec VPN Tunnel .................................................................... 30
What Could Go Wrong? ...................................................................... 31
How to Configure Site-to-site IPSec VPN with Microsoft (MS) Azure ...... 32
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ............................. 33
Set Up the IPSec VPN Tunnel on the MS Azure ................................... 38
Test the IPSec VPN Tunnel .................................................................... 45
What Could Go Wrong? ...................................................................... 48
How to Configure GRE over IPSec VPN Tunnel......................................... 49
Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate
Network (HQ) ........................................................................................ 50
Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate
Network (Branch) ................................................................................. 55
Test the GRE over IPSec VPN Tunnel .................................................... 59
What Could Go Wrong? ...................................................................... 60
How to Configure Site-to-site IPSec VPN Where the Peer has a Static IP
Address ........................................................................................................ 62
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) ................................................................................................. 67
Test the IPSec VPN Tunnel .................................................................... 71
What Could Go Wrong? ...................................................................... 72
How to Configure Site-to-site IPSec VPN Where the Peer has a Dynamic
IP Address .................................................................................................... 74
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ....................................................................................................... 74
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch has a Dynamic IP Address) ................................................... 78
Test the IPSec VPN Tunnel .................................................................... 82
3/810
www.zyxel.com
What Could Go Wrong? ...................................................................... 84
How to Configure IPSec Site to Site VPN while one Site is behind a NAT
router ............................................................................................................ 86
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ....................................................................................................... 86
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) ................................................................................................. 90
Set Up the NAT Router (Using ZyWALL USG device in this example) 94
Test the IPSec VPN Tunnel .................................................................... 96
What Could Go Wrong? ...................................................................... 97
How to Configure Hub-and-Spoke IPSec VPN ......................................... 98
Set Up the IPSec VPN Tunnel on the ZyWALL/USG by Using VPN
Concentrator Hub_HQ-to-Branch_A .................................................. 99
Hub_HQ-to-Branch_B ......................................................................... 103
Hub_HQ Concentrator ....................................................................... 107
Spoke_Branch_A ................................................................................ 108
Spoke_Branch_B ................................................................................. 113
Test the IPSec VPN Tunnel .................................................................. 118
What Could Go Wrong? .................................................................... 122
Set Up the IPSec VPN Tunnel of ZyWALL/USG without Using VPN
Concentrator Hub_HQ-to-Branch_A ................................................ 124
Hub_HQ-to-Branch_B ......................................................................... 127
Spoke_Branch_A ................................................................................ 130
Spoke_Branch_B ................................................................................. 133
Test the IPSec VPN Tunnel .................................................................. 136
What Could Go Wrong? .................................................................... 139
How to Use Dual-WAN to Perform Fail-Over on VPN Using the VPN
Concentrator ............................................................................................. 141
Set Up the IPSec VPN Tunnel on the ZyWALL/USG Hub_HQ-to-
Branch_A ............................................................................................. 142
Hub_HQ-to-Branch_B ......................................................................... 145
Hub_HQ Concentrator ....................................................................... 148
Spoke_Branch_A ................................................................................ 149
Spoke_Branch_B ................................................................................. 152
4/810
www.zyxel.com
Test the IPSec VPN Tunnel .................................................................. 156
What Could Go Wrong? .................................................................... 159
How to Configure IPSec VPN with ZyWALL IPSec VPN Client ................ 160
Set Up the ZyWALL/USG IPSec VPN Tunnel ....................................... 161
Set Up the ZyWALL IPSec VPN Client ................................................. 165
Test the IPSec VPN Tunnel .................................................................. 168
What Can Go Wrong? ....................................................................... 170
How to Configure Site-to-site IPSec VPN with FortiGate ....................... 172
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 173
Set Up the IPSec VPN Tunnel on the FortiGate ................................ 176
Test the IPSec VPN Tunnel .................................................................. 181
What Could Go Wrong? .................................................................... 182
How to Configure Site-to-site IPSec VPN with WatchGuard ................. 184
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 185
Set Up the IPSec VPN Tunnel on the WatchGuard .......................... 188
Test the IPSec VPN Tunnel .................................................................. 194
What Could Go Wrong? .................................................................... 195
How to Configure Site-to-site IPSec VPN with Cisco ............................. 197
