Zyxel USG20-VPN, USG20W-VPN, USG FLEX 50 User's Guide

Download

Default Login Details

User’s Guide

ZyWALL USG FLEX 50/ 50W Series

https://myrouter.local

https://192.168.1.1 User Name admin Password 1234

Version 5.35 Edition 1, 01/2023

IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.

Note: The version number on the cover page refers to the Zyxel Device’s latest firmware

version to which this User’s Guide applies.

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may need to

configure or helpful tips) or recommendations.

Syntax Conventions

• All models in this series may be referred to as the “Zyxel Device” in this guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration >

Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.

Icons Used in Figures

Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.

Zyxel Device Generic Router Wireless Router / Access Point

Switch Firewall Server

Internet Network Cloud Smartphone

USB Dongle

USG FLEX 50(W) Series User’s Guide

Contents Overview

Introduction ........................................................................................................................................... 23

Initial Setup Wizard ............................................................................................................................... 57

Hardware, Interfaces and Zones ........................................................................................................ 83

Easy Mode ............................................................................................................................................. 89

Quick Setup Wizards ........................................................................................................................... 153

Dashboard .......................................................................................................................................... 199

Monitor ................................................................................................................................................. 210

Licensing .............................................................................................................................................. 261

Wireless ................................................................................................................................................. 264

Interfaces ............................................................................................................................................. 278

Routing ................................................................................................................................................. 379

DDNS ................................................................................................................................................... 406

NAT ....................................................................................................................................................... 412

Redirect Service .................................................................................................................................. 421

ALG ....................................................................................................................................................... 427

UPnP ..................................................................................................................................................... 434

IP/MAC Binding ................................................................................................................................... 449

Layer 2 Isolation .................................................................................................................................. 454

DNS Inbound LB .................................................................................................................................. 458

IPSec VPN ............................................................................................................................................ 464

SSL VPN ................................................................................................................................................ 502

L2TP VPN .............................................................................................................................................. 508

BWM (Bandwidth Management) ..................................................................................................514

Web Authentication .......................................................................................................................... 530

Security Policy ..................................................................................................................................... 553

Content Filter ....................................................................................................................................... 584

Anti-Spam ............................................................................................................................................ 626

Astra Cloud Security ........................................................................................................................... 642

Object .................................................................................................................................................. 645

Mgmt. & Analytics ............................................................................................................................. 734

System .................................................................................................................................................. 746

Log and Report ................................................................................................................................... 810

File Manager ....................................................................................................................................... 823

Diagnostics ......................................................................................................................................... 843

Packet Flow Explore ........................................................................................................................... 859

Shutdown ............................................................................................................................................. 866

Troubleshooting .................................................................................................................................. 871

USG FLEX 50(W) Series User’s Guide

Table of Contents

Document Conventions ............................................ ............................................ .... ... .... ...................3

Contents Overview .............................................................................................................................4

Table of Contents.................................................................................................................................5

Part I: User’s Guide.......................................................................................... 22

Chapter 1

Introduction ........................................................................................................................................23

1.1 Overview ......................................................................................................................................... 23

1.1.1 Model Feature Differences .................................................................................................. 23

1.2 On Premises Mode ......................................................................................................................... 24

1.3 Nebula Mode .................................................................................................................................. 25

1.3.1 NCC Portal ............................................................................................................................. 26

1.3.2 Your Zyxel Device .................................................................................................................. 26

1.3.3 Your Email Account for ZTP .................................................................................................. 27

1.4 Change the Mode ......................................................................................................................... 27

1.4.1 From Nebula Mode to On Premises Mode ........................................................................ 27

1.4.2 From On Premises Mode to Nebula Mode ........................................................................ 28

1.5 Registration at myZyxel .................................................................................................................. 29

1.5.1 Applications ........................................................................................................................... 30

1.6 Management Overview ................................................................................................................ 32

1.7 Web Configurator ........................................................................................................................... 34

1.7.1 Web Configurator Access .................................................................................................... 34

1.7.2 Security Check for Web Interface Overview ..................................................................... 37

1.7.3 The Security Check for Web Interface Screen .................................................................. 40

1.7.4 Remote Access to the Zyxel Device Networks .................................................................. 42

1.7.5 Web Configurator Screens Overview ................................................................................. 42

1.7.6 Navigation Panel .................................................................................................................. 47

1.7.7 Tables and Lists ...................................................................................................................... 53

Chapter 2

Initial Setup Wizard.............................................................................................................................57

2.1 Initial Setup Wizard: Select Management Mode ........................................................................ 57

2.1.1 Welcome Screen .................................................................................................................. 58

2.1.2 Internet Access Setup - WAN Interface .............................................................................. 58

2.1.3 Internet Access: Ethernet .................................................................................................... 60

USG FLEX 50(W) Series User’s Guide

Table of Contents

2.1.4 Internet Access: PPPoE ......................................................................................................... 61

2.1.5 Internet Access: PPTP ........................................................................................................... 62

2.1.6 Internet Access: L2TP ............................................................................................................ 64

2.1.7 Internet Access Setup - Second WAN Interface ............................................................... 66

2.1.8 Internet Access: Congratulations ....................................................................................... 67

2.1.9 Date and Time Settings ........................................................................................................ 68

2.1.10 Register Device ................................................................................................................... 68

2.1.11 Activate Service .................................................................................................................. 70

2.1.12 Service Settings .................................................................................................................... 71

2.1.13 Service Settings: SecuReporter ..........................................................................................71

2.1.14 Wireless Settings: Management Mode ............................................................................. 73

2.1.15 Wireless Settings: AP Controller ......................................................................................... 73

2.1.16 Wireless Settings: SSID & Security ...................................................................................... 73

2.1.17 Remote Management ......................................................................................................74

2.2 Nebula Mode Initial Setup Wizard ................................................................................................ 75

2.2.1 Connect to Internet (WAN) ................................................................................................. 76

2.2.2 Internet Access: Ethernet ..................................................................................................... 77

2.2.3 Internet Access: PPPoE ......................................................................................................... 78

2.2.4 Internet Access: Congratulations ....................................................................................... 80

2.2.5 QR Code ................................................................................................................................ 81

Chapter 3

Hardware, Interfaces and Zones......................................................................................................83

3.1 Hardware Overview ....................................................................................................................... 83

3.1.1 Front Panels ............................................................................................................................ 83

3.1.2 Rear Panels ............................................................................................................................ 84

3.2 Installation Scenarios ...................................................................................................................... 85

3.2.1 Desk-mounting ...................................................................................................................... 85

3.2.2 Wall-mounting ....................................................................................................................... 86

3.3 Default Zones, Interfaces, and Ports ............................................................................................ 88

3.4 Stopping the Zyxel Device ............................................................................................................ 88

Chapter 4

Easy Mode..........................................................................................................................................89

4.1 Overview ........................................................................................................................................ 89

4.1.1 Objects and Rules ................................................................................................................. 89

4.1.2 Wizards and Links .................................................................................................................. 90

4.1.3 Easy Mode Settings ............................................................................................................... 91

4.1.4 Easy Mode Dashboard ......................................................................................................... 92

4.2 Initial Setup Wizard - Language and Overview ........................................................................ 94

4.2.1 Initial Setup Wizard - Internet ........................................................................................... 95

4.2.2 Initial Setup Wizard - Internet Access Errors ..................................................................... 95

4.2.3 Initial Setup Wizard - Date and Time ................................................................................ 97

USG FLEX 50(W) Series User’s Guide

Table of Contents

4.2.4 Initial Setup Wizard - Register Device .............................................................................. 98

4.2.5 Initial Setup Wizard - Activate Services ............................................................................ 99

4.2.6 Initial Setup Wizard - Wi-Fi ................................................................................................ 101

4.2.7 Initial Setup Wizard - Congratulations ............................................................................ 102

4.3 Initial Setup Wizard - Security Service ..................................................................................... 103

4.4 Initial Setup Wizard - Port Forwarding ....................................................................................... 105

4.5 Initial Setup Wizard - Guest LAN ............................................................................................... 106

4.5.1 Connecting AP Scenarios ..................................................................................................107

4.6 Initial Setup Wizard - VPN ........................................................................................................... 109

4.6.1 VPN Setup Wizard: Wizard Type ...................................................................................... 110

4.6.2 VPN Express Wizard - Scenario ......................................................................................... 110

4.6.3 VPN Express Wizard - Configuration ................................................................................ 113

4.6.4 VPN Express Wizard - Summary ........................................................................................ 113

4.6.5 VPN Express Wizard - Finish ............................................................................................... 114

4.6.6 VPN Advanced Wizard - Scenario .................................................................................. 115

4.6.7 VPN Advanced Wizard - Phase 1 Settings ..................................................................... 116

4.6.8 VPN Advanced Wizard - Phase 2 .................................................................................... 118

4.6.9 VPN Advanced Wizard - Summary ................................................................................. 119

4.6.10 VPN Advanced Wizard - Finish ...................................................................................... 121

4.7 VPN Settings for Configuration Provisioning Wizard: Wizard Type ......................................... 122

4.7.1 Configuration Provisioning Express Wizard - VPN Settings ............................................ 123

4.7.2 Configuration Provisioning VPN Express Wizard - Configuration ................................. 124

4.7.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ..................... 125

4.7.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. 125

4.7.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................ 126

4.7.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings .... 127

4.7.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 ................. 129

4.7.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ............... 130

4.7.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish ....................... 132

4.8 VPN Settings for L2TP VPN Settings Wizard ............................................................................... 133

4.8.1 L2TP VPN Settings 1 ............................................................................................................. 135

4.8.2 L2TP VPN Settings 2 ............................................................................................................ 135

4.8.3 VPN Settings for L2TP VPN Setting Wizard - Summary ................................................... 136

4.8.4 VPN Settings for L2TP VPN Setting Wizard Completed .................................................. 137

4.9 Port Forwarding ........................................................................................................................... 138

4.9.1 Port Forwarding > Add Client .......................................................................................... 139

4.9.2 Port Forwarding > Add Service ........................................................................................ 139

4.9.3 Port Forwarding > UPnP .................................................................................................... 139

4.10 Wi-Fi and Guest Network Wizard ........................................................................................... 141

4.10.1 Guest LAN (Wired Network) ........................................................................................... 142

4.10.2 Connecting AP Scenarios ................................................................................................ 143

4.11 Security Service Wizard .......................................................................................................... 144

4.11.1 Security Service Wizard 2 - Content Filter Categories ............................................... 145

USG FLEX 50(W) Series User’s Guide

Table of Contents

4.11.2 Security Service Wizard 3 - Websites ........................................................................... 147

4.11.3 Security Service Wizard 4 - Exemptions ...................................................................... 148

4.11.4 Security Service Wizard 5 - IDP/AV .............................................................................. 149

4.12 MyZyxel Portal ......................................................................................................................... 150

4.13 One Security Portal ................................................................................................................. 151

Chapter 5

Quick Setup Wizards........................................................................................................................153

5.1 Quick Setup Overview ................................................................................................................. 153

5.2 WAN Interface Quick Setup ........................................................................................................ 154

5.2.1 Choose an Ethernet Interface ........................................................................................... 154

5.2.2 Select WAN Type ................................................................................................................. 155

5.2.3 Configure WAN IP Settings ................................................................................................. 155

5.2.4 ISP and WAN and ISP Connection Settings ...................................................................... 156

5.2.5 Quick Setup Interface Wizard: Summary ......................................................................... 159

5.3 Remote Access VPN Setup-Scenario ......................................................................................... 160

5.3.1 IKEv2 IPSec Client- VPN Configuration ............................................................................. 161

5.3.2 IKEv2 IPSec Client- User Authentication ............................................................................ 163

5.3.3 IKEv2 IPSec Client- Summary ..............................................................................................163

5.3.4 IKEv2 IPSec Client-Config Provision ................................................................................... 164

5.3.5 L2TP over IPSec Client-VPN Configuration ....................................................................... 165

5.3.6 L2TP over IPSec Client- User Authentication .................................................................... 166

5.3.7 L2TP over IPSec Client- Summary ...................................................................................... 167

5.3.8 L2TP over IPSec Client-Config Provision ............................................................................ 168

5.4 VPN Setup Wizard ......................................................................................................................... 168

