How it Works
Zyxel
Loading...
USG FLEX 700
CLI Reference Guide
670 pgs4.91 Mb0
Datasheet
14 pgs3.58 Mb0
Handbook
865 pgs32.64 Mb0
Quick Start Guide
1 pgs3.42 Mb0
User's Guide
1217 pgs29.27 Mb0
Table of contents
Loading...

Zyxel USG FLEX 700, USG FLEX 100W, USG FLEX 200, USG FLEX 500, USG FLEX 100 User's Guide

Download
Default Login Details
User’s Guide

ZyWALL USG FLEX Series

Login IP Address https://(IP assigned by NCC)
or
or
https://192.168.1.1 User Name admin Password 1234
Version 5.35 Edition 1, 1/2023
Copyright © 2023 Zyxel and/or its affiliates. All rights reserved.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.
Note: The version number on the cover page refers to the Zyxel Device’s latest firmware
version to which this User’s Guide applies.
Related Documentation
•Quick Start Guide The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator
wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.
•CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the
Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
• Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information.
•More Information Go to support.zyxel.com to find other information on Zyxel Device.
USG FLEX Series User’s Guide
2

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
• All models in this series may be referred to as the “Zyxel Device” in this guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration >
Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.
Zyxel Device Generic Router Wireless Router / Access Point
Switch Firewall Server
Internet Network Cloud Smartphone
USB Dongle
USG FLEX Series User’s Guide
3

Contents Overview

Contents Overview
Introduction ........................................................................................................................................... 29
Initial Setup Wizard ............................................................................................................................... 66
Hardware, Interfaces and Zones ........................................................................................................ 93
Quick Setup Wizards ........................................................................................................................... 102
Dashboard .......................................................................................................................................... 149
Monitor ................................................................................................................................................. 160
Licensing .............................................................................................................................................. 252
Interfaces ............................................................................................................................................. 260
Routing ................................................................................................................................................. 372
DDNS ................................................................................................................................................... 399
NAT ....................................................................................................................................................... 405
Redirect Service .................................................................................................................................. 423
Wireless ................................................................................................................................................. 429
ALG ....................................................................................................................................................... 479
UPnP ..................................................................................................................................................... 486
IP/MAC Binding ................................................................................................................................... 501
Layer 2 Isolation .................................................................................................................................. 506
DNS Inbound LB .................................................................................................................................. 510
IPSec VPN ............................................................................................................................................ 516
SSL VPN ................................................................................................................................................ 554
L2TP VPN .............................................................................................................................................. 560
Remote AP VPN .................................................................................................................................. 566
BWM (Bandwidth Management) ..................................................................................................572
Web Authentication .......................................................................................................................... 589
Hotspot ................................................................................................................................................ 612
Printer Manager .................................................................................................................................. 630
Free Time ............................................................................................................................................. 642
IPnP ....................................................................................................................................................... 647
Walled Garden ................................................................................................................................... 650
Advertisement Screen ....................................................................................................................... 656
Security Policy ..................................................................................................................................... 659
Application Patrol ............................................................................................................................... 690
Content Filter ....................................................................................................................................... 699
Anti-Malware ....................................................................................................................................... 741
Reputation Filter .................................................................................................................................. 762
IPS ......................................................................................................................................................... 794
Sandboxing ......................................................................................................................................... 821
Email Security ...................................................................................................................................... 825
Collaborative Detection & Response .............................................................................................. 844
USG FLEX Series User’s Guide
4
Contents Overview
SSL Inspection ...................................................................................................................................... 858
IP Exception ......................................................................................................................................... 883
Astra Cloud Security ........................................................................................................................... 886
Object .................................................................................................................................................. 889
Device HA ......................................................................................................................................... 1015
Mgmt. & Analytics ........................................................................................................................... 1022
System ................................................................................................................................................ 1034
Log and Report ................................................................................................................................. 1096
File Manager ..................................................................................................................................... 1110
Diagnostics ....................................................................................................................................... 1131
Packet Flow Explore ......................................................................................................................... 1152
Shutdown ........................................................................................................................................... 1159
Troubleshooting ................................................................................................................................ 1162
USG FLEX Series User’s Guide
5

Table of Contents

Table of Contents
Document Conventions ............................................ ............................................ .... ... .... ...................3
Contents Overview .............................................................................................................................4
Table of Contents.................................................................................................................................6
Part I: User’s Guide.......................................................................................... 28
Chapter 1
Introduction ........................................................................................................................................29
1.1 Overview ......................................................................................................................................... 29
1.1.1 Model Feature Differences .................................................................................................. 29
1.2 On Premises Mode ......................................................................................................................... 30
1.3 Nebula Mode .................................................................................................................................. 31
1.3.1 NCC Portal ............................................................................................................................. 32
1.3.2 Your Zyxel Device .................................................................................................................. 32
1.3.3 Your Email Account for ZTP .................................................................................................. 33