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 198
Set Up the IPSec VPN Tunnel on the Cisco ....................................... 203
Test the IPSec VPN Tunnel .................................................................. 208
What Could Go Wrong? .................................................................... 210
How to Configure Site-to-site IPSec VPN with a SonicWALL router ...... 211
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 212
Set Up the IPSec VPN Tunnel on the SonicWALL .............................. 219
Test the IPSec VPN Tunnel .................................................................. 223
What Could Go Wrong? .................................................................... 225
How to Configure IPSec VPN Failover ..................................................... 228
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ..................................................................................................... 229
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) ............................................................................................... 232
Set up the WAN Trunk (ZyWALL/USG_HQ) ........................................ 237
5/810
www.zyxel.com
Set up the Failover Command Line (ZyWALL/USG HQ) .................. 238
Test the IPSec VPN Tunnel .................................................................. 239
What Could Go Wrong? .................................................................... 241
How to Configure L2TP over IPSec VPN while the ZyWALL/USG is behind
a NAT router............................................................................................... 243
Set Up the L2TP VPN Tunnel on the ZyWALL/USG_HQ ...................... 244
Set Up the NAT Router (Using ZyWALL USG device in this example)
.............................................................................................................. 248
Test the L2TP over IPSec VPN Tunnel .................................................. 251
What Could Go Wrong? .................................................................... 254
How to Configure L2TP VPN with Android 5.0 Mobile Devices ............. 256
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 257
Set Up the L2TP VPN Tunnel on the Android Device ........................ 261
Test the L2TP over IPSec VPN Tunnel ................................................. 264
What Could Go Wrong? .................................................................... 266
How to Configure L2TP VPN with iOS 8.4 Mobile Devices ..................... 268
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 268
Set Up the L2TP VPN Tunnel on the iOS Device ................................ 274
Test the L2TP over IPSec VPN Tunnel ................................................. 275
What Could Go Wrong? .................................................................... 278
How to Import ZyWALL/USG Certificate for L2TP over IPsec in Windows 10
.................................................................................................................... 280
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 280
Export a Certificate from ZyWALL/USG and Import it to Windows 10
Operating System ............................................................................... 285
Set Up the L2TP VPN Tunnel on the Windows 10 ............................... 290
Test the L2TP over IPSec VPN Tunnel ................................................. 294
What Could Go Wrong? .................................................................... 296
How to Import ZyWALL/USG Certificate for L2TP over IPsec in IOS mobile
phone......................................................................................................... 298
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 298
Export a Certificate from ZyWALL/USG and Import it to iOS Mobile
Phone .................................................................................................. 303
6/810
www.zyxel.com
Set Up the L2TP VPN Tunnel on the iOS Mobile Device ................... 303
Test the L2TP over IPSec VPN Tunnel ................................................. 306
What Could Go Wrong? .................................................................... 308
How to Configure 2 factor for VPN connection? ................................... 309
Set up the ZyWALL/USG IPSec VPN Tunnel ....................................... 310
Set up the ZyWALL IPSec VPN Client ................................................ 315
Set up notification for 2 factor authentication ................................ 319
Set up authentication for 2 factor VPN connection ....................... 320
Test the Result ..................................................................................... 321
What could went wrong .................................................................... 324
How to Import ZyWALL/USG Certificate for L2TP over IPsec in Android
mobile phone............................................................................................ 324
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 325
Export a Certificate from ZyWALL/USG and Import it to Android
Mobile Phone ...................................................................................... 329
Set Up the L2TP VPN Tunnel on the Android Mobile Device ........... 330
Test the L2TP over IPSec VPN Tunnel ................................................. 334
What Could Go Wrong? .................................................................... 336
How to Configure the L2TP VPN with Apple MAC OS X 10.11 Operating
System........................................................................................................ 338
Set Up the L2TP VPN Tunnel on the ZyWALL/USG ............................. 338
Set Up the L2TP VPN Tunnel on the Apple MAC OS X 10.11 El
Capitan Operating System ............................................................... 343
Test the L2TP over IPSec VPN Tunnel ................................................. 346
What Could Go Wrong? .................................................................... 348
How to configure if I want user can only see SSL VPN Login button in
web portal login page ............................................................................. 350
Set Up the DNS Service ....................................................................... 351
Set Up the ZyWALL/USG SSL VPN Setting ............................................ 351
Set Up the ZyWALL/USG System Setting ............................................. 352
Test the SSL VPN .................................................................................. 353
How to Deploy SSL VPN with Apple Mac OS X 10.10 Operating System
.................................................................................................................... 357
7/810
www.zyxel.com