5.4.1 Welcome .............................................................................................................................. 168

5.4.2 VPN Setup Wizard: Wizard Type ........................................................................................ 169

5.4.3 VPN Express Wizard - Scenario .......................................................................................... 170

5.4.4 VPN Express Wizard - Configuration ................................................................................. 171

5.4.5 VPN Express Wizard - Summary ......................................................................................... 171

5.4.6 VPN Express Wizard - Finish ................................................................................................ 172

5.4.7 VPN Advanced Wizard - Scenario ................................................................................... 173

5.4.8 VPN Advanced Wizard - Phase 1 Settings ...................................................................... 174

5.4.9 VPN Advanced Wizard - Phase 2 ..................................................................................... 176

5.4.10 VPN Advanced Wizard - Summary ................................................................................ 177

5.4.11 VPN Advanced Wizard - Finish ....................................................................................... 179

5.5 VPN Settings for Configuration Provisioning Wizard: Wizard Type ........................................... 180

5.5.1 Configuration Provisioning Express Wizard - VPN Settings ............................................. 180

5.5.2 Configuration Provisioning VPN Express Wizard - Configuration .................................. 181

5.5.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ...................... 182

5.5.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. 183

5.5.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................. 184

5.5.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings .... 185

USG FLEX 50(W) Series User’s Guide

Table of Contents

5.5.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................. 186

5.5.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................ 187

5.5.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish ....................... 190

5.6 VPN Settings for L2TP VPN Settings Wizard ................................................................................. 190

5.6.1 L2TP VPN Settings ................................................................................................................ 191

5.6.2 L2TP VPN Settings ................................................................................................................ 192

5.6.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... 192

5.6.4 VPN Settings for L2TP VPN Setting Wizard - Completed ................................................ 194

5.7 Wireless Setup Wizard ................................................................................................................... 194

5.7.1 SSID ....................................................................................................................................... 195

5.7.2 Radio .................................................................................................................................... 195

5.7.3 Summary .............................................................................................................................. 197

5.7.4 Wizard Completed ............................................................................................................. 197

Chapter 6

Dashboard........................................................................................................................................199

6.1 Overview ....................................................................................................................................... 199

6.1.1 What You Can Do in this Chapter ..................................................................................... 199

6.2 The General Screen ..................................................................................................................... 199

6.2.1 Device Information Screen ................................................................................................201

6.2.2 System Status Screen .......................................................................................................... 202

6.2.3 Tx/Rx Statistics ...................................................................................................................... 202

6.2.4 The Latest Logs Screen ....................................................................................................... 203

6.2.5 System Resources Screen ................................................................................................... 203

6.2.6 DHCP Table Screen ............................................................................................................. 204

6.2.7 Number of Login Users Screen ........................................................................................... 205

6.2.8 Current Login User ............................................................................................................... 206

6.2.9 VPN Status ............................................................................................................................ 206

6.2.10 SSL VPN Status .................................................................................................................... 207

6.3 The VPN Screen ............................................................................................................................ 207

Part II: Technical Reference.........................................................................209

Chapter 7

Monitor..............................................................................................................................................210

7.1 Overview ....................................................................................................................................... 210

7.1.1 What You Can Do in this Chapter ..................................................................................... 210

7.2 The Port Statistics Screen ............................................................................................................ 211

7.2.1 The Port Statistics Graph Screen ....................................................................................... 212

7.3 Interface Status Screen ................................................................................................................ 213

7.4 The Traffic Statistics Screen .......................................................................................................... 217

USG FLEX 50(W) Series User’s Guide

Table of Contents

7.5 The Session Monitor Screen ........................................................................................................ 220

7.6 The DHCP Table Screen ............................................................................................................... 222

7.7 The Device Insight Screen ........................................................................................................... 223

7.7.1 The Device Insight Edit Screen ...........................................................................................226

7.7.2 The Device Insight Feedback Screen ............................................................................... 227

7.8 The Login Users Screen ................................................................................................................. 228

7.9 IGMP Statistics ............................................................................................................................... 229

7.10 The DDNS Status Screen ............................................................................................................. 230

7.11 IP/MAC Binding ........................................................................................................................... 231

7.12 Cellular Status Screen ................................................................................................................ 231

7.12.1 More Information .............................................................................................................. 234

7.13 The UPnP Port Status Screen ..................................................................................................... 235

7.14 USB Storage Screen .................................................................................................................... 236

7.15 Ethernet Neighbor Screen ........................................................................................................ 237

7.16 FQDN Object Screen ................................................................................................................ 238

7.17 AP Information: Radio List ......................................................................................................... 240

7.17.1 Radio List: More Information ............................................................................................242

7.18 SSID Info .................................................................................................................................... 243

7.19 Station Info: Station List .............................................................................................................. 244

7.20 Station Info: Top N Stations ........................................................................................................ 246

7.21 Station Info: Single Station ......................................................................................................... 247

7.22 The IPSec Screen ........................................................................................................................ 248

7.22.1 Regular Expressions in Searching IPSec SAs ................................................................... 250

7.23 The SSL Screen ............................................................................................................................. 250

7.24 The L2TP over IPSec Screen ....................................................................................................... 251

7.25 The Content Filter Screen .......................................................................................................... 252

7.25.1 Web Content Filter ............................................................................................................ 252

7.25.2 DNS Content Filter ............................................................................................................. 253

7.26 The Anti-Spam Screens .............................................................................................................. 254

7.26.1 Anti-Spam Summary ......................................................................................................... 254

7.26.2 The Anti-Spam Status Screen ........................................................................................... 256

7.27 Log Screens ................................................................................................................................. 258

7.27.1 View Log ............................................................................................................................ 258

Chapter 8

Licensing...........................................................................................................................................261

8.1 Registration Overview .................................................................................................................. 261

8.1.1 What you Need to Know ....................................................................................................261

8.1.2 Registration Screen ............................................................................................................. 261

8.1.3 Service Screen ..................................................................................................................... 262

Chapter 9

Wireless.............................................................................................................................................264

USG FLEX 50(W) Series User’s Guide

Table of Contents

9.1 Overview ....................................................................................................................................... 264

9.1.1 What You Can Do in this Chapter ..................................................................................... 264

9.2 Built-in AP ...................................................................................................................................... 264

9.2.1 Wireless > Built-in AP > General >Add/Edit SSID ............................................................... 265

9.2.2 Wireless > Built-in AP > Radio .............................................................................................. 269

9.3 Technical Reference .................................................................................................................... 276

9.3.1 Dynamic Channel Selection .............................................................................................. 276

9.3.2 Load Balancing ................................................................................................................... 277

Chapter 10

Interfaces..........................................................................................................................................278

10.1 Interface Overview .................................................................................................................... 278

10.1.1 What You Can Do in this Chapter ................................................................................... 278

10.1.2 What You Need to Know ................................................................................................. 279

10.1.3 What You Need to Do First ...............................................................................................283

10.2 Port Role ....................................................................................................................................... 283

10.3 Port Group ................................................................................................................................... 284

10.4 Port Configuration ...................................................................................................................... 285

10.5 Ethernet Summary Screen ......................................................................................................... 287

10.5.1 Ethernet Edit ...................................................................................................................... 289

10.5.2 Proxy ARP ........................................................................................................................... 305

10.5.3 Virtual Interfaces .............................................................................................................. 306

10.5.4 References ......................................................................................................................... 308

10.5.5 Add/Edit DHCPv6 Request/Release Options ................................................................. 308

10.5.6 Add/Edit DHCP Extended Options ................................................................................. 309

10.6 PPP Interfaces ............................................................................................................................. 311

10.6.1 PPP Interface Summary .................................................................................................... 311

10.6.2 PPP Interface Add or Edit ................................................................................................ 313

10.7 Cellular Configuration Screen ................................................................................................... 318

10.7.1 Cellular Choose Slot ......................................................................................................... 321

10.7.2 Add / Edit Cellular Configuration .................................................................................... 321

10.8 Tunnel Interfaces ........................................................................................................................ 327

10.8.1 Configuring a Tunnel ........................................................................................................ 329

10.8.2 Tunnel Add or Edit Screen ................................................................................................ 330

10.9 VLAN Interfaces ......................................................................................................................... 334

10.9.1 VLAN Summary Screen .....................................................................................................335

10.9.2 VLAN Add/Edit ................................................................................................................. 336

10.10 Bridge Interfaces ...................................................................................................................... 348

10.10.1 Bridge Summary .............................................................................................................. 349

10.10.2 Bridge Add/Edit .............................................................................................................. 351

10.11 VTI ............................................................................................................................................... 361

10.11.1 Restrictions for IPSec Virtual Tunnel Interface .............................................................. 362

10.11.2 VTI Screen ........................................................................................................................ 362

USG FLEX 50(W) Series User’s Guide

Table of Contents

10.11.3 VTI Add/Edit ..................................................................................................................... 363

10.12 Trunk Overview ......................................................................................................................... 367

10.12.1 What You Need to Know ............................................................................................... 367

10.13 The Trunk Summary Screen ...................................................................................................... 370

10.13.1 Configuring a User-Defined Trunk ................................................................................. 371

10.13.2 Configuring the System Default Trunk .......................................................................... 373

10.14 Interface Technical Reference ............................................................................................... 374

Chapter 11

Routing..............................................................................................................................................379

11.1 Policy and Static Routes Overview ........................................................................................... 379

11.1.1 What You Can Do in this Chapter ................................................................................... 379

11.1.2 What You Need to Know ................................................................................................ 380

11.2 Policy Route Screen ................................................................................................................... 381

11.2.1 Policy Route Edit Screen .................................................................................................. 383

11.3 IP Static Route Screen ................................................................................................................ 388

11.3.1 Static Route Add/Edit Screen .......................................................................................... 388

11.4 Policy Routing Technical Reference ........................................................................................390

11.5 Routing Protocols Overview ..................................................................................................... 390

11.5.1 What You Need to Know ................................................................................................. 391

11.6 The RIP Screen ............................................................................................................................. 391

11.7 The OSPF Screen ......................................................................................................................... 393

11.7.1 Configuring the OSPF Screen .......................................................................................... 396

11.7.2 OSPF Area Add/Edit Screen ........................................................................................... 397

11.7.3 Virtual Link Add/Edit Screen ...........................................................................................399

11.8 BGP (Border Gateway Protocol) .............................................................................................. 400

11.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................ 401

11.8.2 Configuring the BGP Screen ............................................................................................ 401

11.8.3 The BGP Neighbors Screen .............................................................................................. 403

11.8.4 Example Scenario ............................................................................................................. 404

Chapter 12

DDNS ................................................................................................................................................406

12.1 DDNS Overview ........................................................................................................................... 406

12.1.1 What You Can Do in this Chapter ................................................................................... 406

12.1.2 What You Need to Know ................................................................................................. 406

12.2 The DDNS Screen ........................................................................................................................ 407

12.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ 408

Chapter 13

NAT....................................................................................................................................................412

13.1 Overview ..................................................................................................................................... 412

13.2 NAT Overview ............................................................................................................................. 412

USG FLEX 50(W) Series User’s Guide

Table of Contents

13.2.1 What You Can Do in this Chapter ................................................................................... 412

13.2.2 What You Need to Know ................................................................................................. 412

13.3 The NAT Screen ........................................................................................................................... 414

13.3.1 The NAT Add/Edit Screen .................................................................................................415

13.4 NAT Technical Reference .......................................................................................................... 418

Chapter 14

Redirect Service...............................................................................................................................421

14.1 Overview ..................................................................................................................................... 421

14.1.1 HTTP Redirect ..................................................................................................................... 421

14.1.2 SMTP Redirect .................................................................................................................... 421

14.1.3 What You Can Do in this Chapter ................................................................................... 422

14.1.4 What You Need to Know ................................................................................................. 422

14.2 The Redirect Service Screen ..................................................................................................... 424

14.2.1 The Redirect Service Edit Screen ..................................................................................... 425

Chapter 15

ALG....................................................................................................................................................427

15.1 ALG Overview ............................................................................................................................. 427

15.1.1 What You Need to Know ................................................................................................. 427

15.1.2 Before You Begin ............................................................................................................... 430

15.2 The ALG Screen .......................................................................................................................... 430

15.3 ALG Technical Reference ......................................................................................................... 432