1.4 Change the Mode ......................................................................................................................... 33
1.4.1 From Nebula Mode to On Premises Mode ........................................................................ 33
1.4.2 From On Premises Mode to Nebula Mode ........................................................................ 34
1.5 Registration at myZyxel .................................................................................................................. 35
1.5.1 Grace Period ......................................................................................................................... 36
1.5.2 Applications ........................................................................................................................... 36
1.6 Management Overview ................................................................................................................ 39
1.7 Web Configurator ........................................................................................................................... 40
1.7.1 Web Configurator Access .................................................................................................... 40
1.7.2 Security Check for Web Interface Overview ..................................................................... 43
1.7.3 The Security Check for Web Interface Screen .................................................................. 46
1.7.4 Remote Access to the Zyxel Device Networks .................................................................. 48
1.7.5 Web Configurator Screens Overview ................................................................................. 48
1.7.6 Navigation Panel .................................................................................................................. 53
1.7.7 Tables and Lists ...................................................................................................................... 62
Chapter 2
Initial Setup Wizard.............................................................................................................................66
2.1 Initial Setup Wizard: Select Management Mode ........................................................................ 66
2.1.1 Welcome Screen .................................................................................................................. 67
2.1.2 Internet Access Setup - WAN Interface .............................................................................. 67
USG FLEX Series User’s Guide
6
Table of Contents
2.1.3 Internet Access: Ethernet .................................................................................................... 69
2.1.4 Internet Access: PPPoE ......................................................................................................... 70
2.1.5 Internet Access: PPTP ........................................................................................................... 71
2.1.6 Internet Access: L2TP ............................................................................................................ 73
2.1.7 Internet Access Setup - Second WAN Interface ............................................................... 75
2.1.8 Internet Access: Congratulations ....................................................................................... 76
2.1.9 Date and Time Settings ........................................................................................................ 77
2.1.10 Register Device ................................................................................................................... 77
2.1.11 Activate Service .................................................................................................................. 79
2.1.12 Service Settings .................................................................................................................... 80
2.1.13 Service Settings: SecuReporter ..........................................................................................81
2.1.14 Wireless Settings: Management Mode ............................................................................. 82
2.1.15 Wireless Settings: AP Controller ......................................................................................... 83
2.1.16 Wireless Settings: SSID & Security ...................................................................................... 83
2.1.17 Remote Management ......................................................................................................84
2.2 Nebula Mode Initial Setup Wizard ................................................................................................ 85
2.2.1 Connect to Internet (WAN) ................................................................................................. 86
2.2.2 Internet Access: Ethernet ..................................................................................................... 87
2.2.3 Internet Access: PPPoE ......................................................................................................... 88
2.2.4 Internet Access: Congratulations ....................................................................................... 90
2.2.5 QR Code ................................................................................................................................ 91
Chapter 3
Hardware, Interfaces and Zones......................................................................................................93
3.1 Hardware Overview ....................................................................................................................... 93
3.1.1 Front Panels ............................................................................................................................ 93
3.1.2 Rear Panels ............................................................................................................................ 95
3.2 Installation Scenarios ..................................................................................................................... 97
3.2.1 Desktop Installation Procedure ...........................................................................................97
3.2.2 Rack-mounting ...................................................................................................................... 98
3.2.3 Wall-mounting ....................................................................................................................... 99
3.3 Default Zones, Interfaces, and Ports .......................................................................................... 100
3.4 Stopping the Zyxel Device .......................................................................................................... 101
Chapter 4
Quick Setup Wizards........................................................................................................................102
4.1 Quick Setup Overview ................................................................................................................. 102
4.2 WAN Interface Quick Setup ........................................................................................................ 103
4.2.1 Choose an Ethernet Interface ........................................................................................... 103
4.2.2 Select WAN Type ................................................................................................................. 104
4.2.3 Configure WAN IP Settings ................................................................................................. 104
4.2.4 ISP and WAN and ISP Connection Settings ...................................................................... 105
4.2.5 Quick Setup Interface Wizard: Summary ......................................................................... 108
USG FLEX Series User’s Guide
7
Table of Contents
4.3 Remote Access VPN Setup-Scenario ......................................................................................... 109
4.3.1 IKEv2 IPSec Client- VPN Configuration ............................................................................. 110
4.3.2 IKEv2 IPSec Client- User Authentication ............................................................................ 112
4.3.3 IKEv2 IPSec Client- Summary ..............................................................................................112
4.3.4 IKEv2 IPSec Client-Config Provision ................................................................................... 113
4.3.5 L2TP over IPSec Client-VPN Configuration ....................................................................... 114
4.3.6 L2TP over IPSec Client- User Authentication .................................................................... 115
4.3.7 L2TP over IPSec Client- Summary ...................................................................................... 116
4.3.8 L2TP over IPSec Client-Config Provision ............................................................................ 117
4.4 VPN Setup Wizard ......................................................................................................................... 117
4.4.1 Welcome .............................................................................................................................. 117
4.4.2 VPN Setup Wizard: Wizard Type ........................................................................................ 118
4.4.3 VPN Express Wizard - Scenario .......................................................................................... 119
4.4.4 VPN Express Wizard - Configuration ................................................................................. 120
4.4.5 VPN Express Wizard - Summary ......................................................................................... 120
4.4.6 VPN Express Wizard - Finish ................................................................................................ 121
4.4.7 VPN Advanced Wizard - Scenario ................................................................................... 122
4.4.8 VPN Advanced Wizard - Phase 1 Settings ...................................................................... 123
4.4.9 VPN Advanced Wizard - Phase 2 ..................................................................................... 125
4.4.10 VPN Advanced Wizard - Summary ................................................................................ 126
4.4.11 VPN Advanced Wizard - Finish ....................................................................................... 128
4.5 VPN Settings for Configuration Provisioning Wizard: Wizard Type ........................................... 129
4.5.1 Configuration Provisioning Express Wizard - VPN Settings ............................................. 129
4.5.2 Configuration Provisioning VPN Express Wizard - Configuration .................................. 130
4.5.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ...................... 131
4.5.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. 132
4.5.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................. 133
4.5.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings .... 134
4.5.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................. 135
4.5.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................ 136
4.5.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish ....................... 139