Set Up the SSL VPN Tunnel on the ZyWALL/USG ............................... 358
Set Up the SSL VPN Tunnel on the Apple MAC OS X 10.10 Operating
System .................................................................................................. 361
Test the SSL VPN Tunnel ...................................................................... 365
What Could Go Wrong? .................................................................... 368
How To Configure SSL VPN for Remote Access Mobile Devices .......... 370
Set Up the SSL VPN Tunnel on the ZyWALL/USG ............................... 371
Test the SSL VPN Tunnel ...................................................................... 374
What Could Go Wrong? .................................................................... 376
How to Configure an SSL VPN Tunnel (with SecuExtender version 4.0.0.1)
on the Windows 10 Operating System .................................................... 377
Set up the SSL VPN Tunnel with Windows 10 .................................... 377
What Can Go Wrong? ....................................................................... 381
How to redirect multiple LAN interface traffic to the VPN tunnel ......... 383
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ..................................................................................................... 384
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) ............................................................................................... 387
Set up the Policy Route (ZyWALL/USG_HQ) ..................................... 391
Set up the Policy Route (ZyWALL/USG_Branch) .............................. 392
Test the IPSec VPN Tunnel .................................................................. 394
What Could Go Wrong? .................................................................... 395
How to Create VTI and Configure VPN Failover with VTI ...................... 397
VTI Deployment Flow .......................................................................... 397
Set Up the ZyWALL/USG VTI of Corporate Network (HQ) ............... 398
Set Up the ZyWALL/USG VTI of Corporate Network (Branch) ........ 403
Test the IPSec VPN Tunnel .................................................................. 409
What Can Go Wrong? ....................................................................... 411
How to configure the USG when using a Cloud Based SIP system ...... 413
Set Up the SIP ALG .............................................................................. 414
Test result ............................................................................................. 414
What could go wrong? ...................................................................... 415
8/810
www.zyxel.com
How to block HTTPS websites by Domain Filter without applying SSL
Inspection .................................................................................................. 415
Set Up the Content Filter on the ZyWALL/USG ................................. 416
Set Up the Security Policy on the ZyWALL/USG ............................... 419
Set Up the System Policy on the ZyWALL/USG ................................. 419
Test the Result ..................................................................................... 419
How to Configure Content Filter 2.0 with Geo IP Blocking .................... 422
Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 423
Set Up the Security Policy on the ZyWALL/USG ............................... 423
Test the Result ..................................................................................... 424
What Could Go Wrong? .................................................................... 425
How to Configure Content Filter 2.0 with HTTPs Domain Filter ............... 426
Application Scenario ......................................................................... 426
Set Up the Content Filter on the ZyWALL/USG .................................. 427
Set Up the Security Policy on the ZyWALL/USG ............................... 429
Set Up the System Policy on the ZyWALL/USG ................................. 430
Test the Result ..................................................................................... 431
What Could Wrong? .......................................................................... 431
How to block the client accessing to certain country using Geo IP and
Content Filter ............................................................................................. 432
Check Geo IP License Status on the ZyWALL/USG ........................... 433
Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 434
Set Up the Security Policy on the ZyWALL/USG ............................... 435
Test the Result ..................................................................................... 436
How to Restrict Web Portal access from the Internet ............................ 439
Set Up the ZyWALL/USG System Setting ............................................. 439
Test the Web Access .......................................................................... 440
How to Setup and Configure Daily Report ............................................. 443
Set Up the ZyWALL/USG Email Daily Report Setting ........................... 444
Test the Daily Log Report ................................................................... 445
What Could Go Wrong? .................................................................... 447
How to Setup and Configure Email Logs ................................................ 448
9/810
www.zyxel.com
Set Up the ZyWALL/USG Email Logs Setting ....................................... 449
Test the Email Log ............................................................................... 450
What Could Go Wrong? .................................................................... 451
How to Setup and send logs to a Syslog Server .................................... 452
Set Up the Syslog Server (Use Papertrail syslog in this example) ....... 452
Set Up the ZyWALL/USG Remote Server Setting ................................ 455
Test the Remote Server ....................................................................... 456
What Could Go Wrong? .................................................................... 457
How to Setup and send logs to a Vantage Reports Server................... 458
Set Up the VRPT Server ........................................................................ 459
Set Up the ZyWALL/USG Remote Server Setting ................................ 462
Test the Remote Server ....................................................................... 463
What Could Go Wrong? .................................................................... 463
How to Setup and send logs to the USB storage .................................... 464
Set Up the USB System Settings ........................................................... 465