Chapter 16

UPnP...................................................................................................................................................434

16.1 UPnP and NAT-PMP Overview ................................................................................................... 434

16.2 What You Need to Know ........................................................................................................... 434

16.2.1 NAT Traversal ..................................................................................................................... 434

16.2.2 Cautions with UPnP and NAT-PMP .................................................................................. 435

16.3 UPnP Screen ................................................................................................................................ 435

16.4 Technical Reference .................................................................................................................. 436

16.4.1 Turning on UPnP in Windows 7 Example ......................................................................... 436

16.4.2 Turn on UPnP in Windows 10 Example ............................................................................ 440

16.4.3 Auto-discover Your UPnP-enabled Network Device .................................................... 442

16.4.4 Web Configurator Easy Access in Windows 7 ............................................................... 445

16.4.5 Web Configurator Easy Access in Windows 10 ............................................................. 447

Chapter 17

IP/MAC Binding................................................................................................................................449

17.1 IP/MAC Binding Overview ......................................................................................................... 449

17.1.1 What You Can Do in this Chapter ................................................................................... 449

17.1.2 What You Need to Know ................................................................................................. 449

USG FLEX 50(W) Series User’s Guide

Table of Contents

17.2 IP/MAC Binding Summary ......................................................................................................... 450

17.2.1 IP/MAC Binding Edit .......................................................................................................... 451

17.2.2 Static DHCP Edit ................................................................................................................ 452

17.3 IP/MAC Binding Exempt List ....................................................................................................... 453

Chapter 18

Layer 2 Isolation...............................................................................................................................454

18.1 Overview ..................................................................................................................................... 454

18.1.1 What You Can Do in this Chapter ................................................................................... 454

18.2 Layer-2 Isolation General Screen ............................................................................................. 454

18.3 Allow List Screen ......................................................................................................................... 455

18.3.1 Add/Edit Allow List Rule ................................................................................................... 456

Chapter 19

DNS Inbound LB................................................................................................................................458

19.1 DNS Inbound Load Balancing Overview ................................................................................. 458

19.1.1 What You Can Do in this Chapter ................................................................................... 458

19.2 The DNS Inbound LB Screen ...................................................................................................... 459

19.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ 460

19.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ 462

Chapter 20

IPSec VPN .........................................................................................................................................464

20.1 Virtual Private Networks (VPN) Overview ................................................................................. 464

20.1.1 What You Can Do in this Chapter ................................................................................... 466

20.1.2 What You Need to Know ................................................................................................. 466

20.1.3 Before You Begin ............................................................................................................... 469

20.2 The VPN Connection Screen ..................................................................................................... 469

20.2.1 The VPN Connection Add/Edit Screen .......................................................................... 471

20.3 The VPN Gateway Screen ......................................................................................................... 478

20.3.1 The VPN Gateway Add/Edit Screen ............................................................................... 480

20.4 VPN Concentrator ..................................................................................................................... 487

20.4.1 VPN Concentrator Requirements and Suggestions ...................................................... 488

20.4.2 VPN Concentrator Screen ............................................................................................... 488

20.4.3 The VPN Concentrator Add/Edit Screen ........................................................................ 489

20.5 Zyxel Device IPSec VPN Client Configuration Provisioning .................................................... 490

20.6 IPSec VPN Background Information ......................................................................................... 492

Chapter 21

SSL VPN..............................................................................................................................................502

21.1 Overview ..................................................................................................................................... 502

21.1.1 What You Can Do in this Chapter ................................................................................... 502

21.1.2 What You Need to Know ................................................................................................. 502

USG FLEX 50(W) Series User’s Guide

Table of Contents

21.2 The SSL Access Privilege Screen ................................................................................................ 503

21.2.1 The SSL Access Privilege Policy Add/Edit Screen ......................................................... 504

21.3 The SSL Global Setting Screen ................................................................................................... 506

Chapter 22

L2TP VPN..................................... ... .... .... ............................................ ... .... .........................................508

22.1 Overview ..................................................................................................................................... 508

22.1.1 What You Can Do in this Chapter ................................................................................... 508

22.1.2 What You Need to Know ................................................................................................. 508

22.2 L2TP VPN Screen ......................................................................................................................... 509

22.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................ 511

Chapter 23

BWM (Bandwidth Management) .................................................................................................514

23.1 Overview ..................................................................................................................................... 514

23.1.1 What You Can Do in this Chapter ................................................................................... 514

23.1.2 What You Need to Know ................................................................................................ 514

23.2 The Bandwidth Management Configuration .......................................................................... 518

23.2.1 The Bandwidth Management Add/Edit Screen ............................................................ 521

Chapter 24

Web Authentication ........................................................................................................................530

24.1 Web Auth Overview ................................................................................................................... 530

24.1.1 What You Can Do in this Chapter ................................................................................... 530

24.1.2 What You Need to Know ................................................................................................. 531

24.2 Web Authentication General Screen ...................................................................................... 531

24.2.1 User-aware Access Control Example ............................................................................. 537

24.2.2 Authentication Type Screen ............................................................................................ 543

24.2.3 Custom Web Portal / User Agreement File Screen ....................................................... 547

24.2.4 Facebook Wi-Fi Screen ..................................................................................................... 548

Chapter 25

Security Policy..................................................................................................................................553

25.1 Overview ..................................................................................................................................... 553

25.2 One Security ................................................................................................................................ 554

25.3 What You Can Do in this Chapter ............................................................................................ 557

25.3.1 What You Need to Know ................................................................................................. 557

25.4 The Security Policy Screen ......................................................................................................... 559

25.4.1 Configuring the Security Policy Control Screen ............................................................ 560

25.4.2 The Security Check for Web Interface Screen .............................................................. 563

25.4.3 The Security Policy Control Add/Edit Screen ................................................................. 565

25.5 Anomaly Detection and Prevention Overview ...................................................................... 567

25.5.1 The Anomaly Detection and Prevention General Screen ........................................... 567

USG FLEX 50(W) Series User’s Guide

Table of Contents

25.5.2 Creating New ADP Profiles ..............................................................................................569

25.5.3 Traffic Anomaly Profiles ................................................................................................... 571

25.5.4 Protocol Anomaly Profiles ................................................................................................ 573

25.5.5 The ADP Allow List Screen ................................................................................................ 577

25.5.6 Creating New ADP Allow List Rule ................................................................................... 578

25.6 The Session Control Screen ........................................................................................................ 578

25.6.1 The Session Control Add/Edit Screen .............................................................................. 580

25.7 Security Policy Example Applications ......................................................................................581

Chapter 26

Content Filter ....................................................................................................................................584

26.1 Overview ..................................................................................................................................... 584

26.1.1 What You Can Do in this Chapter ................................................................................... 584

26.1.2 What You Need to Know ................................................................................................. 584

26.1.3 Before You Begin ............................................................................................................... 586

26.2 Web Content Filter General Screen .........................................................................................587

26.2.1 Apply to a Security Policy ................................................................................................ 588

26.2.2 Web Content Filter Add Category Service .................................................................... 591

26.2.3 Content Filter Add Filter Profile Custom Service ........................................................... 604

26.3 Web Content Filter Trusted Web Sites Screen ........................................................................ 607

26.4 Web Content Filter Forbidden Web Sites Screen ................................................................... 608

26.5 DNS Content Filter General Screen .......................................................................................... 609

26.5.1 DNS Content Filter Add Profile ......................................................................................... 611

26.6 DNS Content Filter Allow List Screen ......................................................................................... 623

26.7 DNS Content Filter Block List Screen ......................................................................................... 624

26.8 Content Filter Technical Reference ......................................................................................... 624

Chapter 27

Anti-Spam.........................................................................................................................................626

27.1 Overview ..................................................................................................................................... 626

27.1.1 What You Can Do in this Chapter ................................................................................... 626

27.1.2 What You Need to Know ................................................................................................. 626

27.2 Before You Begin ........................................................................................................................ 627

27.3 The Anti-Spam Profile Screen .................................................................................................... 628

27.3.1 The Anti-Spam Profile Add or Edit Screen ...................................................................... 629

27.4 The Mail Scan Screen ................................................................................................................. 631

27.5 The Anti-Spam Block List Screen ............................................................................................... 632

27.5.1 The Anti-Spam Block or Allow List Add/Edit Screen ...................................................... 634

27.5.2 Regular Expressions in Block or Allow List Entries ............................................................ 635

27.6 The Anti-Spam Allow List Screen ............................................................................................... 635

27.7 The DNSBL Screen ....................................................................................................................... 637

27.8 Anti-Spam Technical Reference ............................................................................................... 638

USG FLEX 50(W) Series User’s Guide

Table of Contents

Chapter 28

Astra Cloud Security....................................... ... .... ..........................................................................642

28.1 Overview ..................................................................................................................................... 642

28.2 Astra Cloud Security Screen ...................................................................................................... 643

Chapter 29

Object...............................................................................................................................................645

29.1 The Device Insight Screen ......................................................................................................... 645

29.1.1 Device Insight Add/Edit Screen ...................................................................................... 646

29.1.2 Example: Block a Profile ................................................................................................... 647

29.2 Zones Overview .......................................................................................................................... 651

29.2.1 What You Need to Know ................................................................................................. 652

29.2.2 The Zone Screen ................................................................................................................ 653

29.3 User/Group Overview ................................................................................................................ 654

29.3.1 What You Need To Know ................................................................................................. 655

29.3.2 User/Group User Summary Screen .................................................................................. 657

29.3.3 User Add/Edit General Screen ........................................................................................ 658

29.3.4 User Add/Edit Two-factor Authentication Screen ........................................................ 662

29.3.5 User/Group Group Summary Screen .............................................................................. 665

29.3.6 User/Group Setting Screen ............................................................................................. 666

29.3.7 User/Group MAC Address Summary Screen ................................................................ 671

29.3.8 User /Group Technical Reference .................................................................................. 673

29.4 Address/Geo IP Overview ....................................................................................................... 674

29.4.1 What You Need To Know ................................................................................................. 674

29.4.2 Address Summary Screen ................................................................................................ 675

29.4.3 Address Group Summary Screen .................................................................................... 679

29.4.4 Geo IP Summary Screen .................................................................................................. 681

29.5 Service Overview ........................................................................................................................ 684

29.5.1 What You Need to Know ................................................................................................. 684

29.5.2 The Service Summary Screen .......................................................................................... 685

29.5.3 The Service Group Summary Screen ............................................................................. 687

29.6 Schedule Overview ................................................................................................................... 689

29.6.1 What You Need to Know ................................................................................................. 689

29.6.2 The Schedule Screen ........................................................................................................ 690

29.6.3 The Schedule Group Screen ............................................................................................ 693

29.7 AAA Server Overview ............................................................................................................... 694

29.7.1 Directory Service (AD/LDAP) ........................................................................................... 695

29.7.2 RADIUS Server .................................................................................................................... 695

29.7.3 ASAS .................................................................................................................................... 695

29.7.4 What You Need To Know ................................................................................................. 696

29.7.5 Active Directory or LDAP Server Summary ..................................................................... 697

29.7.6 RADIUS Server Summary ...................................................................................................701

29.8 Auth. Method Overview ........................................................................................................... 704

USG FLEX 50(W) Series User’s Guide

Table of Contents

29.8.1 Before You Begin ............................................................................................................... 704

29.8.2 Example: Selecting a VPN Authentication Method ..................................................... 704

29.8.3 Authentication Method Objects ..................................................................................... 705

29.8.4 Two-Factor Authentication .............................................................................................. 707

29.8.5 Two-Factor Authentication VPN Access ........................................................................ 710

29.8.6 Two-Factor Authentication Admin Access .................................................................... 712

29.9 Certificate Overview .................................................................................................................. 713

29.9.1 What You Need to Know ................................................................................................. 714

29.9.2 Verifying a Certificate ...................................................................................................... 715

29.9.3 The My Certificates Screen ..............................................................................................716

29.9.4 The Trusted Certificates Screen ...................................................................................... 725

29.9.5 Certificates Technical Reference ................................................................................... 730

29.10 ISP Account Overview ............................................................................................................ 730

29.10.1 ISP Account Summary ....................................................................................................730

Chapter 30

Mgmt. & Analytics...........................................................................................................................734

30.1 Mgmt. & Analytics Overview ..................................................................................................... 734