4.6 VPN Settings for L2TP VPN Settings Wizard ................................................................................. 139
4.6.1 L2TP VPN Settings ................................................................................................................ 140
4.6.2 L2TP VPN Settings ................................................................................................................ 141
4.6.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... 141
4.6.4 VPN Settings for L2TP VPN Setting Wizard - Completed ................................................ 143
4.7 Wireless Setup Wizard ................................................................................................................... 143
4.7.1 Management Mode ........................................................................................................... 144
4.7.2 SSID ....................................................................................................................................... 144
4.7.3 Radio .................................................................................................................................... 146
4.7.4 Summary .............................................................................................................................. 147
4.7.5 Wizard Completed ............................................................................................................. 148
USG FLEX Series User’s Guide
8
Table of Contents
Chapter 5
Dashboard........................................................................................................................................149
5.1 Overview ....................................................................................................................................... 149
5.1.1 What You Can Do in this Chapter ..................................................................................... 149
5.2 The General Screen ..................................................................................................................... 149
5.2.1 Device Information Screen ................................................................................................151
5.2.2 System Status Screen .......................................................................................................... 152
5.2.3 Tx/Rx Statistics ...................................................................................................................... 152
5.2.4 The Latest Logs Screen ....................................................................................................... 153
5.2.5 System Resources Screen ................................................................................................... 153
5.2.6 DHCP Table Screen ............................................................................................................. 154
5.2.7 Number of Login Users Screen ........................................................................................... 155
5.2.8 Current Login User ............................................................................................................... 156
5.2.9 VPN Status ............................................................................................................................ 156
5.2.10 SSL VPN Status .................................................................................................................... 157
5.3 The Advanced Threat Protection Screen .................................................................................. 157
Part II: Technical Reference.........................................................................159
Chapter 6
Monitor..............................................................................................................................................160
6.1 Overview ....................................................................................................................................... 160
6.1.1 What You Can Do in this Chapter ..................................................................................... 160
6.2 The Port Statistics Screen ............................................................................................................ 162
6.2.1 The Port Statistics Graph Screen ....................................................................................... 163
6.3 Interface Status Screen ................................................................................................................ 164
6.4 The Traffic Statistics Screen .......................................................................................................... 168
6.5 The Session Monitor Screen ........................................................................................................ 171
6.6 The DHCP Table Screen ............................................................................................................... 173
6.7 The Device Insight Screen ........................................................................................................... 174
6.7.1 The Device Insight Edit Screen ...........................................................................................177
6.7.2 The Device Insight Feedback Screen ............................................................................... 178
6.8 The Login Users Screen ................................................................................................................. 179
6.9 Dynamic Guest ............................................................................................................................ 180
6.10 IGMP Statistics ............................................................................................................................. 181
6.11 The DDNS Status Screen ............................................................................................................. 182
6.12 IP/MAC Binding ........................................................................................................................... 183
6.13 Cellular Status Screen ................................................................................................................ 184
6.13.1 More Information .............................................................................................................. 186
6.14 The UPnP Port Status Screen ..................................................................................................... 187
6.15 USB Storage Screen .................................................................................................................... 188
USG FLEX Series User’s Guide
9
Table of Contents
6.16 Ethernet Neighbor Screen ........................................................................................................ 189
6.17 FQDN Object Screen ................................................................................................................ 190
6.18 Virtual Server Load Balancing .................................................................................................. 192
6.19 AP Information: AP List ............................................................................................................... 193
6.19.1 AP List: More Information ................................................................................................ 198
6.19.2 AP List: Edit AP ................................................................................................................... 200
6.20 AP Information: Radio List .......................................................................................................... 204
6.20.1 Radio List: More Information ............................................................................................206
6.21 AP Information: Built-in AP ........................................................................................................ 207
6.22 AP Information: Top N APs ........................................................................................................ 208
6.23 AP Information: Single AP .......................................................................................................... 209
6.24 ZyMesh ......................................................................................................................................... 210
6.25 SSID Info ....................................................................................................................................... 211
6.26 Station Info: Station List .............................................................................................................. 212
6.27 Station Info: Top N Stations ........................................................................................................ 214
6.28 Station Info: Single Station ......................................................................................................... 215
6.29 Detected Device ....................................................................................................................... 216
6.30 Wireless Health ............................................................................................................................ 218
6.31 The Printer Status Screen ........................................................................................................... 219
6.32 The IPSec Screen ........................................................................................................................ 219
6.32.1 Regular Expressions in Searching IPSec SAs ................................................................... 221
6.33 The SSL Screen ............................................................................................................................. 221
6.34 The L2TP over IPSec Screen ....................................................................................................... 222
6.35 The Remote AP VPN Screen ...................................................................................................... 223
6.36 The App Patrol Screen ............................................................................................................... 224
6.37 The Content Filter Screen .......................................................................................................... 225
6.37.1 Web Content Filter ............................................................................................................ 225
6.37.2 DNS Content Filter ............................................................................................................. 226
6.38 The Anti-Malware Screen .......................................................................................................... 228
6.39 The Reputation Filter Screen ...................................................................................................... 230
6.39.1 IP Reputation ..................................................................................................................... 230
6.39.2 DNS Threat Filter ................................................................................................................. 232
6.39.3 URL Threat Filter .................................................................................................................. 233