Set Up the USB Log Storage ................................................................ 466
Check the USG Log Files .................................................................... 467
How to Activate a Free Access Hotspot ................................................. 467
Set up the Free Access Hotspot ........................................................ 469
Test the User Agreement and Advertisement Webpage............... 470
What could Go Wrong? ..................................................................... 472
Set up Enable the Free Time Feature ............................................... 472
Test Free Time Feature ........................................................................ 478
What Can Go Wrong? ....................................................................... 481
How to Setup IPv6 Interfaces for Pure IPv6 Routing ............................... 483
Setting Up the IPv6 Interface ............................................................. 484
Set up the Prefix Delegation and Router Advertisement ............... 486
Test ....................................................................................................... 490
What Can Go Wrong? ....................................................................... 491
Test ....................................................................................................... 493
How to Perform and Use the Packet Capture Feature on the
ZyWALL/USG .............................................................................................. 493
Set Up the Packet Capture Feature .................................................. 494
10/810
www.zyxel.com
Check the Capture Files .................................................................... 497
How to Automatically Reboot the ZyWALL/USG by Schedule ............. 498
Set Up the Shell Script .......................................................................... 499
Set Up the Schedule Run .................................................................... 500
Check the Reboot Status .................................................................. 502
How To Schedule YouTube Access ......................................................... 504
Set Up the Schedule on the ZyWALL/USG ........................................ 504
Create the Application Objects on the ZyWALL/USG ..................... 505
Set Up SSL Inspection on the ZyWALL/USG ........................................ 505
Set Up the Security Policy on the ZyWALL/USG ................................. 506
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ............................................................................... 507
Test the Result ...................................................................................... 512
What Could Go Wrong? .................................................................... 512
How to continuously run a ZySH script .................................................... 514
Set Up the Shell Script .......................................................................... 514
Set Up the Schedule Run .................................................................... 516
Check the Result ................................................................................ 516
How To Register Your Device and Services at myZyXEL.com .............. 517
Account Creation .............................................................................. 518
Device Registration ............................................................................ 520
Service Registration (In the Case of Standard License) ................. 521
Device Management (In the Case of Registering Bundled Licenses)
.............................................................................................................. 522
Refresh Service.................................................................................... 523
What Could Go Wrong? .................................................................... 523
How To Exempt Specific Users From Security Control ........................... 525
Set Up the Security Policy on the ZyWALL/USG for Employees ....... 526
Set Up the Security Policy on the ZyWALL/USG for Executives ........ 528
Test the Result ...................................................................................... 530
What Could Go Wrong? .................................................................... 531
How To Detect and Prevent TCP Port Scanning with ADP ..................... 532
Set Up the ADP Profile on the ZyWALL/USG ...................................... 533
11/810
www.zyxel.com
Test the Result ...................................................................................... 536
What Could Go Wrong? .................................................................... 537
How To Block Facebook .......................................................................... 538
Set Up the Content Filter on the ZyWALL/USG .................................. 539
Set Up the SSL Inspection on the ZyWALL/USG ................................. 539
Set Up the Security Policy on the ZyWALL/USG ................................. 541
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ............................................................................... 542
Test the Result ...................................................................................... 546
What Could Go Wrong? .................................................................... 547
How To Exempt Specific Users From a Blocked Website ...................... 548
Set Up the Security Policy on the ZyWALL/USG for Employees ....... 549
Set Up the Security Policy on the ZyWALL/USG for Executives ........ 551
Test the Result ...................................................................................... 554
What Could Go Wrong? .................................................................... 555
How To Control Access To Google Drive................................................ 556
Set Up the SSL Inspection on the ZyWALL/USG ................................. 557
Set Up the Security Policy on the ZyWALL/USG ................................. 558
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ............................................................................... 558
Test the Result ...................................................................................... 563
What Could Go Wrong? .................................................................... 564
How To Block HTTPS Websites Using Content Filtering and SSL Inspection
.................................................................................................................... 565
Set Up the Content Filter on the ZyWALL/USG .................................. 566
Set Up SSL Inspection on the ZyWALL/USG ........................................ 567
Set Up the Security Policy on the ZyWALL/USG ................................. 569