30.1.1 What You Can Do in this Chapter ................................................................................... 734

30.2 Cloud CNM SecuManager ....................................................................................................... 734

30.3 Cloud CNM SecuReporter ......................................................................................................... 737

30.4 Nebula ......................................................................................................................................... 742

30.4.1 Scenario A-Native Mode ................................................................................................. 742

30.4.2 Scenario B-Zero Touch Provisioning (ZTP) ....................................................................... 744

Chapter 31

System...............................................................................................................................................746

31.1 Overview ..................................................................................................................................... 746

31.1.1 What You Can Do in this Chapter ................................................................................... 746

31.2 Host Name ................................................................................................................................... 747

31.3 USB Storage ................................................................................................................................. 747

31.4 Date and Time ............................................................................................................................ 749

31.4.1 Pre-defined NTP Time Servers List ..................................................................................... 752

31.4.2 Time Server Synchronization ............................................................................................ 752

31.5 Console Port Speed ................................................................................................................... 753

31.6 DNS Overview ............................................................................................................................. 754

31.6.1 DNS Server Address Assignment ...................................................................................... 754

31.6.2 Configuring the DNS Screen ............................................................................................ 754

31.6.3 (IPv6) Address Record ...................................................................................................... 758

31.6.4 PTR Record ......................................................................................................................... 758

31.6.5 Adding an (IPv6) Address/PTR Record .......................................................................... 758

31.6.6 CNAME Record ................................................................................................................. 759

31.6.7 Adding a CNAME Record ................................................................................................ 759

USG FLEX 50(W) Series User’s Guide

Table of Contents

31.6.8 Domain Zone Forwarder ................................................................................................. 760

31.6.9 Adding a Domain Zone Forwarder ................................................................................. 760

31.6.10 MX Record ...................................................................................................................... 761

31.6.11 Adding a MX Record ...................................................................................................... 761

31.6.12 Security Option Control .................................................................................................. 762

31.6.13 Editing a Security Option Control .................................................................................. 762

31.6.14 Adding a DNS Service Control Rule .............................................................................. 763

31.7 WWW Overview .......................................................................................................................... 764

31.7.1 Service Access Limitations ............................................................................................... 764

31.7.2 System Timeout .................................................................................................................. 764

31.7.3 HTTPS ................................................................................................................................... 764

31.7.4 Configuring WWW Service Control ................................................................................. 765

31.7.5 Service Control Rules ........................................................................................................ 768

31.7.6 Customizing the WWW Login Page ................................................................................ 769

31.7.7 HTTPS Example ................................................................................................................... 774

31.8 SSH ............................................................................................................................................. 781

31.8.1 SSH Implementation on the Zyxel Device ...................................................................... 782

31.8.2 Requirements for Using SSH ..............................................................................................782

31.8.3 Configuring SSH ................................................................................................................. 782

31.8.4 Service Control Rules ........................................................................................................ 783

31.8.5 SSH Example ...................................................................................................................... 784

31.9 Telnet ........................................................................................................................................... 785

31.9.1 Configuring Telnet ............................................................................................................. 785

31.9.2 Service Control Rules ........................................................................................................ 787

31.10 FTP .............................................................................................................................................. 787

31.10.1 Configuring FTP ................................................................................................................ 787

31.10.2 Service Control Rules ...................................................................................................... 789

31.11 SNMP ......................................................................................................................................... 789

31.11.1 SNMPv3 and Security ...................................................................................................... 790

31.11.2 Supported MIBs ............................................................................................................... 791

31.11.3 SNMP Traps ....................................................................................................................... 791

31.11.4 Configuring SNMP ........................................................................................................... 791

31.11.5 Add SNMPv3 User ............................................................................................................ 793

31.11.6 Service Control Rules ...................................................................................................... 794

31.12 Authentication Server .............................................................................................................. 795

31.12.1 Add/Edit Trusted RADIUS Client .................................................................................... 796

31.13 Notification > Mail Server ......................................................................................................... 797

31.14 Notification > SMS ..................................................................................................................... 799

31.15 Notification > Response Message .........................................................................................800

31.16 Language Screen ..................................................................................................................... 801

31.17 IPv6 Screen ................................................................................................................................ 802

31.18 Zyxel One Network (ZON) Utility ............................................................................................. 802

31.18.1 Requirements ................................................................................................................... 803

USG FLEX 50(W) Series User’s Guide

Table of Contents

31.18.2 Run the ZON Utility ........................................................................................................... 803

31.18.3 Zyxel One Network (ZON) System Screen .................................................................... 807

31.19 Advanced Screen .................................................................................................................... 807

31.19.1 Fast Forwarding Technical Reference .......................................................................... 808

Chapter 32

Log and Report....... .... ... ............................................. ... .... ............................................ ...................810

32.1 Overview ..................................................................................................................................... 810

32.1.1 What You Can Do In this Chapter .................................................................................. 810

32.2 Email Daily Report ....................................................................................................................... 810

32.3 Log Setting Screens ................................................................................................................... 812

32.3.1 Log Setting Summary ........................................................................................................ 812

32.3.2 Edit System Log Settings .................................................................................................. 814

32.3.3 Edit Log on USB Storage Setting ..................................................................................... 817

32.3.4 Edit Remote Server Log Settings ..................................................................................... 818

32.3.5 Log Category Settings Screen ......................................................................................... 820

Chapter 33

File Manager ....................................................................................................................................823

33.1 Overview ..................................................................................................................................... 823

33.1.1 What You Can Do in this Chapter ................................................................................... 823

33.1.2 What you Need to Know .................................................................................................. 823

33.2 The Configuration Screen .......................................................................................................... 827

33.2.1 The Configuration Schedule Backup Screen ................................................................ 832

33.3 Firmware Management ........................................................................................................... 833

33.3.1 Cloud Helper ..................................................................................................................... 833

33.3.2 The Firmware Management Screen ............................................................................... 835

33.3.3 Firmware Upgrade via USB Stick ...................................................................................... 839

33.3.4 Firmware Integrity Check ................................................................................................. 839

33.4 The Shell Script Screen .............................................................................................................. 840

Chapter 34

Diagnostics ......................................................................................................................................843

34.1 Overview ..................................................................................................................................... 843

34.1.1 What You Can Do in this Chapter ................................................................................... 843

34.2 The Diagnostics Screens ............................................................................................................ 843

34.2.1 Scripts ................................................................................................................................. 843

34.2.2 The Diagnostics Controller Screen .................................................................................. 844

34.2.3 The Diagnostics Files Screen ............................................................................................846

34.3 The Packet Capture Screen ...................................................................................................... 847

34.3.1 The Packet Capture Files Screen .................................................................................... 850

34.4 The CPU / Memory Status Screen ............................................................................................ 851

34.5 The System Log Screen .............................................................................................................. 852

USG FLEX 50(W) Series User’s Guide

Table of Contents

34.6 The Network Tool Screen ........................................................................................................... 853

34.7 The Routing Traces Screen ........................................................................................................ 855

34.8 The Wireless Frame Capture Screen ........................................................................................856

34.8.1 The Wireless Frame Capture Files Screen ...................................................................... 858

Chapter 35

Packet Flow Explore ........................................................................................................................859

35.1 Overview ..................................................................................................................................... 859

35.1.1 What You Can Do in this Chapter ................................................................................... 859

35.2 Routing Status ............................................................................................................................ 859

35.3 The SNAT Status Screen .............................................................................................................. 863

Chapter 36

Shutdown..........................................................................................................................................866

36.1 Overview ..................................................................................................................................... 866

36.1.1 What You Need To Know ................................................................................................. 866

36.2 The Shutdown / Reboot Screen ................................................................................................ 866

Part III: Appendices and Troubleshooting..................................................870

Chapter 37

Troubleshooting................................................................................................................................871

37.1 Resetting the Zyxel Device ........................................................................................................ 885

37.2 Getting More Troubleshooting Help .........................................................................................885

Appendix A Customer Support ..................................................................................................... 886

Appendix B Product Features........................................................................................................ 892

Appendix C Legal Information ...................................................................................................... 896

USG FLEX 50(W) Series User’s Guide

PART I

User’s Guide

1.1 Overview

Zyxel Device refers to these models as outlined below.

• USG FLEX 50 (USG20-VPN)

• USG FLEX 50W (USG20W-VPN)

1.1.1 Model Feature Differences

Note the following differences between these models:

Table 1 USG FLEX 50 Series Model Feature Comparison

FEATURE/MODEL

Microsoft Azure YES YES

Amazon VPC CLI only CLI only

Anomaly Detection & Prevention YES YES

Anti-Spam YES YES

IPS (IDP) NO NO

Anti-Malware NO NO

App Patrol NO NO

Web Security (Content Filtering) YES YES

SecuReporter YES YES

Reputation Filter (IP & DNS) NO NO

URL Threat Filter NO NO

Sandboxing NO NO

IP Exception NO NO

AP Controller NO NO

Device HA Pro NO NO

Easy Mode YES YES

Hotspot Management NO NO

Concurrent Device Upgrade NO NO

LAG NO NO

Port Group NO NO

Port Role YES YES

SD-WAN Mode NO NO

SSL Application YES YES

SSL encrypted traffic inspection YES YES

Introduction

USG FLEX 50 (USG20-VPN)

CHAPTER 1

USG FLEX 50W (USG20W-VPN)

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 1 USG FLEX 50 Series Model Feature Comparison (continued)

FEATURE/MODEL

Bundled UTM Feature License Validity 1 year 1 year

WiFi functionality (built-in) NO YES

Virtual Server Load Balancing NO NO

Built-in AP NO YES

Management by Nebula Control Center (NCC) YES YES

• Not all models support all features. See Table 1 on page 23 for the specific features that your model supports.

Table 2 Security Feature List

• Application Security (Application Patrol) • Intrusion Prevention System (IPS)

• Anomaly Detection & Prevention (ADP) • Web Filtering (Content Filtering)

• Malware Blocker (Anti-Virus) • Email Security (Anti-Spam)

• Secure Socket Layer (SSL) encrypted traffic Inspection

The following security features work without a security license:

USG FLEX 50 (USG20-VPN)

USG FLEX 50W (USG20W-VPN)

• Configuration > Content Filter > Trusted Web Sites

• Configuration > Anti-Spam/Email Security > Block/Allow List

For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see

See the product’s datasheet for detailed information on a specific model.

1.2 On Premises Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose On Premises Mode to manage your Zyxel Device directly using either the browser-based Web Configurator or the Command Line Interface (CLI).

Section 1.3 on page 42.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 1 On Premises Mode

Follow the wizard to configure the Zyxel Device network settings to manage your Zyxel Device directly. Note that once you complete the device registration step and register your Zyxel Device at portal.myzyxel.com, you cannot change to Nebula Mode unless you reset the Zyxel Device.

1.3 Nebula Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose Nebula Mode to manage your Zyxel Device remotely using Nebula Control Center (NCC). Select this mode if you want to configure and monitor one or more Zyxel Devices through the cloud.

Figure 2 Nebula Mode

USG FLEX 50(W) Series User’s Guide

Follow the wizard to configure the Zyxel Device network settings to connect to NCC. Note that once you complete th WAN configuration step, you cannot change to On Premises Mode unless you reset the Zyxel Device.

Nebula Control Center (NCC) is an Internet portal that allows you to configure and monitor groups of Zyxel Devices in organizations. You cannot manage a Zyxel Device directly through the Web Configurator or Command Line Interface (CLI) when NCC is managing the Zyxel Device. See

page 23 to see which Zyxel Devices can be managed by NCC.

Follow this procedure to have NCC manage your Zyxel Device.

1.3.1 NCC Portal

You should already have created an account at myZyxel.com. Follow these steps at the NCC portal.

1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account. If you do not have a myZyxel

account, you will be redirected to another screen to create one.

2 After you log in, click Go under Nebula Control Center and then Let’s Start to run the Nebula setup

wizard. Create an organization and a site or select an existing site.

Chapter 1 Introduction

Table 1 on

3 Add the Zyxel Device to this site by entering its MAC address and serial number. You’ll find the MAC

address and serial number of the Zyxel Device on its label or scan the QR code using the Nebula app.

4 Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.

