How it Works
Zyxel
Loading...
USG FLEX 50
CLI Reference Guide
670 pgs4.91 Mb0
Datasheet
7 pgs2.1 Mb0
Handbook
865 pgs32.64 Mb0
Quick Start Guide
1 pgs3.42 Mb0
User's Guide
919 pgs22.98 Mb0
Table of contents
Loading...

Zyxel USG20-VPN, USG20W-VPN, USG FLEX 50 User's Guide

Default Login Details
User’s Guide

ZyWALL USG FLEX 50/ 50W Series

Login IP Address https://(IP assigned by NCC)
or
or
https://192.168.1.1 User Name admin Password 1234
Version 5.35 Edition 1, 01/2023
Copyright © 2023 Zyxel and/or its affiliates. All rights reserved.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.
Note: The version number on the cover page refers to the Zyxel Device’s latest firmware
version to which this User’s Guide applies.
Related Documentation
•Quick Start Guide The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator
wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.
•CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the
Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
• Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information.
•More Information Go to support.zyxel.com to find other information on Zyxel Device.
USG FLEX 50(W) Series User’s Guide
2

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
• All models in this series may be referred to as the “Zyxel Device” in this guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration >
Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.
Zyxel Device Generic Router Wireless Router / Access Point
Switch Firewall Server
Internet Network Cloud Smartphone
USB Dongle
USG FLEX 50(W) Series User’s Guide
3

Contents Overview

Contents Overview
Introduction ........................................................................................................................................... 23
Initial Setup Wizard ............................................................................................................................... 57
Hardware, Interfaces and Zones ........................................................................................................ 83
Easy Mode ............................................................................................................................................. 89
Quick Setup Wizards ........................................................................................................................... 153
Dashboard .......................................................................................................................................... 199
Monitor ................................................................................................................................................. 210
Licensing .............................................................................................................................................. 261
Wireless ................................................................................................................................................. 264
Interfaces ............................................................................................................................................. 278
Routing ................................................................................................................................................. 379
DDNS ................................................................................................................................................... 406
NAT ....................................................................................................................................................... 412
Redirect Service .................................................................................................................................. 421
ALG ....................................................................................................................................................... 427
UPnP ..................................................................................................................................................... 434
IP/MAC Binding ................................................................................................................................... 449
Layer 2 Isolation .................................................................................................................................. 454
DNS Inbound LB .................................................................................................................................. 458
IPSec VPN ............................................................................................................................................ 464
SSL VPN ................................................................................................................................................ 502
L2TP VPN .............................................................................................................................................. 508
BWM (Bandwidth Management) ..................................................................................................514
Web Authentication .......................................................................................................................... 530
Security Policy ..................................................................................................................................... 553
Content Filter ....................................................................................................................................... 584
Anti-Spam ............................................................................................................................................ 626
Astra Cloud Security ........................................................................................................................... 642
Object .................................................................................................................................................. 645
Mgmt. & Analytics ............................................................................................................................. 734
System .................................................................................................................................................. 746
Log and Report ................................................................................................................................... 810
File Manager ....................................................................................................................................... 823
Diagnostics ......................................................................................................................................... 843
Packet Flow Explore ........................................................................................................................... 859
Shutdown ............................................................................................................................................. 866
Troubleshooting .................................................................................................................................. 871
USG FLEX 50(W) Series User’s Guide
4