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ............................................................................... 570
Test the Result ...................................................................................... 574
What Could Go Wrong? .................................................................... 575
How To Block the Spotify Music Streaming Service ............................... 576
Set Up IDP Profile on the ZyWALL/USG .............................................. 577
12/810
www.zyxel.com
Test the Result ...................................................................................... 578
What Could Go Wrong? .................................................................... 579
How does Anti-Malware work ................................................................. 580
Enable Anti-Malware function to protecting your traffic ............... 581
Test the result ....................................................................................... 582
Additional configuration ........................................................................... 582
What can go wrong ........................................................................... 583
How to Configure an Email Security Policy with Mail Scan and DNSBL584
Set Up the Email Security on ATP Series .............................................. 584
Test the result ....................................................................................... 587
What can go wrong ........................................................................... 588
How to Configure Botnet Filter on ATP series? ........................................ 589
Prerequisites before setting up Botnet Filter function ..................... 590
License activation .............................................................................. 590
Update Botnet Filter Signatures ......................................................... 590
Set Up the IP Blocking on the ATP series ........................................... 592
Test the Result ..................................................................................... 592
Set up the URL Blocking on the ATP series ........................................ 593
Test the Result ..................................................................................... 593
How to Use Sandboxing to Detect Unknown Malware ......................... 595
Set Up Sandboxing on ATP ................................................................ 596
Test the Result ...................................................................................... 598
What Can Go Wrong? ....................................................................... 601
How to Configure Bandwidth Management for FTP and HTTP Traffic ... 602
Set Up the Bandwidth Management for FTP on the ZyWALL/USG 603 Set Up the Bandwidth Management for HTTP on the ZyWALL/USG
.............................................................................................................. 604
Set Up the Bandwidth Management Global Setting on the
ZyWALL/USG ........................................................................................ 606
Test the Result ...................................................................................... 607
What Could Go Wrong? .................................................................... 608
How to Limit BitTorrent or Other Peer-to-Peer Traffic.............................. 609
Set Up the Application Patrol Profile on the ZyWALL/USG ............... 610
13/810
www.zyxel.com
Set Up the Bandwidth Management for BitTorrent on the
ZyWALL/USG ........................................................................................ 611
Set Up the Bandwidth Management Global Setting on the
ZyWALL/USG ........................................................................................ 613
Test the Result ...................................................................................... 613
What Could Go Wrong? .................................................................... 614
How to Configure a Trunk for WAN Load Balancing with a Static or
Dynamic IP Address ................................................................................. 615
Set Up the Available Bandwidth on WAN1 Interfaces on the
ZyWALL/USG ........................................................................................ 616
Set Up the Available Bandwidth on WAN2 Interfaces on the
ZyWALL/USG ........................................................................................ 617
Set Up the WAN Trunk on the ZyWALL/USG ...................................... 617
Test the Result ...................................................................................... 618
What Could Go Wrong? .................................................................... 619
How to Configure DNS Inbound Load Balancing to balance DNS Queries
Among Interfaces ..................................................................................... 620
Set Up the DNS Inbound Load Balancing on the ZyWALL/USG ..... 621
Set Up the NAT Rule on the ZyWALL/USG ......................................... 622
Test the Result ...................................................................................... 623
What Could Go Wrong? .................................................................... 624
How to Manage Voice Traffic .................................................................. 625
Set Up the SIP ALG on the ZyWALL/USG ........................................... 626
Set Up the Bandwidth Management for SIP on the ZyWALL/USG . 626 Set Up the Bandwidth Management for P2P on the ZyWALL/USG 627 Set Up the Bandwidth Management for FTP on the ZyWALL/USG 628
Test the Result ...................................................................................... 630
What Could Go Wrong? .................................................................... 631
How to Manage ZyWALL/USG Configuration Files ................................. 632
Rename the Configuration Files from the ZyWALL/USG ................. 633
Download the Configuration Files on the ZyWALL/USG ................. 633
Copy the Configuration Files on the ZyWALL/USG .......................... 634
Apply the Configuration Files on the ZyWALL/USG ......................... 635
14/810
www.zyxel.com
Upload the Configuration Files from the ZyWALL/USG ................... 636
What Could Go Wrong? .................................................................... 636
How to Manage ZyWALL/USG Firmware ................................................. 637
Download the Current Firmware Version from ZyXEL.com ............. 638
Upload the Firmware on the ZyWALL/USG ....................................... 639
What Could Go Wrong? .................................................................... 642
How to Get Started Using the Wizards .................................................... 643