6.40 The IPS Screen ............................................................................................................................. 234
6.41 Sandboxing ................................................................................................................................ 237
6.42 The Email Security Screens ......................................................................................................... 238
6.42.1 Email Security Summary ................................................................................................... 238
6.42.2 The Email Security Status Screen ..................................................................................... 240
6.43 Collaborative Detection & Response (CDR) ........................................................................... 242
6.43.1 CDR History ........................................................................................................................ 243
6.44 The SSL Inspection Screens ........................................................................................................ 244
6.44.1 Certificate Cache List ....................................................................................................... 245
6.45 Log Screens ................................................................................................................................. 246
USG FLEX Series User’s Guide
10
Table of Contents
6.45.1 View Log ............................................................................................................................ 247
6.45.2 View AP Log ....................................................................................................................... 248
6.45.3 Dynamic Users Log ............................................................................................................ 250
Chapter 7
Licensing...........................................................................................................................................252
7.1 Registration Overview .................................................................................................................. 252
7.1.1 What you Need to Know ....................................................................................................252
7.1.2 UTM Bundled License and Gold Pack License ................................................................ 252
7.1.3 Registration Screen ............................................................................................................. 255
7.1.4 Service Screen ..................................................................................................................... 255
7.2 Signature Update ......................................................................................................................... 257
7.2.1 What you Need to Know ....................................................................................................257
7.2.2 The Signature Screen .......................................................................................................... 258
7.2.3 Auto Update ........................................................................................................................ 258
Chapter 8
Interfaces..........................................................................................................................................260
8.1 Interface Overview ...................................................................................................................... 260
8.1.1 What You Can Do in this Chapter ..................................................................................... 260
8.1.2 What You Need to Know ................................................................................................... 261
8.1.3 What You Need to Do First ................................................................................................. 265
8.2 Port Role ......................................................................................................................................... 265
8.3 Port Group ..................................................................................................................................... 266
8.4 Port Configuration ........................................................................................................................ 267
8.5 Ethernet Summary Screen ........................................................................................................... 269
8.5.1 Ethernet Edit ........................................................................................................................ 271
8.5.2 Proxy ARP ............................................................................................................................. 287
8.5.3 Virtual Interfaces ................................................................................................................ 288
8.5.4 References ........................................................................................................................... 290
8.5.5 Add/Edit DHCPv6 Request/Release Options ................................................................... 290
8.5.6 Add/Edit DHCP Extended Options ................................................................................... 291
8.6 PPP Interfaces ............................................................................................................................... 293
8.6.1 PPP Interface Summary ...................................................................................................... 293
8.6.2 PPP Interface Add or Edit .................................................................................................. 295
8.7 Cellular Configuration Screen ..................................................................................................... 300
8.7.1 Cellular Choose Slot ........................................................................................................... 303
8.7.2 Add / Edit Cellular Configuration ...................................................................................... 303
8.8 Tunnel Interfaces .......................................................................................................................... 309
8.8.1 Configuring a Tunnel .......................................................................................................... 311
8.8.2 Tunnel Add or Edit Screen .................................................................................................. 312
8.9 VLAN Interfaces ........................................................................................................................... 316
8.9.1 VLAN Summary Screen ....................................................................................................... 317
USG FLEX Series User’s Guide
11
Table of Contents
8.9.2 VLAN Add/Edit ................................................................................................................... 318
8.10 Bridge Interfaces ........................................................................................................................ 330
8.10.1 Bridge Summary ................................................................................................................ 331
8.10.2 Bridge Add/Edit ................................................................................................................ 333
8.11 LAG .............................................................................................................................................. 343
8.11.1 Available Interfaces for LAG ........................................................................................... 344
8.11.2 LAG Summary Screen ....................................................................................................... 344
8.11.3 LAG Add/Edit ................................................................................................................... 345
8.12 VTI ................................................................................................................................................. 355
8.12.1 Restrictions for IPSec Virtual Tunnel Interface ................................................................ 355
8.12.2 VTI Screen .......................................................................................................................... 356
8.12.3 VTI Add/Edit ....................................................................................................................... 356
8.13 Trunk Overview ........................................................................................................................... 360
8.13.1 What You Need to Know ................................................................................................. 360
8.14 The Trunk Summary Screen ........................................................................................................ 363
8.14.1 Configuring a User-Defined Trunk ................................................................................... 364
8.14.2 Configuring the System Default Trunk ............................................................................ 366
8.15 Interface Technical Reference ................................................................................................. 367
Chapter 9
Routing..............................................................................................................................................372
9.1 Policy and Static Routes Overview ............................................................................................. 372
9.1.1 What You Can Do in this Chapter ..................................................................................... 372
9.1.2 What You Need to Know .................................................................................................. 373
9.2 Policy Route Screen ..................................................................................................................... 374
9.2.1 Policy Route Edit Screen .................................................................................................... 376
9.3 IP Static Route Screen .................................................................................................................. 381
9.3.1 Static Route Add/Edit Screen ............................................................................................ 381
9.4 Policy Routing Technical Reference .......................................................................................... 383
9.5 Routing Protocols Overview ....................................................................................................... 383
9.5.1 What You Need to Know ................................................................................................... 384
9.6 The RIP Screen ............................................................................................................................... 384
9.7 The OSPF Screen ........................................................................................................................... 386
9.7.1 Configuring the OSPF Screen ............................................................................................ 389
9.7.2 OSPF Area Add/Edit Screen ............................................................................................. 390