Table of Contents

Table of Contents
Document Conventions ............................................ ............................................ .... ... .... ...................3
Contents Overview .............................................................................................................................4
Table of Contents.................................................................................................................................5
Part I: User’s Guide.......................................................................................... 22
Chapter 1
Introduction ........................................................................................................................................23
1.1 Overview ......................................................................................................................................... 23
1.1.1 Model Feature Differences .................................................................................................. 23
1.2 On Premises Mode ......................................................................................................................... 24
1.3 Nebula Mode .................................................................................................................................. 25
1.3.1 NCC Portal ............................................................................................................................. 26
1.3.2 Your Zyxel Device .................................................................................................................. 26
1.3.3 Your Email Account for ZTP .................................................................................................. 27
1.4 Change the Mode ......................................................................................................................... 27
1.4.1 From Nebula Mode to On Premises Mode ........................................................................ 27
1.4.2 From On Premises Mode to Nebula Mode ........................................................................ 28
1.5 Registration at myZyxel .................................................................................................................. 29
1.5.1 Applications ........................................................................................................................... 30
1.6 Management Overview ................................................................................................................ 32
1.7 Web Configurator ........................................................................................................................... 34
1.7.1 Web Configurator Access .................................................................................................... 34
1.7.2 Security Check for Web Interface Overview ..................................................................... 37
1.7.3 The Security Check for Web Interface Screen .................................................................. 40
1.7.4 Remote Access to the Zyxel Device Networks .................................................................. 42
1.7.5 Web Configurator Screens Overview ................................................................................. 42
1.7.6 Navigation Panel .................................................................................................................. 47
1.7.7 Tables and Lists ...................................................................................................................... 53
Chapter 2
Initial Setup Wizard.............................................................................................................................57
2.1 Initial Setup Wizard: Select Management Mode ........................................................................ 57
2.1.1 Welcome Screen .................................................................................................................. 58
2.1.2 Internet Access Setup - WAN Interface .............................................................................. 58
2.1.3 Internet Access: Ethernet .................................................................................................... 60
USG FLEX 50(W) Series User’s Guide
5
Table of Contents
2.1.4 Internet Access: PPPoE ......................................................................................................... 61
2.1.5 Internet Access: PPTP ........................................................................................................... 62
2.1.6 Internet Access: L2TP ............................................................................................................ 64
2.1.7 Internet Access Setup - Second WAN Interface ............................................................... 66
2.1.8 Internet Access: Congratulations ....................................................................................... 67
2.1.9 Date and Time Settings ........................................................................................................ 68
2.1.10 Register Device ................................................................................................................... 68
2.1.11 Activate Service .................................................................................................................. 70
2.1.12 Service Settings .................................................................................................................... 71
2.1.13 Service Settings: SecuReporter ..........................................................................................71
2.1.14 Wireless Settings: Management Mode ............................................................................. 73
2.1.15 Wireless Settings: AP Controller ......................................................................................... 73
2.1.16 Wireless Settings: SSID & Security ...................................................................................... 73
2.1.17 Remote Management ......................................................................................................74
2.2 Nebula Mode Initial Setup Wizard ................................................................................................ 75
2.2.1 Connect to Internet (WAN) ................................................................................................. 76
2.2.2 Internet Access: Ethernet ..................................................................................................... 77
2.2.3 Internet Access: PPPoE ......................................................................................................... 78
2.2.4 Internet Access: Congratulations ....................................................................................... 80
2.2.5 QR Code ................................................................................................................................ 81
Chapter 3
Hardware, Interfaces and Zones......................................................................................................83
3.1 Hardware Overview ....................................................................................................................... 83
3.1.1 Front Panels ............................................................................................................................ 83
3.1.2 Rear Panels ............................................................................................................................ 84
3.2 Installation Scenarios ...................................................................................................................... 85
3.2.1 Desk-mounting ...................................................................................................................... 85
3.2.2 Wall-mounting ....................................................................................................................... 86
3.3 Default Zones, Interfaces, and Ports ............................................................................................ 88
3.4 Stopping the Zyxel Device ............................................................................................................ 88
Chapter 4
Easy Mode..........................................................................................................................................89
4.1 Overview ........................................................................................................................................ 89
4.1.1 Objects and Rules ................................................................................................................. 89
4.1.2 Wizards and Links .................................................................................................................. 90
4.1.3 Easy Mode Settings ............................................................................................................... 91
4.1.4 Easy Mode Dashboard ......................................................................................................... 92
4.2 Initial Setup Wizard - Language and Overview ........................................................................ 94
4.2.1 Initial Setup Wizard - Internet ........................................................................................... 95
4.2.2 Initial Setup Wizard - Internet Access Errors ..................................................................... 95
4.2.3 Initial Setup Wizard - Date and Time ................................................................................ 97
USG FLEX 50(W) Series User’s Guide
6
Table of Contents
4.2.4 Initial Setup Wizard - Register Device .............................................................................. 98
4.2.5 Initial Setup Wizard - Activate Services ............................................................................ 99
4.2.6 Initial Setup Wizard - Wi-Fi ................................................................................................ 101
4.2.7 Initial Setup Wizard - Congratulations ............................................................................ 102
4.3 Initial Setup Wizard - Security Service ..................................................................................... 103
4.4 Initial Setup Wizard - Port Forwarding ....................................................................................... 105
4.5 Initial Setup Wizard - Guest LAN ............................................................................................... 106
4.5.1 Connecting AP Scenarios ..................................................................................................107
4.6 Initial Setup Wizard - VPN ........................................................................................................... 109
4.6.1 VPN Setup Wizard: Wizard Type ...................................................................................... 110
4.6.2 VPN Express Wizard - Scenario ......................................................................................... 110
4.6.3 VPN Express Wizard - Configuration ................................................................................ 113
4.6.4 VPN Express Wizard - Summary ........................................................................................ 113
4.6.5 VPN Express Wizard - Finish ............................................................................................... 114
4.6.6 VPN Advanced Wizard - Scenario .................................................................................. 115
4.6.7 VPN Advanced Wizard - Phase 1 Settings ..................................................................... 116
4.6.8 VPN Advanced Wizard - Phase 2 .................................................................................... 118
4.6.9 VPN Advanced Wizard - Summary ................................................................................. 119
4.6.10 VPN Advanced Wizard - Finish ...................................................................................... 121
4.7 VPN Settings for Configuration Provisioning Wizard: Wizard Type ......................................... 122
4.7.1 Configuration Provisioning Express Wizard - VPN Settings ............................................ 123
4.7.2 Configuration Provisioning VPN Express Wizard - Configuration ................................. 124
4.7.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ..................... 125
4.7.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. 125
4.7.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................ 126
4.7.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings .... 127
4.7.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 ................. 129
4.7.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ............... 130
4.7.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish ....................... 132
4.8 VPN Settings for L2TP VPN Settings Wizard ............................................................................... 133
4.8.1 L2TP VPN Settings 1 ............................................................................................................. 135
4.8.2 L2TP VPN Settings 2 ............................................................................................................ 135
4.8.3 VPN Settings for L2TP VPN Setting Wizard - Summary ................................................... 136
4.8.4 VPN Settings for L2TP VPN Setting Wizard Completed .................................................. 137
4.9 Port Forwarding ........................................................................................................................... 138
4.9.1 Port Forwarding > Add Client .......................................................................................... 139
4.9.2 Port Forwarding > Add Service ........................................................................................ 139
4.9.3 Port Forwarding > UPnP .................................................................................................... 139