Set Up the Internet Access (Ethernet) Wizard on the ZyWALL/USG
.............................................................................................................. 643
Set Up the Internet Access (PPPoE) Wizard on the ZyWALL/USG .. 647
Set Up the Internet Access (PPTP) Wizard on the ZyWALL/USG ..... 650
Set Up the Wireless Settings Wizard on the ZyWALL/USG ................ 654
Set Up the Device Registration on the ZyWALL/USG ...................... 656
How to Configure the 3G/LTE Interface on the ZyWALL/USG as a WAN
Backup ...................................................................................................... 658
Set Up the 3G/LTE Interface on the ZyWALL/USG ........................... 659
Set Up the Trunk on the ZyWALL/USG ............................................... 660
Test the Result ...................................................................................... 661
What Could Go Wrong? .................................................................... 662
How to Configure Two Different WAN Interfaces with Different IP
Addresses in the Same VLAN .................................................................. 663
Set Up the Port Grouping on the ZyWALL/USG ................................ 664
Set Up the VLAN on the ZyWALL/USG .............................................. 664
Set Up the Routing on the ZyWALL/USG ........................................... 666
Test the Result ...................................................................................... 666
What Could Go Wrong? .................................................................... 667
How to Let a Server Use the Same Public IP Address as the WAN
Interface Using the Bridge Interface ....................................................... 667
Set Up the Bridge Interface on the ZyWALL/USG ............................ 668
Test the Result ...................................................................................... 670
What Could Go Wrong? .................................................................... 671
How to Allow Public Access to a Server Behind ZyWALL/USG ............. 671
Set Up the NAT on the ZyWALL/USG ................................................. 672
15/810
www.zyxel.com
Set Up the Security Policy on the ZyWALL/USG ............................... 673
Test the Result ...................................................................................... 674
What Could Go Wrong? .................................................................... 674
How to Set Up a WiFi Network with ZyXEL APs ........................................ 676
Set Up the AP Management on the ZyWALL/USG .......................... 677
Test the Result ...................................................................................... 679
What Could Go Wrong? .................................................................... 680
How to Set Up Guest WiFi Network Accounts ........................................ 681
Set Up the WiFi Guest Account, Address Range and Service Rule on
the ZyWALL/USG ................................................................................. 682
Set Up the Web Authentication on the ZyWALL/USG ..................... 684
Set Up the Security Policy on the ZyWALL/USG ............................... 685
Test the Result ...................................................................................... 686
What Could Go Wrong? .................................................................... 689
How to create a Wi-Fi VLAN interfaces to separate staff network and
Guest network ........................................................................................... 691
Set up Wi-Fi VLAN interfaces ............................................................. 692
Test result ............................................................................................. 702
What could go wrong ........................................................................ 704
How to Set Up WiFi Networks with Microsoft Active Directory
Authentication .......................................................................................... 706
Set Up the Wi-Fi Guest Account and Authentication Method on the
ZyWALL/USG ........................................................................................ 707
Set Up the Active Directory Server Account on the ZyWALL/USG 708
Set Up the Security Policy on the ZyWALL/USG ............................... 709
Test the Result ...................................................................................... 710
What Could Go Wrong? .................................................................... 712
How to Set Up IPv6 Interfaces for Pure IPv6 Routing .............................. 713
Enable the IPv6 on the ZyWALL/USG ................................................ 714
Set Up the WAN IPv6 Interface on the ZyWALL/USG ...................... 715
Set Up the LAN IPv6 Interface on the ZyWALL/USG ........................ 715
Test the Result ...................................................................................... 716
What Could Go Wrong? .................................................................... 718
16/810
www.zyxel.com
How to Set Up an IPv6 6to4 Tunnel .......................................................... 718
Set Up the LAN IPv6 Interface on the ZyWALL/USG ........................ 719
Set Up the 6to4 Tunnel on the ZyWALL/USG .................................... 721
Test the Result ...................................................................................... 722
What Could Go Wrong? .................................................................... 723
How to Set Up an IPv6-in-IPv4 Tunnel ..................................................... 723
Set Up the LAN IPv6 Interface on the ZyWALL/USG ........................ 724
Set Up the 6to4 Tunnel on the ZyWALL/USG .................................... 725
Set Up the Policy Route on the ZyWALL/USG ................................... 726
Test the Result ...................................................................................... 727
What Could Go Wrong? .................................................................... 728
How to Update Firmware Automatically from a USB Storage .............. 729
Automatic USB Firmware Upgrade Flow ............................................... 729
Enable the USB Firmware Upgrade Function by CLI Command ... 730
Save the Firmware on the USB .......................................................... 730
Plug the USB into the Device ............................................................. 731
The Device Checks Running Partition for the Model ID and the
Firmware Version ................................................................................ 731
Check Firmware Status ...................................................................... 732