9.7.3 Virtual Link Add/Edit Screen ............................................................................................. 392
9.8 BGP (Border Gateway Protocol) ................................................................................................ 393
9.8.1 Allow BGP Packets to Enter the Zyxel Device .................................................................. 394
9.8.2 Configuring the BGP Screen .............................................................................................. 394
9.8.3 The BGP Neighbors Screen ................................................................................................ 396
9.8.4 Example Scenario ............................................................................................................... 397
Chapter 10
DDNS ................................................................................................................................................399
USG FLEX Series User’s Guide
12
Table of Contents
10.1 DDNS Overview ........................................................................................................................... 399
10.1.1 What You Can Do in this Chapter ................................................................................... 399
10.1.2 What You Need to Know ................................................................................................. 399
10.2 The DDNS Screen ........................................................................................................................ 400
10.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ 401
Chapter 11
NAT....................................................................................................................................................405
11.1 Overview ..................................................................................................................................... 405
11.2 NAT Overview ............................................................................................................................. 405
11.2.1 What You Can Do in this Chapter ................................................................................... 405
11.2.2 What You Need to Know ................................................................................................. 406
11.3 The NAT Screen ........................................................................................................................... 407
11.3.1 The NAT Add/Edit Screen .................................................................................................408
11.4 NAT Technical Reference .......................................................................................................... 411
11.5 Virtual Server Load Balancing ................................................................................................... 413
11.5.1 Load Balancing Example 1 .............................................................................................. 413
11.5.2 Load Balancing Example 2 .............................................................................................. 414
11.5.3 Virtual Server Load Balancing Process ........................................................................... 415
11.5.4 Load Balancing Rules ....................................................................................................... 416
11.5.5 Virtual Server Load Balancing Algorithms ...................................................................... 417
11.6 The Virtual Server Load Balancer Screen ................................................................................. 418
11.6.1 Adding/Editing a Virtual Server Load Balancing Rule .................................................. 418
Chapter 12
Redirect Service...............................................................................................................................423
12.1 Overview ..................................................................................................................................... 423
12.1.1 HTTP Redirect ..................................................................................................................... 423
12.1.2 SMTP Redirect .................................................................................................................... 423
12.1.3 What You Can Do in this Chapter ................................................................................... 424
12.1.4 What You Need to Know ................................................................................................. 424
12.2 The Redirect Service Screen ..................................................................................................... 426
12.2.1 The Redirect Service Edit Screen ..................................................................................... 427
Chapter 13
Wireless.............................................................................................................................................429
13.1 Overview ..................................................................................................................................... 429
13.1.1 What You Can Do in this Chapter ................................................................................... 429
13.1.2 What You Need to Know ................................................................................................. 429
13.2 Built-in AP .................................................................................................................................... 431
13.2.1 Wireless > Built-in AP > General >Add/Edit SSID ............................................................. 432
13.2.2 Wireless > Built-in AP > Radio ............................................................................................ 436
13.3 Controller Screen ....................................................................................................................... 442
USG FLEX Series User’s Guide
13
Table of Contents
13.3.1 Connecting an AP to the Zyxel Device .......................................................................... 443
13.3.2 Connecting an AP to the Zyxel Device Manually ......................................................... 443
13.3.3 Connecting an AP to the Zyxel Device Using DHCP Option 138 ................................ 443
13.4 AP Management Screens ......................................................................................................... 444
13.4.1 Mgnt. AP List ..................................................................................................................... 444
13.4.2 AP Policy ............................................................................................................................ 460
13.4.3 AP Group ........................................................................................................................... 461
13.4.4 Firmware ............................................................................................................................. 467
13.5 Rogue AP ..................................................................................................................................... 469
13.5.1 Add/Edit Rogue/Friendly List ............................................................................................471
13.6 Wireless Health ............................................................................................................................ 472
13.7 Auto Healing ............................................................................................................................... 473
13.8 RTLS Overview ............................................................................................................................. 474
13.8.1 What You Can Do in this Chapter ................................................................................... 475
13.8.2 Before You Begin ............................................................................................................... 475
13.8.3 Configuring RTLS ................................................................................................................ 476
13.9 Technical Reference .................................................................................................................. 476
13.9.1 Dynamic Channel Selection ............................................................................................ 476
13.9.2 Load Balancing ................................................................................................................. 478
Chapter 14
ALG....................................................................................................................................................479
14.1 ALG Overview ............................................................................................................................. 479
14.1.1 What You Need to Know ................................................................................................. 479
14.1.2 Before You Begin ............................................................................................................... 482
14.2 The ALG Screen .......................................................................................................................... 482
14.3 ALG Technical Reference ......................................................................................................... 484
Chapter 15
UPnP...................................................................................................................................................486
15.1 UPnP and NAT-PMP Overview ................................................................................................... 486
15.2 What You Need to Know ........................................................................................................... 486
15.2.1 NAT Traversal ..................................................................................................................... 486
15.2.2 Cautions with UPnP and NAT-PMP .................................................................................. 487
15.3 UPnP Screen ................................................................................................................................ 487
15.4 Technical Reference .................................................................................................................. 488
15.4.1 Turning on UPnP in Windows 7 Example ......................................................................... 488
15.4.2 Turn on UPnP in Windows 10 Example ............................................................................ 492
15.4.3 Auto-discover Your UPnP-enabled Network Device .................................................... 494
15.4.4 Web Configurator Easy Access in Windows 7 ............................................................... 497
15.4.5 Web Configurator Easy Access in Windows 10 ............................................................. 499
Chapter 16
IP/MAC Binding................................................................................................................................501
USG FLEX Series User’s Guide
14
Table of Contents
16.1 IP/MAC Binding Overview ......................................................................................................... 501