4.10 Wi-Fi and Guest Network Wizard ........................................................................................... 141
4.10.1 Guest LAN (Wired Network) ........................................................................................... 142
4.10.2 Connecting AP Scenarios ................................................................................................ 143
4.11 Security Service Wizard .......................................................................................................... 144
4.11.1 Security Service Wizard 2 - Content Filter Categories ............................................... 145
USG FLEX 50(W) Series User’s Guide
7
Table of Contents
4.11.2 Security Service Wizard 3 - Websites ........................................................................... 147
4.11.3 Security Service Wizard 4 - Exemptions ...................................................................... 148
4.11.4 Security Service Wizard 5 - IDP/AV .............................................................................. 149
4.12 MyZyxel Portal ......................................................................................................................... 150
4.13 One Security Portal ................................................................................................................. 151
Chapter 5
Quick Setup Wizards........................................................................................................................153
5.1 Quick Setup Overview ................................................................................................................. 153
5.2 WAN Interface Quick Setup ........................................................................................................ 154
5.2.1 Choose an Ethernet Interface ........................................................................................... 154
5.2.2 Select WAN Type ................................................................................................................. 155
5.2.3 Configure WAN IP Settings ................................................................................................. 155
5.2.4 ISP and WAN and ISP Connection Settings ...................................................................... 156
5.2.5 Quick Setup Interface Wizard: Summary ......................................................................... 159
5.3 Remote Access VPN Setup-Scenario ......................................................................................... 160
5.3.1 IKEv2 IPSec Client- VPN Configuration ............................................................................. 161
5.3.2 IKEv2 IPSec Client- User Authentication ............................................................................ 163
5.3.3 IKEv2 IPSec Client- Summary ..............................................................................................163
5.3.4 IKEv2 IPSec Client-Config Provision ................................................................................... 164
5.3.5 L2TP over IPSec Client-VPN Configuration ....................................................................... 165
5.3.6 L2TP over IPSec Client- User Authentication .................................................................... 166
5.3.7 L2TP over IPSec Client- Summary ...................................................................................... 167
5.3.8 L2TP over IPSec Client-Config Provision ............................................................................ 168
5.4 VPN Setup Wizard ......................................................................................................................... 168
5.4.1 Welcome .............................................................................................................................. 168
5.4.2 VPN Setup Wizard: Wizard Type ........................................................................................ 169
5.4.3 VPN Express Wizard - Scenario .......................................................................................... 170
5.4.4 VPN Express Wizard - Configuration ................................................................................. 171
5.4.5 VPN Express Wizard - Summary ......................................................................................... 171
5.4.6 VPN Express Wizard - Finish ................................................................................................ 172
5.4.7 VPN Advanced Wizard - Scenario ................................................................................... 173
5.4.8 VPN Advanced Wizard - Phase 1 Settings ...................................................................... 174
5.4.9 VPN Advanced Wizard - Phase 2 ..................................................................................... 176
5.4.10 VPN Advanced Wizard - Summary ................................................................................ 177
5.4.11 VPN Advanced Wizard - Finish ....................................................................................... 179
5.5 VPN Settings for Configuration Provisioning Wizard: Wizard Type ........................................... 180
5.5.1 Configuration Provisioning Express Wizard - VPN Settings ............................................. 180
5.5.2 Configuration Provisioning VPN Express Wizard - Configuration .................................. 181
5.5.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ...................... 182
5.5.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. 183
5.5.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................. 184
5.5.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings .... 185
USG FLEX 50(W) Series User’s Guide
8
Table of Contents
5.5.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................. 186
5.5.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................ 187
5.5.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish ....................... 190
5.6 VPN Settings for L2TP VPN Settings Wizard ................................................................................. 190
5.6.1 L2TP VPN Settings ................................................................................................................ 191
5.6.2 L2TP VPN Settings ................................................................................................................ 192
5.6.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... 192
5.6.4 VPN Settings for L2TP VPN Setting Wizard - Completed ................................................ 194
5.7 Wireless Setup Wizard ................................................................................................................... 194
5.7.1 SSID ....................................................................................................................................... 195
5.7.2 Radio .................................................................................................................................... 195
5.7.3 Summary .............................................................................................................................. 197
5.7.4 Wizard Completed ............................................................................................................. 197
Chapter 6
Dashboard........................................................................................................................................199
6.1 Overview ....................................................................................................................................... 199
6.1.1 What You Can Do in this Chapter ..................................................................................... 199
6.2 The General Screen ..................................................................................................................... 199
6.2.1 Device Information Screen ................................................................................................201
6.2.2 System Status Screen .......................................................................................................... 202
6.2.3 Tx/Rx Statistics ...................................................................................................................... 202
6.2.4 The Latest Logs Screen ....................................................................................................... 203
6.2.5 System Resources Screen ................................................................................................... 203
6.2.6 DHCP Table Screen ............................................................................................................. 204
6.2.7 Number of Login Users Screen ........................................................................................... 205
6.2.8 Current Login User ............................................................................................................... 206
6.2.9 VPN Status ............................................................................................................................ 206
6.2.10 SSL VPN Status .................................................................................................................... 207
6.3 The VPN Screen ............................................................................................................................ 207
Part II: Technical Reference.........................................................................209
Chapter 7
Monitor..............................................................................................................................................210
7.1 Overview ....................................................................................................................................... 210
7.1.1 What You Can Do in this Chapter ..................................................................................... 210
7.2 The Port Statistics Screen ............................................................................................................ 211
7.2.1 The Port Statistics Graph Screen ....................................................................................... 212
7.3 Interface Status Screen ................................................................................................................ 213
7.4 The Traffic Statistics Screen .......................................................................................................... 217
USG FLEX 50(W) Series User’s Guide
9
Table of Contents
7.5 The Session Monitor Screen ........................................................................................................ 220
7.6 The DHCP Table Screen ............................................................................................................... 222
7.7 The Device Insight Screen ........................................................................................................... 223
7.7.1 The Device Insight Edit Screen ...........................................................................................226
7.7.2 The Device Insight Feedback Screen ............................................................................... 227
7.8 The Login Users Screen ................................................................................................................. 228
7.9 IGMP Statistics ............................................................................................................................... 229
7.10 The DDNS Status Screen ............................................................................................................. 230
7.11 IP/MAC Binding ........................................................................................................................... 231
7.12 Cellular Status Screen ................................................................................................................ 231
7.12.1 More Information .............................................................................................................. 234
7.13 The UPnP Port Status Screen ..................................................................................................... 235
7.14 USB Storage Screen .................................................................................................................... 236
7.15 Ethernet Neighbor Screen ........................................................................................................ 237
7.16 FQDN Object Screen ................................................................................................................ 238
7.17 AP Information: Radio List ......................................................................................................... 240
7.17.1 Radio List: More Information ............................................................................................242
7.18 SSID Info .................................................................................................................................... 243
7.19 Station Info: Station List .............................................................................................................. 244
7.20 Station Info: Top N Stations ........................................................................................................ 246
7.21 Station Info: Single Station ......................................................................................................... 247
7.22 The IPSec Screen ........................................................................................................................ 248
7.22.1 Regular Expressions in Searching IPSec SAs ................................................................... 250
7.23 The SSL Screen ............................................................................................................................. 250
7.24 The L2TP over IPSec Screen ....................................................................................................... 251