What Can Go Wrong? ....................................................................... 733
How to Configure DHCP Option 60 – Vendor Class Identifier ............... 735
DHCP Option 60 Deployment Flow ...................................................... 736
Setting Up DHCP Option 60 on the Web GUI ................................... 736
Setting Up DHCP Option 60 on the CLI ............................................. 737
Test DHCP Option 60 .......................................................................... 738
What Can Go Wrong? ....................................................................... 738
How to Configure Device HA Pro ............................................................ 739
Device HA Pro License ....................................................................... 740
Behavior of the Device HA Pro ......................................................... 740
Device-HA Pro Setting Screen ........................................................... 740
Suggestions ......................................................................................... 742
How do I Configure Device HA Pro in My Current Environment? .. 743
What can go wrong? ......................................................................... 747
17/810
www.zyxel.com
How to setup Two-Factor Authentication for admin login .................... 748
Setup SMTP function on your device ................................................ 748
Create admin type user on device .................................................. 749
Setup Two-Factor Authentication for admin on your device ........ 750
Test the Result ...................................................................................... 751
What Can Go Wrong? ....................................................................... 753
How to configure Email Security for Phishing mail? .............................. 755
How it works ........................................................................................ 755
Set up Phishing on ATP ....................................................................... 756
Test the Result ...................................................................................... 757
What Can Go Wrong? ....................................................................... 757
How to setup Email to SMS ....................................................................... 759
Setup SMTP function on your device ................................................ 759
Setup Email to SMS Provider configuration ...................................... 760
Create admin type user on device .................................................. 761
Setup Two-Factor Authentication for admin on your device ........ 761
Test the Result ...................................................................................... 762
What Can Go Wrong? ....................................................................... 764
How to Use IP Reputation to Detect Threats ........................................... 765
Activating Reputation Filter Service ................................................. 766
Enabling IP Blocking on ATP .............................................................. 766
Selecting specific type of IP addresses to block ............................. 767
Adding IP addresses to white list and black list ............................... 767
Monitoring statistics for IP detection ................................................. 768
Test the Result ...................................................................................... 768
What Can Go Wrong? ....................................................................... 770
How to Use Two Factor with Google Authenticator for Admin Access?
.................................................................................................................... 771
Two Factor with Google Authenticator Flow ................................... 772
Enable Google Authentication on specific admin user ................. 772
Set up Google Authenticator ........................................................... 773
Configure valid time and login service types .................................. 777
Test the Result ...................................................................................... 778
18/810
www.zyxel.com
What Can Go Wrong? ........................................................................ 779
How to Configure Schedule Reboot in Device HA ................................ 781
Configurations .................................................................................... 781
Verification .......................................................................................... 782
What could go wrong ........................................................................ 782
How to Configure Reputation Filter- DNS Filter ....................................... 784
Set Up the DNS Filter on ATP Series .................................................... 785
Test the Result .................................................................................... 785
What Could Go Wrong? .................................................................... 787
How to customize external block list in Reputation Filter ..................... 788
Configure Block list in .txt file ............................................................. 789
Configure External Block list setting .................................................. 789
Check External Block List update status ........................................... 791
Verification .......................................................................................... 792
What Can Go Wrong ......................................................................... 793
How to set up Link Aggregation Group (LAG) ....................................... 794
Set up the Active-backup, 802.3ad, Balance-alb .......................... 794
Set up the balance-alb mode. ......................................................... 798
Test the Result ..................................................................................... 800
What can go wrong ........................................................................... 801
Remote access VPN Wizard .................................................................... 802
Set up VPN Tunnel .............................................................................. 802
Test the result ....................................................................................... 808
What can go wrong ........................................................................... 809
19/810
www.zyxel.com
How to Configure Site-to-site IPSec VPN with Amazon VPC
This example shows how to use the VPN Setup Wizard to create a site-to-site
VPN between a ZyWALL/USG and an Amazon VPC platform. The example
instructs how to configure the VPN tunnel between each site. When the VPN
tunnel is configured, each site can be accessed securely.