5 If you’re given a choice, select Native Mode. If you cannot select Native Mode, configure the email

address of the person who will configure the Zyxel Device for management by Nebula. An email will be sent to this person containing an activation link that allows automatic management of the Zyxel Device by Nebula (Zero Touch Provisioning (ZTP)).

1.3.2 Your Zyxel Device

The person who will configure the Zyxel Device for management by Nebula should follow this procedure.

1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P1 or P2) to the Ethernet port of a

device that will provide Internet access.

2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P3 or P4) to your computer.

Make sure your computer can receive an IP address automatically. This is the default for all computers, so the computer should be fine unless you changed it.

3 Connect the power port to an appropriate power source and turn on the Zyxel Device. Wait for the SYS

LED to turn solid green.

4 Back up your current configuration before passing management to Nebula. Log into the web

configurator, and go to Maintenance > File Manager > Configuration File. Select startup-config.conf, then click Download.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

5 If you cannot select Native Mode, reset the Zyxel Device to the factory defaults. Push the Reset button

until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all previous configurations will be erased.

Skip this step if you did not configure your Zyxel Device before (including just logging in and changing the default password.). You must reset the Zyxel Device if it does not have the factory default configuration.

1.3.3 Your Email Account for ZTP

If you cannot select Native Mode in the Nebula setup wizard, do the following after the Zyxel Device is on:

1 Check your mailbox for an email from Nebula. You may need to check your spam folder

2 Follow the instructions in the email if you did not complete the instructions above. Look for an activation

link in the email. Click the activation link or copy the link to your web browser. You will see a screen saying that Nebula registration is in process. Please wait.

3 When you see a screen saying Nebula registration has succeeded, management of your Zyxel Device

has passed to Nebula Control Center. The Nebula administrator can now configure and manage your device.

1.4 Change the Mode

Follow the steps below to change your Zyxel Device from On Premises Mode to Nebula Mode or from Nebula Mode to On Premises Mode.

1.4.1 From Nebula Mode to On Premises Mode

Follow this procedure if you want to manage the Zyxel Device directly.

1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account.

2 Go to Organization-wide > Configuration > Inventory.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

3 Select the Zyxel Device you want to remove from Nebula.

4 Click Remove.

5 Nebula will automatically reset your Zyxel Device. The Zyxel Device will reboot to the factory defaults. All

Nebula configurations for the Zyxel Device will be erased.

6 Log into the Zyxel Device. Run the wizard and choose On Premises Mode.

7 To restore your previous configuration, log into the web configurator, and go to Maintenance > File

Manager > Configuration File.

8 Under Upload Configuration File, click Browse, select the startup-config.conf on your computer that you

backed up previously and click Upload. The Zyxel Device will then return to the previous settings.

1.4.2 From On Premises Mode to Nebula Mode

1 Back up your current configuration in Maintenance > File Manager > Configuration File.

2 Reset the Zyxel Device to the factory default by pushing the Reset button until the port connection LEDs

turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults.

3 Log into the Zyxel Device. Run the wizard and choose Nebula Mode.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

4 If you have a choice of Native Mode or ZTP, select Native Mode.

1.5 Registration at myZyxel

myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).

• For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).

• For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.

Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can

You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.

USG FLEX 50(W) Series User’s Guide

Figure 3 myZyxel Login

1.5.1 Applications

These are some Zyxel Device application scenarios.

Chapter 1 Introduction

Security Router

Security includes a Stateful Packet Inspection (SPI) firewall.

Figure 4 Applications: Security Router Applications: Security Router

IPv6 Routing

The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Web Mail File Share

Web-based Application

https://

Application Server

Non-Web

LAN (192.168.1.X)

Figure 5 Applications: IPv6 Routing

VPN Connectivity

Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.

Figure 6 Applications: VPN Connectivity

SSL VPN Network Access

SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.

Figure 7 SSL VPN With Full Tunnel Mode

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

User-Aware Access Control

Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in, so and cannot access either the Internet or the file server.

Figure 8 Applications: User-Aware Access Control

Load Balancing

Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.

Figure 9 Applications: Multiple WAN Interfaces

1.6 Management Overview

You can manage the Zyxel Device in the following ways.

Web Configurator

The Web Configurator allows easy Zyxel Device setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 10 Managing the Zyxel Device: Web Configurator

Command-Line Interface (CLI)

The CLI allows you to use text-based commands to configure the Zyxel Device. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:

Table 3 Console Port Default Settings

SETTING VALUE

Speed 115200 bps

Data Bits 8

Parity None

Stop Bit 1

Flow Control Off

FTP

Use File Transfer Protocol for firmware upgrades and configuration backup or restore.

SNMP

The device can be monitored and/or managed by an SNMP manager. See Section 31.11 on page 789.

USG FLEX 50(W) Series User’s Guide

CloudCNM

Use the CloudCNM screen (see Section 31.16 on page 801) to enable and configure management of the Zyxel Device by a Central Network Management system.

Management Authentication

Managers must be authenticated with a username and password, using one of:

•Local Zyxel Device authentication

• An external RADIUS server

• An external LDAP server

• Certificates

1.7 Web Configurator

The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Internet Explorer 11, Mozilla Firefox, or Google Chrome.

Chapter 1 Introduction

In order to use the Web Configurator you need to allow:

• Web browser pop-up windows from your device.

• JavaScript (enabled by default).

• Java permissions (enabled by default).

The recommended minimum screen resolution is 1024 x 768 pixels.

Note: Screenshots and graphics in this book may differ slightly from your product due to

differences in product features or Web Configurator brand style.

1.7.1 Web Configurator Access

1 Make sure your Zyxel Device hardware is properly connected. See the Quick Start Guide.

2 In your browser go to https://192.168.1.1 or https://myrouter.local. By default, the Zyxel Device

automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

If you want to change the display language for the Zyxel Device’s Web Configurator screens, select from the drop-down list box. You can also change the display language in Configuration> System>

Language

3 Type the user name (default: “admin”) and password (default: “1234”).

4 Click Login. After you log in for the first time using the default user name and password, you must

change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.

In Configuration > Object > User/Group > Setting, you can enable Password Complexity to require a new password to consist of at least 8 characters and at most 64, where at least 1 character must be a number, at least 1 a lower case letter, at least 1 an upper case letter and at least 1 a special character from the keyboard, such as !@#$%^&*()_+. You can also require periodic changing of the password in that screen by configuring Password must changed every (days).

Make a note of your new password, enter it in the following screen, then click Apply.

5 A Terms of Use screen displays. Read the statement, then click Acknowledge to proceed.

Note: If you are using an Internet Explorer browser, the Terms of Use will be downloaded

automatically.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

6 The Password Change Notification screen displays. Use this screen to view all the admin accounts expiry

information. We recommend you to change your password regularly in Configuration> Object> User/ Group> User. Select how often to display the screen and click OK.

7 The Network Risk Warning screen displays any unregistered or disabled security services. If your Zyxel

Device is not registered, you will see a prompt to register it. Select how often to display the screen and click OK.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

If you select Never and you later want to bring this screen back, use these commands (note the space before the underscore).

Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after-30-days every-time never Router(config)# service-register _setremind every-time Router(config)#

See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands.

8 Follow the directions in the Update Admin Info screen. If you change the default password, the Login

screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.

1.7.2 Security Check for Web Interface Overview

Use this screen to configure settings to secure your Zyxel Device. You can configure:

• Secure SSL access from the Internet to the Zyxel Device.

• Secure SSL access from the Internet to the network behind the Zyxel Device.

• The default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device.

• The default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device.

1.7.2.1 Secure SSL Access from the Internet to the Zyxel Device

You can configure up to 3 trusted computers to access the Zyxel Device using secure SSL. The default HTTPS SSL port is 443. If you change this, remote connections from the Internet must use this port. For example, if you change this to port 8800 and the Zyxel Device is using IP address 1.1.1.1, then remote users must use htttps://1.1.1.1:8800.

In Figure 11 on page 38, A, B and C can connect to the Zyxel Device to access the Zyxel Device web configurator for remote management.

Configure a new port between 1024 to 65535 that is not in use by other services.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 11 Secure SSL Access Example

1.7.2.2 Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device

The default SSL VPN port is 443. If you change the default SSL VPN port on the Zyxel Device, make sure to make the same change to SecuExtender, the SSL VPN client software. Configure a new port between 1024 to 65535 that is not in use by other services.

You can also restrict SSL VPN access to up to 3 locations on the Internet.

Figure 12 Secure SSL VPN Access Example

The table below describes the abbreviations used in the figure.

Table 4 Countries Abbreviations

ABBREVIATION COUNTRY

JP Japan

KR Korea

FR France

1.7.2.3 Change the Default IPSec VPN Provisioning Port

Change the default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. The default is 443 which is already in use for remote management by default. If you change the default IPSec VPN port on the Zyxel Device, make sure to make the same change to the Zyxel IPSec VPN client.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Configure a new port between 1024 to 65535 that is not in use by other services.

Figure 13 IPSec VPN Provisioning Example

Note: The remote management port, the SSL VPN port and the IPSec VPN port all use 443 by

default. If you do not change the default ports, then only 3 connections of the remote management and SSL VPN will be allowed at one time.

1.7.2.4 Change the Default Port for Two-Factor VPN Access Authentication

Change the default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device. VPN clients do not need to change the port number on their devices, because the link to access the network behind the Zyxel Devices will contain the new port number. For example, if you change this to port 8008 and the link is using a.b.c.d, then VPN clients will see this link in their email or SMS to retrieve settings: htttps://a.b.c.d:8008.

You can also change this port in Object > Auth. Method > Two-factor Authentication > VPN Access. See

Section 29.8.4 on page 707 for more information on two-factor authentication.

Configure a new port between 1024 to 65535 that is not in use by other services.

Figure 14 Two-Factor Authentication Example

USG FLEX 50(W) Series User’s Guide

Overall Port Configuration Example

Below is an example of configuring these ports to avoid port conflict.

Table 5 Port Configuration Example

REMOTE MANAGEMENT

8800 8080 443 (default) 8008

SSL VPN

1.7.2.5 Other Security Measures

New firmware contains patches to enhance security. Make sure to check for new firmware regularly and update firmware in Maintenance > Firmware Management.

Change admin passwords regularly. Select Enable Password Complexity in Object > User/Group > Setting to require the user to use a password that's not easy to guess. The password must include:

• at least 8 characters

• at least one upper case alphabetic character and at least one lower case alphabetic character

•one numeric character

• one special character such as @#$%^

Chapter 1 Introduction

IPSEC VPN PROVISIONING

TWO-FACTOR VPN ACCESS AUTHENTICATION

1.7.3 The Security Check for Web Interface Screen

The following screen appears when the Zyxel Device detects a rule that allows traffic such as HTTP, HTTPS, SSL and so on to access to your Zyxel Device from any IPv4 source on the WAN. This may expose your Zyxel Device to a security risk. Configure settings in this screen to allow access only from specified IP addresses, FQDNs or regions to secure your Zyxel Device.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 15 Security Check for Web Interface

The following table describes the labels in this screen.

Table 6 Security Check for Web Interface

LABEL DESCRIPTION

Allow secure remote management from WAN

Port Configure a new port between 1024 to 65535 to use it to access the web

Trusted Host 1-3 Configure the IP addresses or FQDNs that are allowed to access the Zyxel

Allow SSL VPN access from WAN Select this to allow SSL VPN clients to access the Zyxel Device only from

Port Configure a new port between 1024 to 65535 to use it to access the web

Trusted Geolocation 1-3 Select the regions that are allowed to access the Zyxel Device from the

Select this to allow access to the Zyxel Device remotely only from specified IP addresses or Fully Qualified Domain Names (FQDNs), such as

1.1.1.1 or www.zyxel.com. See information.

configurator. Do not use a port number that has been used.

For example, use https://1.1.1.1:8800 if you changed the default HTTPS port to 8800.

Device.

specified regions. See

configurator using SSL VPN. Do not use a port number that has been used.

The port you configure here must be the same as the port you use in SecuExtender. See SecuExtender.

drop-down list box.

Section 1.7.2.2 on page 38 for more information.