7.25 The Content Filter Screen .......................................................................................................... 252
7.25.1 Web Content Filter ............................................................................................................ 252
7.25.2 DNS Content Filter ............................................................................................................. 253
7.26 The Anti-Spam Screens .............................................................................................................. 254
7.26.1 Anti-Spam Summary ......................................................................................................... 254
7.26.2 The Anti-Spam Status Screen ........................................................................................... 256
7.27 Log Screens ................................................................................................................................. 258
7.27.1 View Log ............................................................................................................................ 258
Chapter 8
Licensing...........................................................................................................................................261
8.1 Registration Overview .................................................................................................................. 261
8.1.1 What you Need to Know ....................................................................................................261
8.1.2 Registration Screen ............................................................................................................. 261
8.1.3 Service Screen ..................................................................................................................... 262
Chapter 9
Wireless.............................................................................................................................................264
USG FLEX 50(W) Series User’s Guide
10
Table of Contents
9.1 Overview ....................................................................................................................................... 264
9.1.1 What You Can Do in this Chapter ..................................................................................... 264
9.2 Built-in AP ...................................................................................................................................... 264
9.2.1 Wireless > Built-in AP > General >Add/Edit SSID ............................................................... 265
9.2.2 Wireless > Built-in AP > Radio .............................................................................................. 269
9.3 Technical Reference .................................................................................................................... 276
9.3.1 Dynamic Channel Selection .............................................................................................. 276
9.3.2 Load Balancing ................................................................................................................... 277
Chapter 10
Interfaces..........................................................................................................................................278
10.1 Interface Overview .................................................................................................................... 278
10.1.1 What You Can Do in this Chapter ................................................................................... 278
10.1.2 What You Need to Know ................................................................................................. 279
10.1.3 What You Need to Do First ...............................................................................................283
10.2 Port Role ....................................................................................................................................... 283
10.3 Port Group ................................................................................................................................... 284
10.4 Port Configuration ...................................................................................................................... 285
10.5 Ethernet Summary Screen ......................................................................................................... 287
10.5.1 Ethernet Edit ...................................................................................................................... 289
10.5.2 Proxy ARP ........................................................................................................................... 305
10.5.3 Virtual Interfaces .............................................................................................................. 306
10.5.4 References ......................................................................................................................... 308
10.5.5 Add/Edit DHCPv6 Request/Release Options ................................................................. 308
10.5.6 Add/Edit DHCP Extended Options ................................................................................. 309
10.6 PPP Interfaces ............................................................................................................................. 311
10.6.1 PPP Interface Summary .................................................................................................... 311
10.6.2 PPP Interface Add or Edit ................................................................................................ 313
10.7 Cellular Configuration Screen ................................................................................................... 318
10.7.1 Cellular Choose Slot ......................................................................................................... 321
10.7.2 Add / Edit Cellular Configuration .................................................................................... 321
10.8 Tunnel Interfaces ........................................................................................................................ 327
10.8.1 Configuring a Tunnel ........................................................................................................ 329
10.8.2 Tunnel Add or Edit Screen ................................................................................................ 330
10.9 VLAN Interfaces ......................................................................................................................... 334
10.9.1 VLAN Summary Screen .....................................................................................................335
10.9.2 VLAN Add/Edit ................................................................................................................. 336
10.10 Bridge Interfaces ...................................................................................................................... 348
10.10.1 Bridge Summary .............................................................................................................. 349
10.10.2 Bridge Add/Edit .............................................................................................................. 351
10.11 VTI ............................................................................................................................................... 361
10.11.1 Restrictions for IPSec Virtual Tunnel Interface .............................................................. 362
10.11.2 VTI Screen ........................................................................................................................ 362
USG FLEX 50(W) Series User’s Guide
11
Table of Contents
10.11.3 VTI Add/Edit ..................................................................................................................... 363
10.12 Trunk Overview ......................................................................................................................... 367
10.12.1 What You Need to Know ............................................................................................... 367
10.13 The Trunk Summary Screen ...................................................................................................... 370
10.13.1 Configuring a User-Defined Trunk ................................................................................. 371
10.13.2 Configuring the System Default Trunk .......................................................................... 373
10.14 Interface Technical Reference ............................................................................................... 374
Chapter 11
Routing..............................................................................................................................................379
11.1 Policy and Static Routes Overview ........................................................................................... 379
11.1.1 What You Can Do in this Chapter ................................................................................... 379
11.1.2 What You Need to Know ................................................................................................ 380
11.2 Policy Route Screen ................................................................................................................... 381
11.2.1 Policy Route Edit Screen .................................................................................................. 383
11.3 IP Static Route Screen ................................................................................................................ 388
11.3.1 Static Route Add/Edit Screen .......................................................................................... 388
11.4 Policy Routing Technical Reference ........................................................................................390
11.5 Routing Protocols Overview ..................................................................................................... 390
11.5.1 What You Need to Know ................................................................................................. 391
11.6 The RIP Screen ............................................................................................................................. 391
11.7 The OSPF Screen ......................................................................................................................... 393
11.7.1 Configuring the OSPF Screen .......................................................................................... 396
11.7.2 OSPF Area Add/Edit Screen ........................................................................................... 397
11.7.3 Virtual Link Add/Edit Screen ...........................................................................................399
11.8 BGP (Border Gateway Protocol) .............................................................................................. 400
11.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................ 401
11.8.2 Configuring the BGP Screen ............................................................................................ 401
11.8.3 The BGP Neighbors Screen .............................................................................................. 403
11.8.4 Example Scenario ............................................................................................................. 404
Chapter 12
DDNS ................................................................................................................................................406
12.1 DDNS Overview ........................................................................................................................... 406
12.1.1 What You Can Do in this Chapter ................................................................................... 406
12.1.2 What You Need to Know ................................................................................................. 406
12.2 The DDNS Screen ........................................................................................................................ 407
12.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ 408
Chapter 13
NAT....................................................................................................................................................412
13.1 Overview ..................................................................................................................................... 412
13.2 NAT Overview ............................................................................................................................. 412
USG FLEX 50(W) Series User’s Guide
12
Table of Contents
13.2.1 What You Can Do in this Chapter ................................................................................... 412
13.2.2 What You Need to Know ................................................................................................. 412
13.3 The NAT Screen ........................................................................................................................... 414
13.3.1 The NAT Add/Edit Screen .................................................................................................415
13.4 NAT Technical Reference .......................................................................................................... 418
Chapter 14
Redirect Service...............................................................................................................................421
14.1 Overview ..................................................................................................................................... 421
14.1.1 HTTP Redirect ..................................................................................................................... 421
14.1.2 SMTP Redirect .................................................................................................................... 421
14.1.3 What You Can Do in this Chapter ................................................................................... 422