ZyWALL/USG Site-to-site IPSec VPN with Amazon VPC
Note:
All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG110 (Firmware Version: ZLD 4.25) and Amazon
VPC (June, 2016).
20/810
www.zyxel.com
Set Up the IPSec VPN Tunnel on the Amazon VPC
1 Sign into the Amazon AWS Management Console. Go to Networking > VPC.
Amazon AWS Management Console > Networking > VPC
2 In the upper left-hand of the screen, click Start VPC Wizard.
Amazon VPC Management Console > Networking > VPC > Start VPC Wizard
3 Select a VPC Configuration, select VPC with a Private Subnet Only and Hardware
VPN Access, and then click Select.
21/810
www.zyxel.com
Select a VPC Configuration > VPC with a Private Subnet Only and Hardware VPN
Access
4 VPC with a Private Subnet Only and Hardware VPN, add your IP CIDR block and
Private subnet. Click Next.
VPC with a Private Subnet Only and Hardware VPN
22/810
www.zyxel.com
5 Configure your VPN, add your ZyWALL/USG public IP address into Customer
Gateway IP. Name your Customer Gateway name and VPN Connection name.
Click Create VPC at the bottom of the blade.
Configure your VPN
6 In the VPC Dashboard, go to VPN Connections. Select Download Configuration
from the upper bar. Select Vendor and Platform to be Generic. Click Yes,
Download.
23/810
www.zyxel.com
VPC Dashboard > VPN Connections
7 Open the downloaded configuration txt. file, it displays IKE SA, IPSec SA and
Gateway IP address. Please make sure all the settings match your ZyWALL/USG’s
setting.
Configuration txt. File
24/810
www.zyxel.com
Set Up the IPSec VPN Tunnel on the ZyWALL/USG
In the ZyWALL/USG, go to Quick Setup > VPN Setup Wizard, use the VPN Settings
wizard to create a VPN rule that can be used with the Amazon VPC. Click Next.
Quick Setup > VPN Setup Wizard > Welcome
25/810
www.zyxel.com
Choose Advanced to create a VPN rule with the customize phase 1, phase 2
settings and authentication method. Click Next.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type
Type the Rule Name used to identify this VPN connection (and VPN gateway).
You may use 1-31 alphanumeric characters. This value is case-sensitive. Select
the rule to be Site-to-site. Click Next.
Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario)
26/810
www.zyxel.com
Then, configure the Secure Gateway IP as the peer Amazon VPC’s Gateway IP
address (in the example, 52.39.135.203); select My Address to be the interface
connected to the Internet.
Set the Negotiation, Encryption, Authentication, Key Group and SA Life Time
which Amazon VPC supports. Type a secure Pre-Shared Key.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase 1
Setting)
27/810
www.zyxel.com
Continue to Phase 2 Settings to select the Encapsulation, Encryption,
Authentication, and SA Life Time settings which Amazon VPC supports.
Set Local Policy to be the IP address range of the network connected to the
ZyWALL/USG and Remote Policy to be the IP address range of the network
connected to the Amazon VPC. Click OK.
28/810
www.zyxel.com
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings
(Phase 2 Setting)
29/810
www.zyxel.com
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings
(Summary)
Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear
in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings
appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the
wizard.
30/810
www.zyxel.com
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings >
Wizard Completed
Test the IPSec VPN Tunnel
Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click
Connect on the upper bar. The Status connect icon is lit when the interface is
connected.
CONFIGURATION > VPN > IPSec VPN > VPN Connection
Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up
Time and the Inbound(Bytes)/Outbound(Bytes) traffic.
MONITOR > VPN Monitor > IPSec
To test whether or not a tunnel is working, ping from a Local LAN to AWS VPC private
Subnet for verification. Ensure that both computers have Internet access.
Loading...
+ 780 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use