Section 1.7.2.2 on page 38 for more information on

Section 1.7.2.1 on page 37 for more

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 6 Security Check for Web Interface (continued)

LABEL DESCRIPTION

Change Two-Factor Authentication Port

Change Zyxel IPSec VPN Client Provisioning Port

Please remind me Select how often to display the screen from the drop-down list box. OK Click OK to save your changes back to the Zyxel Device. Cancel Click Cancel to exit this screen without saving your changes.

Select this to change the port VPN clients use to access the Zyxel Device LAN with two-factor authentication. See more information.

Configure a new port between 1024 to 65535. Do not use a port number that has been used.

Select this to change the port IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. See information.

Configure a new port between 1024 to 65535. Do not use a port number that has been used.

The port you configure here must be the same as the port you use when logging in as a Zyxel IPSec VPN client.

1.7.4 Remote Access to the Zyxel Device Networks

Section 1.7.2.4 on page 39 for

Section 1.7.2.3 on page 38 for more

Your Zyxel Device keeps your networks safe while allowing external access by applying the security measures below:

• Two-Factor Authentication: Use two-factor authentication to have double-layer security to access a secured network behind the Zyxel Device. The first layer is the VPN client/Zyxel Device’s login user name / password. The second layer is an authorized SMS (via mobile phone number) or email address. See

Section 29.8.4 on page 707 for more information on two-factor authentication.

• Device Insight: The Zyxel Device can identify and display the basic information and status of clients that are connected to the Zyxel Device networks in Monitor > Network Status > Device Insight. See

Section 7.7 on page 223 for more information on viewing the device insight.

Create device insight profiles in Configuration > Object > Device Insight to block specified clients from accessing the Internet or the Zyxel Device. See Section 29.1 on page 645 for more information on creating and using the device insight profiles.

• IPSec VPN: You can create highly secure connections with IKEv2 or EAP authentication to access networks behind the Zyxel Device. For example, home workers can securely access company resources if they have proper authentication. See IPSec VPN.

• Upload Bandwidth Limit: Zyxel subscription-based SecuExtender IPSec VPN clients with Windows version 5.6.80.007 or later or macOS version 1.2.0.7 or later support upload bandwidth limit. Use this to set the maximum bandwidth for uploading traffic from IPSec VPN clients over IPSec VPN tunnels. See

Section 20.5 on page 490 for more information on upload bandwidth limit.

1.7.5 Web Configurator Screens Overview

Chapter 20 on page 464 for more information on

The Web Configurator screen is divided into these parts:

• A – title bar

• B – navigation panel

• C – main window

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 16 Web Configurator Screen Overview

Title Bar

Figure 17 Title Bar

The title bar icons in the upper right corner provide the following functions.

Table 7 Title Bar: Web Configurator Icons

LABEL DESCRIPTION

SecuReporter This icon shows when SecuReporter is enabled and the Zyxel Device is added to an

organization.

Click this to open the SecuReporter portal page.

Web Console Click this to open one or multiple console windows from which you can run command line

interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.

Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.

CLI Click this to open a popup window that displays the CLI commands sent by the Web

Configurator to the Zyxel Device.

Reference Click this to check which configuration items reference an object.

Site Map Click this to see an overview of links to the Web Configurator screens.

Forum Go to https://businessforum.zyxel.com for product discussions.

Help Click this to open the help page for the current screen.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 7 Title Bar: Web Configurator Icons (continued)

LABEL DESCRIPTION

Notification Only Admin or Limited Admin can see notifications. Notifications display what’s new in the Zyxel

Device firmware (ZLD), information on security services about to expire. Slide the switch to Off if you don’t want notifications. Click an item to see more details on it.

Click the Refresh icon or refresh the browser page to update notifications. The latest notification appears at the top. An item is removed once it has been read.

Up to five notifications can be shown here. If there are more than five notifications, then click All Notifications to see them.

About Click this to display basic information about the Zyxel Device. Easy Mode Click this to go to the Initial Setup Wizard in Easy Mode, and enter Easy Mode every time you

Logout Click this to log out of the Web Configurator.

About

Click About to display basic information about the Zyxel Device.

Figure 18 About

This table describes the fields in this screen.

Table 8 About

LABEL DESCRIPTION

Current Version This shows the firmware version of the Zyxel Device.

Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released.

System Protection Signature

OK Click this to close the screen.

This shows the system protection signature version of the Zyxel Device. These signatures do not require a license. The Zyxel Device will synch with the Cloud Helper Server every day to update these signatures automatically.

System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross-site scripting and path traversal.

Command injection: This is an attack in which an attacker uses the Zyxel Device vulnerabilities to execute commands to control your Zyxel Device.

Cross-site scripting: This is an attack in which an attacker implants malicious scripts in a website. When you visit this website, the malicious scripts are sent and executed on your web browser.

Path traversal: This is an attack that allows an attacker to access files you store in the web root folder.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Site Map

Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen.

Figure 19 Site Map

Web Console

Click Web Console to open one or multiple console windows from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.

Figure 20 Web Console Window

Reference

Click Reference to open the Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 21 Reference

The fields vary with the type of object. This table describes labels that can appear in this screen.

Table 9 Reference

LABEL DESCRIPTION

Type Select an object type to see the services.

Name This identifies the object for which the configuration settings that use it are displayed. Click the

# This field is a sequential value, and it is not associated with any entry.

Service This is the type of setting that references the selected object. Click a service’s name to display the

Priority If it is applicable, this field lists the referencing configuration item’s position in its list, otherwise N/A

Name This field identifies the configuration item that references the object.

Description If the referencing configuration item has a description configured, it displays here.

Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen.

object’s name to display the object’s configuration screen in the main window.

service’s configuration screen in the main window.

displays.

CLI Messages

Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the Web Configurator to display the corresponding commands.

USG FLEX 50(W) Series User’s Guide

Figure 22 CLI Messages

1.7.6 Navigation Panel

Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the Zyxel Device’s navigation panel menus and their screens.

Figure 23 Navigation Panel

Chapter 1 Introduction

Dashboard

The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See the Web Help for details on the dashboard.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Monitor Menu

The monitor menu screens display status and statistics information.

Table 10 Monitor Menu Screens Summary

FOLDER OR LINK TAB FUNCTION

Traffic Statistics

Port Statistics Port Statistics Displays packet statistics for each physical port.

Interface Status Interface

Summary

Traffic Statistics Traffic

Statistics

Session Monitor Session

Network Status

DHCP Table DHCP Table Displays a list of interfaces and their DHCP-assigned IP addresses.

Device Insight Device

IGMP Statistics IGMP

DDNS Status DDNS Status Displays the status of the Zyxel Device’s DDNS domain names.

IP/MAC Binding IP/MAC

Cellular Status Cellular

UPnP Port Status Port Statistics Displays details about UPnP connections going through the Zyxel Device.

USB Storage Storage

Ethernet Neighbor

FQDN Object FQDN Object Displays FQDN (Fully Qualified Domain Name) object cache lists used in DNS

Wireless

AP Information Radio List Lists wireless details of APs managed by the Zyxel Device.

SSID Info SSID Info Display information about the AP’s wireless clients.

Station Info Station List Lists wireless clients associated with the APs managed by the Zyxel Device.

VPN Monitor

IPSec IPSec Displays and manages the active IPSec SAs.

SSL SSL Lists users currently logged into the VPN SSL client portal. You can also log out

L2TP over IPSec L2TP over

Security Statistics

Monitor

Insight

Statistics

Binding

Status

Information

Ethernet Neighbor

Top N Stations

Single Station Lists wireless traffic usage for an associated wireless station.

IPSec

Displays general interface information and packet statistics.

Collect and display traffic statistics.

Displays the status of all current sessions.

Displays a list of WiFi and wireless clients connected to the Zyxel Device networks.

Collect and display IGMP statistics.

Lists the devices that have received an IP address from Zyxel Device interfaces using IP/MAC binding.

Displays details about the Zyxel Device’s mobile broadband connection status.

Displays details about USB device connected to the Zyxel Device.

View and manage the Zyxel Device’s neighboring devices via Smart Connect (Layer Link Discovery Protocol (LLDP)). Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).

queries.

Lists wireless stations with the most wireless traffic usage.

individual users and delete related session information.

Displays details about current L2TP sessions.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 10 Monitor Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Content Filter Web

Content Filter

DNS Content Filter

Anti-Sapm Summary Collect and display spam statistics.

Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL

Log View Log Lists log entries.

Collect and display web content filter statistics.

Collect and display DNS content filter statistics.

(Domain Name Service-based spam Black List) statistics.

Configuration Menu

Use the configuration menu screens to configure the Zyxel Device’s features.

Table 11 Configuration Menu Screens Summary

FOLDER OR LINK TAB FUNCTION

Quick Setup Quickly configure WAN interfaces or VPN connections.

Licensing

Registration Registration Register the device and activate trial services.

Service View the licensed service status and upgrade licensed services.

Wireless

Built-in AP General Allow WiFi clients to access your Zyxel Device wirelessly to connect to

the network.

Network

Interface Port

Port Role/Port Group/ Port Configuration

Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces.

PPP Create and manage PPPoE and PPTP interfaces.

Cellular Configure a cellular Internet connection for an installed mobile

Tunnel Configure tunneling between IPv4 and IPv6 networks.

VLAN Create and manage VLAN interfaces and virtual VLAN interfaces.

Bridge Create and manage bridges and virtual bridge interfaces.

VTI Configure IP address assignment and interface parameters for VTI

Trunk Create and manage trunks (groups of interfaces) for load balancing.

Routing Policy Route Create and manage routing policies.

Static Route Create and manage IP static routing information.

RIP Configure device-level RIP settings.

OSPF Configure device-level OSPF settings, including areas and virtual links.

BGP Configure exchange of Border Gateway Protocol (BGP) information

DDNS DDNS Define and manage the Zyxel Device’s DDNS domain names.

NAT NAT Set up and manage port forwarding rules.

Use this screen to set the Zyxel Device’s flexible ports such as LAN, OPT, WLAN, or DMZ.

broadband card.

(Virtual Tunnel Interface).

over an IPSec tunnel.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 11 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Redirect Service

ALG ALG Configure SIP, H.323, and FTP pass-through settings.

UPnP UPnP Configure interfaces that allow UPnP and NAT-PMP connections.

IP/MAC Binding Summary Configure IP to MAC address bindings for devices connected to each

Layer 2 Isolation General Enable layer-2 isolation on the Zyxel Device and the internal

DNS Inbound LB DNS Load Balancing Configure DNS Load Balancing.

VPN

IPSec VPN VPN Connection Configure IPSec tunnels.

SSL VPN Access Privilege Configure SSL VPN access rights for users and groups.

L2TP VPN L2TP VPN Configure L2TP over IPSec tunnels.

BWM BWM Enable and configure bandwidth management rules.

Web Authentication

Security Policy

Policy Control Policy Create and manage level-3 traffic rules and apply Security Service

ADP General Display and manage ADP bindings.

Session Control Session Control Limit the number of concurrent client NAT/security policy sessions.

Security Service

Redirect Service Set up and manage HTTP and SMTP redirection rules.

supported interface.

Exempt List Configure ranges of IP addresses to which the Zyxel Device does not

apply IP/MAC binding.

interfaces.

Allow List Enable and configure the allow list.

VPN Gateway Configure IKE tunnels.

Concentrator Combine IPSec VPN connections into a single secure network

Configuration Provisioning

Global Setting Configure the Zyxel Device’s SSL VPN settings that apply to all

Web Authentication

General/ Authentication Type/Custom Web Portal File/ Custom User Agreement File

SSO Configure the Zyxel Device to work with a Single Sign On agent.

Profile Create and manage ADP profiles.

Allow List Create an allow list for certain IP or services to let them pass the ADP

Set who can retrieve VPN rule settings from the Zyxel Device using the Zyxel Device IPSec VPN Client.

connections.

Define a web portal and exempt services from authentication.

profiles.

flood detection.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 11 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Content Filter Web Content Filter:

General

Web Content Filter: Trusted Web Sites

Web Content Filter: Forbidden Web Sites

DNS Content Filter: General

DNS Content Filter: Allow List

DNS Content Filter: Block List

Anti-Spam Profile Turn anti-spam on or off and manage anti-spam policies. Create anti-

Mail Scan Configure e-mail scanning details.

Block/Allow List Set up a block list to identify spam and an allow list to identify

DNSBL Have the Zyxel Device check e-mail against DNS Block Lists.