14.1.4 What You Need to Know ................................................................................................. 422
14.2 The Redirect Service Screen ..................................................................................................... 424
14.2.1 The Redirect Service Edit Screen ..................................................................................... 425
Chapter 15
ALG....................................................................................................................................................427
15.1 ALG Overview ............................................................................................................................. 427
15.1.1 What You Need to Know ................................................................................................. 427
15.1.2 Before You Begin ............................................................................................................... 430
15.2 The ALG Screen .......................................................................................................................... 430
15.3 ALG Technical Reference ......................................................................................................... 432
Chapter 16
UPnP...................................................................................................................................................434
16.1 UPnP and NAT-PMP Overview ................................................................................................... 434
16.2 What You Need to Know ........................................................................................................... 434
16.2.1 NAT Traversal ..................................................................................................................... 434
16.2.2 Cautions with UPnP and NAT-PMP .................................................................................. 435
16.3 UPnP Screen ................................................................................................................................ 435
16.4 Technical Reference .................................................................................................................. 436
16.4.1 Turning on UPnP in Windows 7 Example ......................................................................... 436
16.4.2 Turn on UPnP in Windows 10 Example ............................................................................ 440
16.4.3 Auto-discover Your UPnP-enabled Network Device .................................................... 442
16.4.4 Web Configurator Easy Access in Windows 7 ............................................................... 445
16.4.5 Web Configurator Easy Access in Windows 10 ............................................................. 447
Chapter 17
IP/MAC Binding................................................................................................................................449
17.1 IP/MAC Binding Overview ......................................................................................................... 449
17.1.1 What You Can Do in this Chapter ................................................................................... 449
17.1.2 What You Need to Know ................................................................................................. 449
USG FLEX 50(W) Series User’s Guide
13
Table of Contents
17.2 IP/MAC Binding Summary ......................................................................................................... 450
17.2.1 IP/MAC Binding Edit .......................................................................................................... 451
17.2.2 Static DHCP Edit ................................................................................................................ 452
17.3 IP/MAC Binding Exempt List ....................................................................................................... 453
Chapter 18
Layer 2 Isolation...............................................................................................................................454
18.1 Overview ..................................................................................................................................... 454
18.1.1 What You Can Do in this Chapter ................................................................................... 454
18.2 Layer-2 Isolation General Screen ............................................................................................. 454
18.3 Allow List Screen ......................................................................................................................... 455
18.3.1 Add/Edit Allow List Rule ................................................................................................... 456
Chapter 19
DNS Inbound LB................................................................................................................................458
19.1 DNS Inbound Load Balancing Overview ................................................................................. 458
19.1.1 What You Can Do in this Chapter ................................................................................... 458
19.2 The DNS Inbound LB Screen ...................................................................................................... 459
19.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ 460
19.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ 462
Chapter 20
IPSec VPN .........................................................................................................................................464
20.1 Virtual Private Networks (VPN) Overview ................................................................................. 464
20.1.1 What You Can Do in this Chapter ................................................................................... 466
20.1.2 What You Need to Know ................................................................................................. 466
20.1.3 Before You Begin ............................................................................................................... 469
20.2 The VPN Connection Screen ..................................................................................................... 469
20.2.1 The VPN Connection Add/Edit Screen .......................................................................... 471
20.3 The VPN Gateway Screen ......................................................................................................... 478
20.3.1 The VPN Gateway Add/Edit Screen ............................................................................... 480
20.4 VPN Concentrator ..................................................................................................................... 487
20.4.1 VPN Concentrator Requirements and Suggestions ...................................................... 488
20.4.2 VPN Concentrator Screen ............................................................................................... 488
20.4.3 The VPN Concentrator Add/Edit Screen ........................................................................ 489
20.5 Zyxel Device IPSec VPN Client Configuration Provisioning .................................................... 490
20.6 IPSec VPN Background Information ......................................................................................... 492
Chapter 21
SSL VPN..............................................................................................................................................502
21.1 Overview ..................................................................................................................................... 502
21.1.1 What You Can Do in this Chapter ................................................................................... 502
21.1.2 What You Need to Know ................................................................................................. 502
USG FLEX 50(W) Series User’s Guide
14
Table of Contents
21.2 The SSL Access Privilege Screen ................................................................................................ 503
21.2.1 The SSL Access Privilege Policy Add/Edit Screen ......................................................... 504
21.3 The SSL Global Setting Screen ................................................................................................... 506
Chapter 22
L2TP VPN..................................... ... .... .... ............................................ ... .... .........................................508
22.1 Overview ..................................................................................................................................... 508
22.1.1 What You Can Do in this Chapter ................................................................................... 508
22.1.2 What You Need to Know ................................................................................................. 508
22.2 L2TP VPN Screen ......................................................................................................................... 509
22.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................ 511
Chapter 23
BWM (Bandwidth Management) .................................................................................................514
23.1 Overview ..................................................................................................................................... 514
23.1.1 What You Can Do in this Chapter ................................................................................... 514
23.1.2 What You Need to Know ................................................................................................ 514
23.2 The Bandwidth Management Configuration .......................................................................... 518
23.2.1 The Bandwidth Management Add/Edit Screen ............................................................ 521
Chapter 24
Web Authentication ........................................................................................................................530
24.1 Web Auth Overview ................................................................................................................... 530
24.1.1 What You Can Do in this Chapter ................................................................................... 530
24.1.2 What You Need to Know ................................................................................................. 531
24.2 Web Authentication General Screen ...................................................................................... 531
24.2.1 User-aware Access Control Example ............................................................................. 537
24.2.2 Authentication Type Screen ............................................................................................ 543
24.2.3 Custom Web Portal / User Agreement File Screen ....................................................... 547
24.2.4 Facebook Wi-Fi Screen ..................................................................................................... 548
Chapter 25
Security Policy..................................................................................................................................553
25.1 Overview ..................................................................................................................................... 553
25.2 One Security ................................................................................................................................ 554
25.3 What You Can Do in this Chapter ............................................................................................ 557
25.3.1 What You Need to Know ................................................................................................. 557
25.4 The Security Policy Screen ......................................................................................................... 559
25.4.1 Configuring the Security Policy Control Screen ............................................................ 560
25.4.2 The Security Check for Web Interface Screen .............................................................. 563
25.4.3 The Security Policy Control Add/Edit Screen ................................................................. 565
25.5 Anomaly Detection and Prevention Overview ...................................................................... 567
25.5.1 The Anomaly Detection and Prevention General Screen ........................................... 567
USG FLEX 50(W) Series User’s Guide
15
Table of Contents
25.5.2 Creating New ADP Profiles ..............................................................................................569
25.5.3 Traffic Anomaly Profiles ................................................................................................... 571
25.5.4 Protocol Anomaly Profiles ................................................................................................ 573
25.5.5 The ADP Allow List Screen ................................................................................................ 577
25.5.6 Creating New ADP Allow List Rule ................................................................................... 578
25.6 The Session Control Screen ........................................................................................................ 578
25.6.1 The Session Control Add/Edit Screen .............................................................................. 580
25.7 Security Policy Example Applications ......................................................................................581
Chapter 26
Content Filter ....................................................................................................................................584
26.1 Overview ..................................................................................................................................... 584