16.1.1 What You Can Do in this Chapter ................................................................................... 501
16.1.2 What You Need to Know ................................................................................................. 501
16.2 IP/MAC Binding Summary ......................................................................................................... 502
16.2.1 IP/MAC Binding Edit .......................................................................................................... 503
16.2.2 Static DHCP Edit ................................................................................................................ 504
16.3 IP/MAC Binding Exempt List ....................................................................................................... 505
Chapter 17
Layer 2 Isolation...............................................................................................................................506
17.1 Overview ..................................................................................................................................... 506
17.1.1 What You Can Do in this Chapter ................................................................................... 506
17.2 Layer-2 Isolation General Screen ............................................................................................. 506
17.3 Allow List Screen ......................................................................................................................... 507
17.3.1 Add/Edit Allow List Rule ................................................................................................... 508
Chapter 18
DNS Inbound LB................................................................................................................................510
18.1 DNS Inbound Load Balancing Overview ................................................................................. 510
18.1.1 What You Can Do in this Chapter ................................................................................... 510
18.2 The DNS Inbound LB Screen ...................................................................................................... 511
18.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ 512
18.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ 514
Chapter 19
IPSec VPN .........................................................................................................................................516
19.1 Virtual Private Networks (VPN) Overview ................................................................................. 516
19.1.1 What You Can Do in this Chapter ................................................................................... 518
19.1.2 What You Need to Know ................................................................................................. 518
19.1.3 Before You Begin ............................................................................................................... 521
19.2 The VPN Connection Screen ..................................................................................................... 521
19.2.1 The VPN Connection Add/Edit Screen .......................................................................... 523
19.3 The VPN Gateway Screen ......................................................................................................... 530
19.3.1 The VPN Gateway Add/Edit Screen ............................................................................... 532
19.4 VPN Concentrator ..................................................................................................................... 539
19.4.1 VPN Concentrator Requirements and Suggestions ...................................................... 540
19.4.2 VPN Concentrator Screen ............................................................................................... 540
19.4.3 The VPN Concentrator Add/Edit Screen ........................................................................ 541
19.5 Zyxel Device IPSec VPN Client Configuration Provisioning .................................................... 542
19.6 IPSec VPN Background Information ......................................................................................... 544
Chapter 20
SSL VPN..............................................................................................................................................554
USG FLEX Series User’s Guide
15
Table of Contents
20.1 Overview ..................................................................................................................................... 554
20.1.1 What You Can Do in this Chapter ................................................................................... 554
20.1.2 What You Need to Know ................................................................................................. 554
20.2 The SSL Access Privilege Screen ................................................................................................ 555
20.2.1 The SSL Access Privilege Policy Add/Edit Screen ......................................................... 556
20.3 The SSL Global Setting Screen ................................................................................................... 558
Chapter 21
L2TP VPN..................................... ... .... .... ............................................ ... .... .........................................560
21.1 Overview ..................................................................................................................................... 560
21.1.1 What You Can Do in this Chapter ................................................................................... 560
21.1.2 What You Need to Know ................................................................................................. 560
21.2 L2TP VPN Screen ......................................................................................................................... 561
21.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................ 563
Chapter 22
Remote AP VPN................................................................................................................................566
22.1 Overview ..................................................................................................................................... 566
22.2 Configuring a Remote AP ......................................................................................................... 567
22.3 Remote AP VPN Screen ............................................................................................................. 571
Chapter 23
BWM (Bandwidth Management) .................................................................................................572
23.1 Overview ..................................................................................................................................... 572
23.1.1 What You Can Do in this Chapter ................................................................................... 572
23.1.2 What You Need to Know ................................................................................................ 572
23.2 The Bandwidth Management Configuration .......................................................................... 576
23.2.1 The Bandwidth Management Add/Edit Screen ............................................................ 579
Chapter 24
Web Authentication ........................................................................................................................589
24.1 Web Auth Overview ................................................................................................................... 589
24.1.1 What You Can Do in this Chapter ................................................................................... 589
24.1.2 What You Need to Know ................................................................................................. 590
24.2 Web Authentication General Screen ...................................................................................... 590
24.2.1 User-aware Access Control Example ............................................................................. 596
24.2.2 Authentication Type Screen ............................................................................................ 602
24.2.3 Custom Web Portal / User Agreement File Screen ....................................................... 606
24.2.4 Facebook Wi-Fi Screen ..................................................................................................... 607
Chapter 25
Hotspot..............................................................................................................................................612
25.1 Overview ..................................................................................................................................... 612
USG FLEX Series User’s Guide
16
Table of Contents
25.2 Billing Overview ........................................................................................................................... 612
25.2.1 What You Need to Know ................................................................................................. 612
25.3 The Billing > General Screen ...................................................................................................... 613
25.4 The Billing > Billing Profile Screen ............................................................................................... 615
25.4.1 The Account Generator Screen ...................................................................................... 616
25.4.2 The Account Redeem Screen ......................................................................................... 619
25.4.3 The Billing Profile Add/Edit Screen ................................................................................... 621
25.5 The Billing > Discount Screen ..................................................................................................... 622
25.5.1 The Discount Add/Edit Screen ......................................................................................... 624
25.6 The Billing > Payment Service Screen ....................................................................................... 624
25.6.1 The Payment Service > Desktop / Mobile View Screen ............................................... 626
Chapter 26
Printer Manager ...............................................................................................................................630
26.1 Printer Manager Overview ........................................................................................................ 630
26.1.1 What You Can Do in this Chapter ................................................................................... 630
26.2 The Printer Manager > General Screen ................................................................................... 630
26.2.1 Add Printer Rule ................................................................................................................. 633
26.2.2 Edit Printer Rule .................................................................................................................. 633
26.2.3 Discover Printer ................................................................................................................. 634