Object

Device Insight Device Insight Configure profiles to block specified clients from accessing the

Zone Zone Configure zone templates used to define various policies.

User/Group User Create and manage users.

Group Create and manage groups of users.

Setting Manage default settings for all users, general settings for user sessions,

MAC Address Configure the MAC addresses of wireless clients for MAC

Address/Geo IP Address Create and manage host, range, and network (subnet) addresses.

Address Group Create and manage groups of addresses to apply to policies as a

Geo IP Update the database of country-to-IP address mappings and

Service Service Create and manage TCP and UDP services.

Service Group Create and manage groups of services to apply to policies as a single

Schedule Schedule Create one-time and recurring schedules.

Schedule Group Create and manage groups of schedules to apply to policies as a

AAA Server Active Directory Configure the Active Directory settings.

LDAP Configure the LDAP settings.

RADIUS Configure the RADIUS settings.

Create and manage the detailed filtering rules for content filtering profiles and then apply to a traffic flow using a security policy.

Create a list of allowed web sites that bypass content filtering policies.

Create a list of web sites to block regardless of content filtering policies.

Create and manage the detailed filtering rules for DNS content filtering profiles and then apply to a traffic flow using a security policy.

Create a list of allowed web sites that bypass DNS content filtering policies.

Create a list of web sites to block regardless of content filtering policies.

spam template(s) of settings to apply to a traffic flow using a security policy.

legitimate e-mail.

Internet or the Zyxel Device.

and rules to force user authentication.

authentication using the local user database.

single objects.

manually configure country-to-IP address mappings for geographic address objects that can be used in security policies.

object.

single object.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Table 11 Configuration Menu Screens Summary (continued)

FOLDER OR LINK TAB FUNCTION

Auth. Method Authentication

Method

Two-factor Authentication

Certificate My Certificates Create and manage the Zyxel Device’s certificates.

Trusted Certificates Import and manage certificates from trusted sources.

ISP Account ISP Account Create and manage ISP account information for PPPoE/PPTP

Mgmt. & Analytics SecuManager Enable and configure management of the Zyxel Device by a Central

SecuReporter Enable SecuReporter logging and access the SecuReporter security

Nebula Use this screen to let Nebula manage your Zyxel Device.

System

Host Name Host Name Configure the system and domain name for the Zyxel Device.

USB Storage Settings Configure the settings for the connected USB devices.

Date/Time Date/Time Configure the current date, time, and time zone in the Zyxel Device.

Console Speed Console Speed Set the console speed.

DNS DNS Configure the DNS server and address records for the Zyxel Device.

WWW Service Control Configure HTTP, HTTPS, and general authentication.

SSH SSH Configure SSH server and SSH service settings.

TELNET TELNET Configure telnet server settings for the Zyxel Device.

FTP FTP Configure FTP server settings.

SNMP SNMP Configure SNMP communities and services.

Auth. Server Auth. Server Configure the Zyxel Device to act as a RADIUS server.

Notification Mail Server Configure a mail server with authentication to send reports and

SMS Enable the SMS service to send dynamic guest account information in

Response Message Create a web page when access to a website is restricted due to a

Language Language Select the Web Configurator language.

IPv6 IPv6 Enable IPv6 globally on the Zyxel Device here.

ZON ZON Use the Zyxel One Network (ZON) utility to view and manage the Zyxel

Advanced Fast Forwarding Enable fast forwarding to maximizes the network performance of the

Log & Report

Email Daily Report

Log Settings Log Settings Configure the system log, email logs, and remote syslog servers.

Email Daily Report Configure where and how to send daily reports and what reports to

Create and manage ways of authenticating users.

Configure SMS or email authentication to access a secured network behind the Zyxel Device via a VPN tunnel.

interfaces.

Network Management system.

analytics portal that collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal or external threats, and report on network usage.

password expiration notification emails.

text messages and authorization for VPN tunnel access to a secured network.

security service.

Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).

Zyxel Device.

send.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Maintenance Menu

Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the Zyxel Device.

Table 12 Maintenance Menu Screens Summary

FOLDER OR LINK

File Manager

Diagnostics Diagnostics Collect diagnostic information.

Packet Flow Explore

Shutdown/ Reboot

TAB FUNCTION

Configuration File Manage and upload configuration files for the Zyxel Device.

Firmware Management

Shell Script Manage and run shell script files for the Zyxel Device.

Packet Capture Capture packets for analysis.

CPU/Memory Status

System Log Connect a USB device to the Zyxel Device and archive the Zyxel Device system

Network Tool Identify problems with the connections. You can use Ping or Traceroute to help

Routing Traces Configure traceroute to identify where packets are dropped for

Wireless Frame Capture

Routing Status Check how the Zyxel Device determines where to route a packet.

SNAT Status View a clear picture on how the Zyxel Device converts a packet’s source IP

Shutdown/ Reboot Turn off or restart the Zyxel Device.

View the current firmware version and upload firmware. Reboot with your choice of firmware.

This screen includes the sub-tabs below:

•Controller

• Filer

This screen includes the sub-tabs below:

•Capture

• Files

•

View CPU and memory usage statistics.

logs to it here.

you identify problems.

troubleshooting.

Capture wireless frames from APs for analysis.

address and check the related settings.

1.7.7 Tables and Lists

Web Configurator tables and lists are flexible with several options for how to display their entries.

Click a column heading to sort the table’s entries according to that column’s criteria.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 24 Sorting Table Entries by a Column’s Criteria

Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:

• Sort in ascending or descending (reverse) alphabetical order

• Select which columns to display

•Group entries by field

•Show entries in groups

• Filter by mathematical operators (<, >, or =) or searching for text

Figure 25 Common Table Column Options

Select a column heading cell’s right border and drag to re-size the column.

Figure 26 Resizing a Table Column

Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Figure 27 Moving Columns

Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.

Figure 28 Navigating Pages of Table Entries

The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.

Figure 29 Common Table Icons

Here are descriptions for the most common table icons.

Table 13 Common Table Icons

LABEL DESCRIPTION

Add Click this to create a new entry. For features where the entry’s position in the numbered list is

Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s

Remove To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it

Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Connect To connect an entry, select it and click Connect. Disconnect To disconnect an entry, select it and click Disconnect. References Select an entry and click References to check which settings use the entry. Move To change an entry’s position in a numbered list, select it and click Move to display a field to type a

important (features where the Zyxel Device applies the table’s entries in order like the security policy for example), you can select an entry and click Add to create a new entry after the selected entry.

settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied.

before doing so.

number for where you want to put that entry and press [ENTER] to move the entry to the number that you typed. For example, if you type 6, the entry you are moving becomes number 6 and the previous entry 6 (if there is one) gets pushed up (or down) one.

USG FLEX 50(W) Series User’s Guide

Chapter 1 Introduction

Working with Lists

When a list of available entries displays next to a list of selected entries, you can often just double-click an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.

Figure 30 Working with Lists

USG FLEX 50(W) Series User’s Guide

CHAPTER 2

Initial Setup Wizard

2.1 Initial Setup Wizard: Select Management Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. This wizard helps you configure Internet connection settings and activate subscription services.

Note: For Zyxel Devices that already have firmware version 4.25 or later, you have to register

your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).

This chapter provides information on configuring the Web Configurator's Initial Setup Wizard. See the feature-specific chapters in this User’s Guide for background information.

• Click the double arrow in the upper right corner to display or hide the help.

• Click Logout to exit the In itial Setup Wizard or click Next to continue the wizard. Click Finish at the end of the wizard to complete the wizard.

Select On Premises Mode to manage your Zyxel Device using the Web Configurator or the Command Line Interface (CLI). Use this mode to secure your networks with the Zyxel Device security services. Follow the On Premises mode wizard to set up your Zyxel Device, such as configuring the WAN settings, registering your Zyxel Device and allowing remote access to your Zyxel Device.

Select Nebula Mode to manage your Zyxel Device using Nebula Control Center (NCC). NCC is a cloud based network management system that allows you to remotely manage and monitor your Zyxel Device. Use this mode to manage your Zyxel Device with accounts at different privilege levels. You can also manage your Zyxel Device licenses and status through NCC.Follow the Nebula mode wizard to configure the WAN settings to pass the management of your Zyxel Device to NCC.

Note: You need to press the reset button to change the Zyxel Device mode once you finish

the wizard. You will not see this screen if you reset the Zyxel Device through the web configurator or the CLI.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 31 Management Mode: On Premises Mode

2.1.1 Welcome Screen

Select On Premises Mode in the previous screen to show the Welcome screen. Use this screen to see the settings you can configure using the On Premises mode initial setup wizard.

Figure 32 On Premises Mode- Welcome

2.1.2 Internet Access Setup - WAN Interface

Use this screen to set how many WAN interfaces to configure and the first WAN interface’s type of encapsulation and method of IP address assignment.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field.

Note: Enter the Internet access information exactly as your ISP gave it to you. Leave a field

blank if you don’t have that information.

• I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one. This option appears when you are configuring the first WAN interface.

• VLAN Tagged: Select this to tag the traffic going out from the Zyxel Device. Enter a VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1-4080.

• Encapsulation: Choose the Ethernet option when the WAN port is used as a regular Ethernet. Choose PPPoE, PPTP or L2TP for a dial-up connection according to the information from your ISP.

• MTU: The Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the Zyxel Device divides it into smaller fragments. Allowed values are 576-1500. Usually, this value is 1500.

• WAN Interface: This is the interface you are configuring for Internet access.

• Zone: This is the security zone to which this interface and Internet connection belong.

• IP Address Assignment: Select Auto if your ISP did not assign you a fixed IP address. Select Static if the ISP assigned a fixed IP address.

• DHCP Option 60: This field will show if you choose Auto as the IP Address Assignment. DHCP Option 60 is used by the Zyxel Device for identification to the DHCP server using the VCI (Vendor Class Identifier) on the DHCP server. The Zyxel Device adds it in the initial DHCP discovery message that a DHCP client broadcasts in search of an IP address. The DHCP server can assign different IP addresses or options to clients with the specific VCI or reject the request from clients without the specific VCI.

Type a string using up to 63 of these characters [a-zA-Z0-9!\"#$%&\'()*+,-./:;<=>?@\[\\\]^_`{}] to identify this Zyxel Device to the DHCP server. For example, Zyxel-TW.

Figure 33 Internet Access

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

2.1.3 Internet Access: Ethernet

This screen is read-only if you set the previous screen’s IP Address Assignment field to Auto. If you set the previous screen’s IP Address Assignment field to Static, use this screen to configure your IP address settings.

•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you configured in the previous screen.

• Encapsulation: This displays the type of Internet connection you are configuring.

• MTU: This displays the maximum size of each data packet that can move through this interface.

• First WAN Interface: This is the number of the interface that will connect with your ISP.

• Zone: This is the security zone to which this interface and Internet connection will belong.

• IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.

• DHCP Option 60: This field will show if you selected Auto as the IP Address Assignment in the previous screen. This displays the string you configured to identify DHCP server using VCI.

The following fields display if you selected static IP address assignment.

• IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.

• Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).

• First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers.

2.1.3.1 Possible Errors

• Check that your cable connection is coming from the correct interface you’re using for the WAN connection on the Zyxel Device.

• Check that the interface is connected to the device you’re using for Internet access such as a broadband router and that the router is turned on. The LED of the interface you’re using for the WAN connection on the Zyxel Device should be orange.

• If your Zyxel Device was not able to obtain an IP address, check that your Internet access information uses DHCP as the WAN connection type. If it fails again, check with your Internet service provider or administrator for correct WAN settings.

• If your Zyxel Device was not able to use the IP address entered, check that you were given an IP address, subnet mask and gateway address as part of your Internet access information. Re-enter your IP address, subnet mask and gateway IP address exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 34 Internet Access: Ethernet Encapsulation

2.1.4 Internet Access: PPPoE

2.1.4.1 Internet Access - First WAN Interface

•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you

configured in the previous screen.

2.1.4.2 ISP Parameters

•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you

configured in the previous screen.

• Encapsulation: This displays the type of Internet connection you are configuring.

• MTU: This displays the maximum size of each data packet that can move through this interface.

• Type the PPPoE Service Name from your service provider. PPPoE uses a service name to identify and reach the PPPoE server. You can use alphanumeric and -_@$./ characters, and it can be up to 64 characters long.