26.1.1 What You Can Do in this Chapter ................................................................................... 584
26.1.2 What You Need to Know ................................................................................................. 584
26.1.3 Before You Begin ............................................................................................................... 586
26.2 Web Content Filter General Screen .........................................................................................587
26.2.1 Apply to a Security Policy ................................................................................................ 588
26.2.2 Web Content Filter Add Category Service .................................................................... 591
26.2.3 Content Filter Add Filter Profile Custom Service ........................................................... 604
26.3 Web Content Filter Trusted Web Sites Screen ........................................................................ 607
26.4 Web Content Filter Forbidden Web Sites Screen ................................................................... 608
26.5 DNS Content Filter General Screen .......................................................................................... 609
26.5.1 DNS Content Filter Add Profile ......................................................................................... 611
26.6 DNS Content Filter Allow List Screen ......................................................................................... 623
26.7 DNS Content Filter Block List Screen ......................................................................................... 624
26.8 Content Filter Technical Reference ......................................................................................... 624
Chapter 27
Anti-Spam.........................................................................................................................................626
27.1 Overview ..................................................................................................................................... 626
27.1.1 What You Can Do in this Chapter ................................................................................... 626
27.1.2 What You Need to Know ................................................................................................. 626
27.2 Before You Begin ........................................................................................................................ 627
27.3 The Anti-Spam Profile Screen .................................................................................................... 628
27.3.1 The Anti-Spam Profile Add or Edit Screen ...................................................................... 629
27.4 The Mail Scan Screen ................................................................................................................. 631
27.5 The Anti-Spam Block List Screen ............................................................................................... 632
27.5.1 The Anti-Spam Block or Allow List Add/Edit Screen ...................................................... 634
27.5.2 Regular Expressions in Block or Allow List Entries ............................................................ 635
27.6 The Anti-Spam Allow List Screen ............................................................................................... 635
27.7 The DNSBL Screen ....................................................................................................................... 637
27.8 Anti-Spam Technical Reference ............................................................................................... 638
USG FLEX 50(W) Series User’s Guide
16
Table of Contents
Chapter 28
Astra Cloud Security....................................... ... .... ..........................................................................642
28.1 Overview ..................................................................................................................................... 642
28.2 Astra Cloud Security Screen ...................................................................................................... 643
Chapter 29
Object...............................................................................................................................................645
29.1 The Device Insight Screen ......................................................................................................... 645
29.1.1 Device Insight Add/Edit Screen ...................................................................................... 646
29.1.2 Example: Block a Profile ................................................................................................... 647
29.2 Zones Overview .......................................................................................................................... 651
29.2.1 What You Need to Know ................................................................................................. 652
29.2.2 The Zone Screen ................................................................................................................ 653
29.3 User/Group Overview ................................................................................................................ 654
29.3.1 What You Need To Know ................................................................................................. 655
29.3.2 User/Group User Summary Screen .................................................................................. 657
29.3.3 User Add/Edit General Screen ........................................................................................ 658
29.3.4 User Add/Edit Two-factor Authentication Screen ........................................................ 662
29.3.5 User/Group Group Summary Screen .............................................................................. 665
29.3.6 User/Group Setting Screen ............................................................................................. 666
29.3.7 User/Group MAC Address Summary Screen ................................................................ 671
29.3.8 User /Group Technical Reference .................................................................................. 673
29.4 Address/Geo IP Overview ....................................................................................................... 674
29.4.1 What You Need To Know ................................................................................................. 674
29.4.2 Address Summary Screen ................................................................................................ 675
29.4.3 Address Group Summary Screen .................................................................................... 679
29.4.4 Geo IP Summary Screen .................................................................................................. 681
29.5 Service Overview ........................................................................................................................ 684
29.5.1 What You Need to Know ................................................................................................. 684
29.5.2 The Service Summary Screen .......................................................................................... 685
29.5.3 The Service Group Summary Screen ............................................................................. 687
29.6 Schedule Overview ................................................................................................................... 689
29.6.1 What You Need to Know ................................................................................................. 689
29.6.2 The Schedule Screen ........................................................................................................ 690
29.6.3 The Schedule Group Screen ............................................................................................ 693
29.7 AAA Server Overview ............................................................................................................... 694
29.7.1 Directory Service (AD/LDAP) ........................................................................................... 695
29.7.2 RADIUS Server .................................................................................................................... 695
29.7.3 ASAS .................................................................................................................................... 695
29.7.4 What You Need To Know ................................................................................................. 696
29.7.5 Active Directory or LDAP Server Summary ..................................................................... 697
29.7.6 RADIUS Server Summary ...................................................................................................701
29.8 Auth. Method Overview ........................................................................................................... 704
USG FLEX 50(W) Series User’s Guide
17
Table of Contents
29.8.1 Before You Begin ............................................................................................................... 704
29.8.2 Example: Selecting a VPN Authentication Method ..................................................... 704
29.8.3 Authentication Method Objects ..................................................................................... 705
29.8.4 Two-Factor Authentication .............................................................................................. 707
29.8.5 Two-Factor Authentication VPN Access ........................................................................ 710
29.8.6 Two-Factor Authentication Admin Access .................................................................... 712
29.9 Certificate Overview .................................................................................................................. 713
29.9.1 What You Need to Know ................................................................................................. 714
29.9.2 Verifying a Certificate ...................................................................................................... 715
29.9.3 The My Certificates Screen ..............................................................................................716
29.9.4 The Trusted Certificates Screen ...................................................................................... 725
29.9.5 Certificates Technical Reference ................................................................................... 730
29.10 ISP Account Overview ............................................................................................................ 730
29.10.1 ISP Account Summary ....................................................................................................730
Chapter 30
Mgmt. & Analytics...........................................................................................................................734
30.1 Mgmt. & Analytics Overview ..................................................................................................... 734
30.1.1 What You Can Do in this Chapter ................................................................................... 734
30.2 Cloud CNM SecuManager ....................................................................................................... 734
30.3 Cloud CNM SecuReporter ......................................................................................................... 737
30.4 Nebula ......................................................................................................................................... 742
30.4.1 Scenario A-Native Mode ................................................................................................. 742
30.4.2 Scenario B-Zero Touch Provisioning (ZTP) ....................................................................... 744
Chapter 31
System...............................................................................................................................................746
31.1 Overview ..................................................................................................................................... 746
31.1.1 What You Can Do in this Chapter ................................................................................... 746
31.2 Host Name ................................................................................................................................... 747
31.3 USB Storage ................................................................................................................................. 747
31.4 Date and Time ............................................................................................................................ 749
31.4.1 Pre-defined NTP Time Servers List ..................................................................................... 752
31.4.2 Time Server Synchronization ............................................................................................ 752
31.5 Console Port Speed ................................................................................................................... 753
31.6 DNS Overview ............................................................................................................................. 754
31.6.1 DNS Server Address Assignment ...................................................................................... 754
31.6.2 Configuring the DNS Screen ............................................................................................ 754
31.6.3 (IPv6) Address Record ...................................................................................................... 758
31.6.4 PTR Record ......................................................................................................................... 758
31.6.5 Adding an (IPv6) Address/PTR Record .......................................................................... 758