26.2.4 Edit Printer Manager (Discover Printer) .......................................................................... 636
26.3 The Printout Configuration Screen ............................................................................................ 637
26.4 Printer Reports Overview ........................................................................................................... 638
26.4.1 Key Combinations ............................................................................................................. 638
26.4.2 Daily Account Summary .................................................................................................. 638
26.4.3 Monthly Account Summary ............................................................................................. 639
26.4.4 Account Report Notes ..................................................................................................... 639
26.4.5 System Status ..................................................................................................................... 640
Chapter 27
Free Time...........................................................................................................................................642
27.1 Free Time Overview ................................................................................................................... 642
27.1.1 What You Can Do in this Chapter ................................................................................... 642
27.2 The Free Time Screen ................................................................................................................. 642
Chapter 28
IPnP....................................................................................................................................................647
28.1 IPnP Overview ............................................................................................................................ 647
28.1.1 What You Can Do in this Chapter ................................................................................... 647
28.1.2 IPnP Screen ........................................................................................................................ 648
Chapter 29
Walled Garden..................................... ............................................ ... .... .........................................650
USG FLEX Series User’s Guide
17
Table of Contents
29.1 Walled Garden Overview ........................................................................................................ 650
29.2 Walled Garden > General Screen ........................................................................................... 650
29.3 Walled Garden > URL Base Screen .......................................................................................... 651
29.3.1 Adding/Editing a Walled Garden URL ........................................................................... 652
29.4 Walled Garden > Domain/IP Base Screen .............................................................................. 653
29.4.1 Adding/Editing a Walled Garden Domain or IP ........................................................... 654
29.4.2 Walled Garden Login Example ....................................................................................... 654
Chapter 30
Advertisement Screen.............. ... .... ................................................................................................656
30.1 Advertisement Overview ........................................................................................................... 656
30.1.1 Adding/Editing an Advertisement URL .......................................................................... 657
Chapter 31
Security Policy..................................................................................................................................659
31.1 Overview ..................................................................................................................................... 659
31.2 One Security ................................................................................................................................ 660
31.3 What You Can Do in this Chapter ............................................................................................ 663
31.3.1 What You Need to Know ................................................................................................. 663
31.4 The Security Policy Screen ......................................................................................................... 665
31.4.1 Configuring the Security Policy Control Screen ............................................................ 666
31.4.2 The Security Check for Web Interface Screen .............................................................. 669
31.4.3 The Security Policy Control Add/Edit Screen ................................................................. 671
31.5 Anomaly Detection and Prevention Overview ...................................................................... 673
31.5.1 The Anomaly Detection and Prevention General Screen ........................................... 673
31.5.2 Creating New ADP Profiles ..............................................................................................675
31.5.3 Traffic Anomaly Profiles ................................................................................................... 677
31.5.4 Protocol Anomaly Profiles ................................................................................................ 679
31.5.5 The ADP Allow List Screen ................................................................................................ 683
31.5.6 Creating New ADP Allow List Rule ................................................................................... 684
31.6 The Session Control Screen ........................................................................................................ 684
31.6.1 The Session Control Add/Edit Screen .............................................................................. 686
31.7 Security Policy Example Applications ......................................................................................687
Chapter 32
Application Patrol............................................................................................................................690
32.1 Overview ..................................................................................................................................... 690
32.1.1 What You Can Do in this Chapter ................................................................................... 690
32.1.2 What You Need to Know ................................................................................................ 690
32.2 Application Patrol Profile ........................................................................................................... 691
32.2.1 Profile Action: Apply to a Security Policy ....................................................................... 692
32.2.2 Application Patrol Profile > Add/Edit - My Application ............................................... 695
32.2.3 Application Patrol Profile > Add/Edit - Query Result ..................................................... 696
USG FLEX Series User’s Guide
18
Table of Contents
Chapter 33
Content Filter ....................................................................................................................................699
33.1 Overview ..................................................................................................................................... 699
33.1.1 What You Can Do in this Chapter ................................................................................... 699
33.1.2 What You Need to Know ................................................................................................. 699
33.1.3 Before You Begin ............................................................................................................... 701
33.2 Web Content Filter General Screen .........................................................................................702
33.2.1 Apply to a Security Policy ................................................................................................ 703
33.2.2 Web Content Filter Add Category Service .................................................................... 706
33.2.3 Content Filter Add Filter Profile Custom Service ........................................................... 719
33.3 Web Content Filter Trusted Web Sites Screen ........................................................................ 722
33.4 Web Content Filter Forbidden Web Sites Screen ................................................................... 723
33.5 DNS Content Filter General Screen .......................................................................................... 724
33.5.1 DNS Content Filter Add Profile ......................................................................................... 726
33.6 DNS Content Filter Allow List Screen ......................................................................................... 738
33.7 DNS Content Filter Block List Screen ......................................................................................... 739
33.8 Content Filter Technical Reference ......................................................................................... 739
Chapter 34
Anti-Malware....................................................................................................................................741
34.1 Overview ..................................................................................................................................... 741
34.1.1 What You Can Do in this Chapter ................................................................................... 745
34.2 Anti-Malware Screen ................................................................................................................. 746
34.3 The Allow List Screen .................................................................................................................. 750
34.4 The Block List Screen .................................................................................................................. 751
34.5 Anti-Malware Signature Searching ........................................................................................... 752
34.6 Anti-Malware Profile ................................................................................................................... 753
34.6.1 Add or Edit an Anti-Malware Profile ............................................................................... 754
34.6.2 Link a Profile ....................................................................................................................... 756
34.6.3 Anti-Malware Advance Screen ...................................................................................... 757
34.6.4 Remove Profiles ................................................................................................................. 759
34.7 Anti-Malware Technical Reference ......................................................................................... 760
Chapter 35
Reputation Filter ...............................................................................................................................762