• Authentication Type - Select an authentication protocol for outgoing connection requests. Options are:

• Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.

• Chap - Your Zyxel Device accepts CHAP only.

• PAP - Your Zyxel Device accepts PAP only.

• MSCHAP - Your Zyxel Device accepts MSCHAP only.

• MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.

• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.

•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.

•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPPoE server.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

2.1.4.3 WAN IP Address Assignments

• WAN Interface: This is the name of the interface that will connect with your ISP.

• Zone: This is the security zone to which this interface and Internet connection will belong.

• IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.

2.1.4.4 Possible Errors

• Check that you’re using the correct PPPoE Service Name and Authentication Type.

• Make sure that your Internet access information uses PPPoE as the WAN connection type. Re-enter your PPPoE user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.

• If you were given an IP address and DNS server information as part of your Internet access information, re-enter them exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.

Figure 35 Internet Access: PPPoE Encapsulation

2.1.5 Internet Access: PPTP

2.1.5.1 ISP Parameters

• MTU: This displays the maximum size of each data packet that can move through this interface.

• Authentication Type - Select an authentication protocol for outgoing calls. Options are:

• Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.

• Chap - Your Zyxel Device accepts CHAP only.

USG FLEX 50(W) Series User’s Guide

• PAP - Your Zyxel Device accepts PAP only.

• MSCHAP - Your Zyxel Device accepts MSCHAP only.

• MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.

• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.

•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank. Re-type your password in the next field to confirm it.

•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPTP server.

2.1.5.2 PPTP Configuration

• Base Interface: This identifies the Ethernet interface you configure to connect with a modem or router.

•Type a Base IP Address (static) assigned to you by your ISP.

• Type the IP Subnet Mask assigned to you by your ISP (if given).

• Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).

• Server IP: Type the IP address of the PPTP server.

•Type a Connection ID or connection name. It must follow the “c:id” and “n:name” format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your broadband modem or router. You can use alphanumeric and -_: characters, and it can be up to 31 characters long.

Chapter 2 Initial Setup Wizard

2.1.5.3 WAN IP Address Assignments

• First WAN Interface: This is the connection type on the interface you are configuring to connect with your ISP.

• Zone This is the security zone to which this interface and Internet connection will belong.

• IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.

2.1.5.4 Possible Errors

• Check that you’re using the correct PPPT Service IP, Base IP Address, IP Subnet Mask, Gateway IP Address, Connection ID and Authentication Type.

• Make sure that your Internet access information uses PPTP as the WAN connection type. Re-enter your PPTP user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 36 Internet Access: PPTP Encapsulation

2.1.6 Internet Access: L2TP

2.1.6.1 ISP Parameters

• Authentication Type - Select an authentication protocol for outgoing connection requests. Options are:

• Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.

• Chap - Your Zyxel Device accepts CHAP only.

• PAP - Your Zyxel Device accepts PAP only.

• MSCHAP - Your Zyxel Device accepts MSCHAP only.

• MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.

• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.

•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.

•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPPoE server.

2.1.6.2 L2TP Configuration

• Base Interface: This identifies the Ethernet interface you configure to connect with a modem or router.

•Type a Base IP Address (static) assigned to you by your ISP.

• IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

• Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).

• Server IP: Type the IP address of the L2TP server.

2.1.6.3 WAN IP Address Assignments

• WAN Interface: This is the name of the interface that will connect with your ISP.

• Zone: This is the security zone to which this interface and Internet connection will belong.

• IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.

2.1.6.4 Possible Errors

• Check that you’re using the correct L2PT Server IP, Subnet Mask, Gateway IP Address, IP Subnet Mask and Authentication Type.

• Make sure that your Internet access information uses L2TP as the WAN connection type. Re-enter your L2TP user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 37 Internet Access: L2TP Encapsulation

2.1.7 Internet Access Setup - Second WAN Interface

If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see

Section 2.1.2 on page 58).

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 38 Internet Access: Step 3: Second WAN Interface

2.1.8 Internet Access: Congratulations

You have set up your Zyxel Device to access the Internet. A screen displays with your settings. Click Connection Test to check that you can access the Internet. If you cannot, click Back and confirm that you entered the settings correctly. If you have, check that you got the correct settings from your ISP or network administrator.

Figure 39 Internet Access: Summary

USG FLEX 50(W) Series User’s Guide

2.1.9 Date and Time Settings

It’s important to have correct date and time values in the logs. The Zyxel Device can automatically update the time and date by detecting your time zone and whether Daylight Savings is in effect in that time zone.

If your Zyxel Device cannot get the correct date and time, it may not able to connect to a time server. Check that the Zyxel Device has Internet access, then click Sync. Now.

Figure 40 Date and Time Settings

Chapter 2 Initial Setup Wizard

2.1.10 Register Device

Click the Register button in this screen to register your device at portal.myzyxel.com.

Note: The Zyxel Device must be connected to the Internet in order to register.

USG FLEX 50(W) Series User’s Guide

Figure 41 Register Device

Chapter 2 Initial Setup Wizard

You may need the Zyxel Device’s serial number and LAN MAC address to register it at myZyxel if you have not already done so. Refer to the label at the back of the Zyxel Device’s for details.

Figure 42 myZyxel Login

Click Refresh or use the Configuration > Licensing > Registration screen to update your Zyxel Device registration status. Please note that you cannot change to Nebula Mode once you click Next unless you reset the Zyxel Device.

USG FLEX 50(W) Series User’s Guide

Figure 43 Registered Device

2.1.11 Activate Service

Chapter 2 Initial Setup Wizard

After you register your Zyxel Device, you can register for the services supported by your model. See

Subscription Services Available on page 261 for more information on the subscription services for the two

types of security packs.

Here are the services available for the Zyxel Device:

• Web Filtering (CF): access a database that can block websites by category.

• Anti-Spam: use anti-spam signatures to mark or discard spam (unsolicited commercial or junk email).

Figure 44 USG20W-VPN Activate Service

Click Refresh and wait a few moments for the registration information to update in this screen. If the page does not refresh, make sure the Internet connection is working and click Refresh again. To check

USG FLEX 50(W) Series User’s Guide

your Internet connection, try to access the Internet from a computer connected to a LAN port on the Zyxel Device. If you cannot, then check your Internet access settings on the Zyxel Device.

2.1.12 Service Settings

You can enable or disable the following features in this screen. This screen varies depending on the security pack that you purchase. See on the subscription services for the two types of security packs.

Note: Select the I have read SecuReporter GDPR and agree policy check box to have

SecuReporter collect and analyze logs from this Zyxel Device. This check box won’t appear again if you have already selected this before.

• Content Filter: Use this feature to access a database that can block websites by category.

• Email Security: Use this feature to mark or discard spam (unsolicited commercial or junk email).

• SecuReporter: Use this feature to collect and analyze logs from your Zyxel Device in order to identify anomalies, notify you of potential internal or external threats, and report on network usage.

Figure 45 USG VPN Service Settings

Chapter 2 Initial Setup Wizard

Subscription Services Available on page 261 for more information

2.1.13 Service Settings: SecuReporter

Use this screen to add the Zyxel Device to a new or existing organization, and choose the level of data protection for traffic going through this Zyxel Device.

• Server Status: This is the connection status between the Zyxel Device and the SecuReporter server. This field shows Connected when the Zyxel Device can synchronize with the SecuReporter server. This field shows Timeout when the Zyxel Device can’t synchronize with the SecuReporter server. This field shows Fail when the connection between the Zyxel Device and the SecuReporter server is down.

• Device Name: Enter the name of the Zyxel Device. This Zyxel Device will be added to a new or existing organization.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

• Organization: This field appears if you haven’t created an organization in the SecuReporter server. Type a name of up to 255 characters and description to create a new organization.

• Select from existing organization: Select an existing organization from the drop-down list box to add the Zyxel Device to the selected organization.

• Create new organization: Type a name of up to 255 characters and description to create a new organization.

• Partially Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with artificial identifiers in downloaded logs.

• Fully Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with anonymized information in downloaded logs.

• Non-Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be identifiable in downloaded logs.

Figure 46 SecuReporter Settings

The following screen appears when the Zyxel Device is already added in an organization.

Figure 47 SecuReporter Settings

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

2.1.14 Wireless Settings: Management Mode

The Management Mode screen appears for Zyxel Devices that have a built-in AP. Select Built-in AP if you want WiFi clients to access your Zyxel Device wirelessly. Select AP Controller to allow the Zyxel Device to manage APs in the same network as the Zyxel Device. Both modes cannot work simultaneously. Click

Next to continue the wizard.

Figure 48 Wireless Setup Wizard > Management Mode (Models with Built-in AP)

2.1.15 Wireless Settings: AP Controller

The Zyxel Device can act as an AP Controller that can manage APs in the same network as the Zyxel Device. Select Yes if you want your Zyxel Device to manage APs in your network; otherwise select No.

Figure 49 Wireless Setup Wizard > Management Mode

2.1.16 Wireless Settings: SSID & Security

Configure SSID and wireless security in this screen.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

SSID Setting

• SSID - Enter a descriptive name of up to 32 printable characters for the wireless LAN.

• Security Mode - Select Pre-Shared Key to add security on this wireless network. Otherwise, select None to allow any wireless client to associate this network without authentication.

• Pre-Shared Key - Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters.

• Hidden SSID - Select this option if you want to hide the SSID in the outgoing beacon frame. A wireless client then cannot obtain the SSID through scanning using a site survey tool.

• Enable Intra-BSS Traffic Blocking - Select this option if you want to prevent crossover traffic from within the same SSID. Wireless clients can still access the wired network but cannot communicate with each other.

For Zyxel Devices with Built - in AP Only

Bridged to: Zyxel Devices with W in the model name have a built-in AP. Select an interface to bridge with

the built-in AP wireless network. Devices connected to this interface will then be in the same broadcast domain as devices in the AP wireless network.

Figure 50 Wireless Settings: SSID & Security

2.1.17 Remote Management

Configure settings in this screen to add a rule that has priority over other rules in Policy Control. It restricts access to the web configurator and SSL VPN service from the Internet.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 51 Remote Management

• Enable Allow secure remote management from WAN to create a rule in the Policy Control screen. It allows you to access the Zyxel Device from the WAN using HTTPS.

• Enable Restrict access only to trusted host to have the Zyxel Device allow access only from the IP addresses or FQDNs specified in the fields below.

• Enable Allow SSL VPN access from WAN to allow access to the Zyxel Device remotely through the SSL VPN tunnel.

• Enable Restrict access by GeoIP to have the Zyxel Device allow access only from countries specified in the fields below.

Figure 52 Object > Service > Service Group - HTTPS

2.2 Nebula Mode Initial Setup Wizard

Select Nebula Mode to manage and monitor your Zyxel Device remotely. Follow the wizard to configure the WAN settings to pass the management of your Zyxel Device to NCC.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Figure 53 Management Mode: Nebula Mode

2.2.1 Connect to Internet (WAN)

Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.

Use this screen to set how many WAN interfaces to configure and the first WAN interface’s type of encapsulation and method of IP address assignment.

The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field.

Note: Enter the Internet access information exactly as your ISP gave it to you. Leave a field

blank if you don’t have that information.

• I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one. This option appears when you are configuring the first WAN interface.

• VLAN Tagged: Select this to tag the traffic going out from the Zyxel Device. Enter a VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1-4080.

• Encapsulation: Choose the Ethernet option when the WAN port is used as a regular Ethernet. Choose PPPoE for a dial-up connection according to the information from your ISP.

• WAN Interface: This is the interface you are configuring for Internet access.

• IP Address Assignment: Select Auto if your ISP did not assign you a fixed IP address. Select Static if the ISP assigned a fixed IP address.

USG FLEX 50(W) Series User’s Guide

Chapter 2 Initial Setup Wizard

Type a string using up to 63 of these characters [a-zA-Z0-9!\"#$%&\'()*+,-./:;<=>?@\[\\\]^_`{}] to identify this Zyxel Device to the DHCP server. For example, Zyxel-TW.

Figure 54 Internet Access

2.2.2 Internet Access: Ethernet

•VLAN ID: This displays the VLAN ID tag for the traffic going out from Zyxel Device you configured in the previous screen.