31.6.6 CNAME Record ................................................................................................................. 759
31.6.7 Adding a CNAME Record ................................................................................................ 759
USG FLEX 50(W) Series User’s Guide
18
Table of Contents
31.6.8 Domain Zone Forwarder ................................................................................................. 760
31.6.9 Adding a Domain Zone Forwarder ................................................................................. 760
31.6.10 MX Record ...................................................................................................................... 761
31.6.11 Adding a MX Record ...................................................................................................... 761
31.6.12 Security Option Control .................................................................................................. 762
31.6.13 Editing a Security Option Control .................................................................................. 762
31.6.14 Adding a DNS Service Control Rule .............................................................................. 763
31.7 WWW Overview .......................................................................................................................... 764
31.7.1 Service Access Limitations ............................................................................................... 764
31.7.2 System Timeout .................................................................................................................. 764
31.7.3 HTTPS ................................................................................................................................... 764
31.7.4 Configuring WWW Service Control ................................................................................. 765
31.7.5 Service Control Rules ........................................................................................................ 768
31.7.6 Customizing the WWW Login Page ................................................................................ 769
31.7.7 HTTPS Example ................................................................................................................... 774
31.8 SSH ............................................................................................................................................. 781
31.8.1 SSH Implementation on the Zyxel Device ...................................................................... 782
31.8.2 Requirements for Using SSH ..............................................................................................782
31.8.3 Configuring SSH ................................................................................................................. 782
31.8.4 Service Control Rules ........................................................................................................ 783
31.8.5 SSH Example ...................................................................................................................... 784
31.9 Telnet ........................................................................................................................................... 785
31.9.1 Configuring Telnet ............................................................................................................. 785
31.9.2 Service Control Rules ........................................................................................................ 787
31.10 FTP .............................................................................................................................................. 787
31.10.1 Configuring FTP ................................................................................................................ 787
31.10.2 Service Control Rules ...................................................................................................... 789
31.11 SNMP ......................................................................................................................................... 789
31.11.1 SNMPv3 and Security ...................................................................................................... 790
31.11.2 Supported MIBs ............................................................................................................... 791
31.11.3 SNMP Traps ....................................................................................................................... 791
31.11.4 Configuring SNMP ........................................................................................................... 791
31.11.5 Add SNMPv3 User ............................................................................................................ 793
31.11.6 Service Control Rules ...................................................................................................... 794
31.12 Authentication Server .............................................................................................................. 795
31.12.1 Add/Edit Trusted RADIUS Client .................................................................................... 796
31.13 Notification > Mail Server ......................................................................................................... 797
31.14 Notification > SMS ..................................................................................................................... 799
31.15 Notification > Response Message .........................................................................................800
31.16 Language Screen ..................................................................................................................... 801
31.17 IPv6 Screen ................................................................................................................................ 802
31.18 Zyxel One Network (ZON) Utility ............................................................................................. 802
31.18.1 Requirements ................................................................................................................... 803
USG FLEX 50(W) Series User’s Guide
19
Table of Contents
31.18.2 Run the ZON Utility ........................................................................................................... 803
31.18.3 Zyxel One Network (ZON) System Screen .................................................................... 807
31.19 Advanced Screen .................................................................................................................... 807
31.19.1 Fast Forwarding Technical Reference .......................................................................... 808
Chapter 32
Log and Report....... .... ... ............................................. ... .... ............................................ ...................810
32.1 Overview ..................................................................................................................................... 810
32.1.1 What You Can Do In this Chapter .................................................................................. 810
32.2 Email Daily Report ....................................................................................................................... 810
32.3 Log Setting Screens ................................................................................................................... 812
32.3.1 Log Setting Summary ........................................................................................................ 812
32.3.2 Edit System Log Settings .................................................................................................. 814
32.3.3 Edit Log on USB Storage Setting ..................................................................................... 817
32.3.4 Edit Remote Server Log Settings ..................................................................................... 818
32.3.5 Log Category Settings Screen ......................................................................................... 820
Chapter 33
File Manager ....................................................................................................................................823
33.1 Overview ..................................................................................................................................... 823
33.1.1 What You Can Do in this Chapter ................................................................................... 823
33.1.2 What you Need to Know .................................................................................................. 823
33.2 The Configuration Screen .......................................................................................................... 827
33.2.1 The Configuration Schedule Backup Screen ................................................................ 832
33.3 Firmware Management ........................................................................................................... 833
33.3.1 Cloud Helper ..................................................................................................................... 833
33.3.2 The Firmware Management Screen ............................................................................... 835
33.3.3 Firmware Upgrade via USB Stick ...................................................................................... 839
33.3.4 Firmware Integrity Check ................................................................................................. 839
33.4 The Shell Script Screen .............................................................................................................. 840
Chapter 34
Diagnostics ......................................................................................................................................843
34.1 Overview ..................................................................................................................................... 843
34.1.1 What You Can Do in this Chapter ................................................................................... 843
34.2 The Diagnostics Screens ............................................................................................................ 843
34.2.1 Scripts ................................................................................................................................. 843
34.2.2 The Diagnostics Controller Screen .................................................................................. 844
34.2.3 The Diagnostics Files Screen ............................................................................................846
34.3 The Packet Capture Screen ...................................................................................................... 847
34.3.1 The Packet Capture Files Screen .................................................................................... 850
34.4 The CPU / Memory Status Screen ............................................................................................ 851
34.5 The System Log Screen .............................................................................................................. 852
USG FLEX 50(W) Series User’s Guide
20
Table of Contents
34.6 The Network Tool Screen ........................................................................................................... 853
34.7 The Routing Traces Screen ........................................................................................................ 855
34.8 The Wireless Frame Capture Screen ........................................................................................856
34.8.1 The Wireless Frame Capture Files Screen ...................................................................... 858
Chapter 35
Packet Flow Explore ........................................................................................................................859
35.1 Overview ..................................................................................................................................... 859
35.1.1 What You Can Do in this Chapter ................................................................................... 859
35.2 Routing Status ............................................................................................................................ 859
35.3 The SNAT Status Screen .............................................................................................................. 863
Chapter 36
Shutdown..........................................................................................................................................866
36.1 Overview ..................................................................................................................................... 866
36.1.1 What You Need To Know ................................................................................................. 866
36.2 The Shutdown / Reboot Screen ................................................................................................ 866
Part III: Appendices and Troubleshooting..................................................870
Chapter 37
Troubleshooting................................................................................................................................871
37.1 Resetting the Zyxel Device ........................................................................................................ 885
37.2 Getting More Troubleshooting Help .........................................................................................885
Appendix A Customer Support ..................................................................................................... 886
Appendix B Product Features........................................................................................................ 892
Appendix C Legal Information ...................................................................................................... 896
USG FLEX 50(W) Series User’s Guide
21
PART I

User’s Guide

22

1.1 Overview

Zyxel Device refers to these models as outlined below.
• USG FLEX 50 (USG20-VPN)
• USG FLEX 50W (USG20W-VPN)
1.1.1 Model Feature Differences
Note the following differences between these models:
Table 1 USG FLEX 50 Series Model Feature Comparison
FEATURE/MODEL
Microsoft Azure YES YES
Amazon VPC CLI only CLI only
Anomaly Detection & Prevention YES YES
Anti-Spam YES YES
IPS (IDP) NO NO
Anti-Malware NO NO
App Patrol NO NO
Web Security (Content Filtering) YES YES
SecuReporter YES YES
Reputation Filter (IP & DNS) NO NO
URL Threat Filter NO NO
Sandboxing NO NO
IP Exception NO NO
AP Controller NO NO
Device HA Pro NO NO
Easy Mode YES YES
Hotspot Management NO NO
Concurrent Device Upgrade NO NO
LAG NO NO
Port Group NO NO
Port Role YES YES
SD-WAN Mode NO NO
SSL Application YES YES
SSL encrypted traffic inspection YES YES

Introduction

USG FLEX 50 (USG20-VPN)
CHAPTER 1
USG FLEX 50W (USG20W-VPN)
USG FLEX 50(W) Series User’s Guide
23
Chapter 1 Introduction
Table 1 USG FLEX 50 Series Model Feature Comparison (continued)
FEATURE/MODEL
Bundled UTM Feature License Validity 1 year 1 year
WiFi functionality (built-in) NO YES
Virtual Server Load Balancing NO NO
Built-in AP NO YES
Management by Nebula Control Center (NCC) YES YES
• Not all models support all features. See Table 1 on page 23 for the specific features that your model supports.
Table 2 Security Feature List
• Application Security (Application Patrol) • Intrusion Prevention System (IPS)
• Anomaly Detection & Prevention (ADP) • Web Filtering (Content Filtering)
• Malware Blocker (Anti-Virus) • Email Security (Anti-Spam)
• Secure Socket Layer (SSL) encrypted traffic Inspection
The following security features work without a security license:
USG FLEX 50 (USG20-VPN)
USG FLEX 50W (USG20W-VPN)
• Configuration > Content Filter > Trusted Web Sites
• Configuration > Anti-Spam/Email Security > Block/Allow List
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see
See the product’s datasheet for detailed information on a specific model.

1.2 On Premises Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose On Premises Mode to manage your Zyxel Device directly using either the browser-based Web Configurator or the Command Line Interface (CLI).
Section 1.3 on page 42.
USG FLEX 50(W) Series User’s Guide
24
Chapter 1 Introduction
Figure 1 On Premises Mode
Follow the wizard to configure the Zyxel Device network settings to manage your Zyxel Device directly. Note that once you complete the device registration step and register your Zyxel Device at portal.myzyxel.com, you cannot change to Nebula Mode unless you reset the Zyxel Device.

1.3 Nebula Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose Nebula Mode to manage your Zyxel Device remotely using Nebula Control Center (NCC). Select this mode if you want to configure and monitor one or more Zyxel Devices through the cloud.
Figure 2 Nebula Mode
USG FLEX 50(W) Series User’s Guide
25
Follow the wizard to configure the Zyxel Device network settings to connect to NCC. Note that once you complete th WAN configuration step, you cannot change to On Premises Mode unless you reset the Zyxel Device.
Nebula Control Center (NCC) is an Internet portal that allows you to configure and monitor groups of Zyxel Devices in organizations. You cannot manage a Zyxel Device directly through the Web Configurator or Command Line Interface (CLI) when NCC is managing the Zyxel Device. See
page 23 to see which Zyxel Devices can be managed by NCC.
Follow this procedure to have NCC manage your Zyxel Device.
1.3.1 NCC Portal
You should already have created an account at myZyxel.com. Follow these steps at the NCC portal.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account. If you do not have a myZyxel
account, you will be redirected to another screen to create one.
2 After you log in, click Go under Nebula Control Center and then Let’s Start to run the Nebula setup
wizard. Create an organization and a site or select an existing site.
Chapter 1 Introduction
Table 1 on
3 Add the Zyxel Device to this site by entering its MAC address and serial number. You’ll find the MAC
address and serial number of the Zyxel Device on its label or scan the QR code using the Nebula app.
4 Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.
5 If you’re given a choice, select Native Mode. If you cannot select Native Mode, configure the email
address of the person who will configure the Zyxel Device for management by Nebula. An email will be sent to this person containing an activation link that allows automatic management of the Zyxel Device by Nebula (Zero Touch Provisioning (ZTP)).
1.3.2 Your Zyxel Device
The person who will configure the Zyxel Device for management by Nebula should follow this procedure.
1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P1 or P2) to the Ethernet port of a
device that will provide Internet access.
2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P3 or P4) to your computer.
Make sure your computer can receive an IP address automatically. This is the default for all computers, so the computer should be fine unless you changed it.
3 Connect the power port to an appropriate power source and turn on the Zyxel Device. Wait for the SYS
LED to turn solid green.
4 Back up your current configuration before passing management to Nebula. Log into the web
configurator, and go to Maintenance > File Manager > Configuration File. Select startup-config.conf, then click Download.
USG FLEX 50(W) Series User’s Guide
26
Chapter 1 Introduction
5 If you cannot select Native Mode, reset the Zyxel Device to the factory defaults. Push the Reset button
until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all previous configurations will be erased.
Skip this step if you did not configure your Zyxel Device before (including just logging in and changing the default password.). You must reset the Zyxel Device if it does not have the factory default configuration.
1.3.3 Your Email Account for ZTP
If you cannot select Native Mode in the Nebula setup wizard, do the following after the Zyxel Device is on:
1 Check your mailbox for an email from Nebula. You may need to check your spam folder
2 Follow the instructions in the email if you did not complete the instructions above. Look for an activation
link in the email. Click the activation link or copy the link to your web browser. You will see a screen saying that Nebula registration is in process. Please wait.
3 When you see a screen saying Nebula registration has succeeded, management of your Zyxel Device
has passed to Nebula Control Center. The Nebula administrator can now configure and manage your device.

1.4 Change the Mode

Follow the steps below to change your Zyxel Device from On Premises Mode to Nebula Mode or from Nebula Mode to On Premises Mode.
1.4.1 From Nebula Mode to On Premises Mode
Follow this procedure if you want to manage the Zyxel Device directly.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account.
2 Go to Organization-wide > Configuration > Inventory.
USG FLEX 50(W) Series User’s Guide
27
Chapter 1 Introduction
3 Select the Zyxel Device you want to remove from Nebula.
4 Click Remove.
5 Nebula will automatically reset your Zyxel Device. The Zyxel Device will reboot to the factory defaults. All
Nebula configurations for the Zyxel Device will be erased.
6 Log into the Zyxel Device. Run the wizard and choose On Premises Mode.
7 To restore your previous configuration, log into the web configurator, and go to Maintenance > File
Manager > Configuration File.
8 Under Upload Configuration File, click Browse, select the startup-config.conf on your computer that you
backed up previously and click Upload. The Zyxel Device will then return to the previous settings.
1.4.2 From On Premises Mode to Nebula Mode
1 Back up your current configuration in Maintenance > File Manager > Configuration File.
2 Reset the Zyxel Device to the factory default by pushing the Reset button until the port connection LEDs
turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults.
3 Log into the Zyxel Device. Run the wizard and choose Nebula Mode.
USG FLEX 50(W) Series User’s Guide
28
Chapter 1 Introduction
4 If you have a choice of Native Mode or ZTP, select Native Mode.

1.5 Registration at myZyxel

myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
• For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
• For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can
register your device and activate the services at myZyxel.
You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
USG FLEX 50(W) Series User’s Guide
29
Figure 3 myZyxel Login
1.5.1 Applications
These are some Zyxel Device application scenarios.
Chapter 1 Introduction
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
Figure 4 Applications: Security Router Applications: Security Router
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
USG FLEX 50(W) Series User’s Guide
30
Loading...
+ 889 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use