35.1 Overview ..................................................................................................................................... 762
35.1.1 What You Need to Know ................................................................................................. 762
35.1.2 What You Can Do in this Chapter ................................................................................... 762
35.2 IP Reputation Screen .................................................................................................................. 763
35.2.1 IP Reputation Allow List Screen ........................................................................................ 766
35.2.2 IP Reputation Block List Screen ........................................................................................ 767
35.2.3 IP Reputation External Block List Screen ......................................................................... 768
35.2.4 IP Reputation External Block List Screen Add/Edit ........................................................ 769
USG FLEX Series User’s Guide
19
Table of Contents
35.3 DNS Threat Filter Screen ............................................................................................................. 770
35.3.1 DNS Threat Filter Allow List Screen ................................................................................... 773
35.3.2 DNS Threat Filter Block List Screen ................................................................................... 774
35.4 DNS Threat Filter Profile ............................................................................................................... 776
35.4.1 Add or Edit a DNS Threat Filter Profile ............................................................................. 777
35.4.2 Link a Profile ....................................................................................................................... 778
35.4.3 DNS Threat Filter Advance Screen .................................................................................. 779
35.4.4 Remove Profiles ................................................................................................................. 781
35.5 URL Threat Filter Screen .............................................................................................................. 782
35.5.1 URL Threat Filter Allow List Screen .................................................................................... 784
35.5.2 URL Threat Filter Block List Screen .................................................................................... 785
35.5.3 URL Threat Filter External Block List Screen ..................................................................... 786
35.6 URL Threat Filter Profile ................................................................................................................ 788
35.6.1 Add or Edit a URL Threat Filter Profile .............................................................................. 789
35.6.2 Link a Profile ....................................................................................................................... 791
35.6.3 URL Threat Filter Advance Screen ................................................................................... 791
35.6.4 Remove Profiles ................................................................................................................. 793
Chapter 36
IPS......................................................................................................................................................794
36.1 Overview ..................................................................................................................................... 794
36.1.1 What You Can Do in this Chapter ................................................................................... 794
36.1.2 What You Need To Know ................................................................................................. 794
36.1.3 Before You Begin ............................................................................................................... 795
36.2 The IPS Screen ............................................................................................................................. 795
36.2.1 Query Example .................................................................................................................. 802
36.3 IPS Custom Signatures ............................................................................................................... 803
36.3.1 Add / Edit Custom Signatures ......................................................................................... 804
36.3.2 Custom Signature Example ............................................................................................. 808
36.3.3 Applying Custom Signatures ............................................................................................ 810
36.3.4 Verifying Custom Signatures ............................................................................................ 811
36.4 The Allow List Screen ................................................................................................................. 811
36.5 IPS Profile ...................................................................................................................................... 812
36.5.1 Add or Edit an IPS Profile .................................................................................................. 813
36.5.2 Link a Profile ....................................................................................................................... 815
36.5.3 The IPS Advance Screen ..................................................................................................816
36.5.4 Remove Profiles ................................................................................................................. 817
36.6 IPS Technical Reference ............................................................................................................ 818
Chapter 37
Sandboxing ......................................................................................................................................821
37.1 Overview ..................................................................................................................................... 821
37.1.1 What You Need to Know ................................................................................................. 822
USG FLEX Series User’s Guide
20
Table of Contents
37.2 Sandboxing Screen .................................................................................................................... 822
Chapter 38
Email Security...................................................................................................................................825
38.1 Overview ..................................................................................................................................... 825
38.1.1 What You Can Do in this Chapter ................................................................................... 825
38.1.2 What You Need to Know ................................................................................................. 825
38.2 Before You Begin ........................................................................................................................ 826
38.3 The Email Security Screen ......................................................................................................... 827
38.4 The Allow List Screen .................................................................................................................. 829
38.5 The Block List Screen .................................................................................................................. 830
38.5.1 The Block or Allow List Add/Edit Screen ......................................................................... 831
38.5.2 Regular Expressions in Block or Allow List Entries ............................................................ 833
38.6 Email Security Profile ................................................................................................................... 833
38.6.1 Add or Edit Email Security Profile ..................................................................................... 834
38.6.2 Link a Profile ....................................................................................................................... 836
38.6.3 The Email Security Advance Screen .............................................................................. 837
38.6.4 Remove Profiles ................................................................................................................. 840
38.7 Email Security Technical Reference ......................................................................................... 840
Chapter 39
Collaborative Detection & Response.............................................................................................844
39.1 Overview ..................................................................................................................................... 844
39.1.1 What You Can Do in this Chapter ................................................................................... 845
39.2 Before You Begin ........................................................................................................................ 845
39.3 The Collaborative Detection & Response Screen ................................................................. 847
39.3.1 Add VLAN ......................................................................................................................... 849
39.4 The Exempt List Screen ............................................................................................................... 856
Chapter 40
SSL Inspection...................................................................................................................................858
40.1 Overview ..................................................................................................................................... 858
40.1.1 What You Can Do in this Chapter ................................................................................... 858
40.1.2 What You Need To Know ................................................................................................. 859
40.1.3 What You Can Do in this Chapter ................................................................................... 859
40.1.4 Before You Begin ............................................................................................................... 859
40.2 The SSL Inspection Profile Screen .............................................................................................. 859
40.2.1 Apply to a Security Policy ................................................................................................ 862
40.2.2 Add / Edit SSL Inspection Profiles .................................................................................... 865
40.3 Exclude List Screen .................................................................................................................... 866
40.4 Certificate Update Screen ....................................................................................................... 879
40.5 Install a CA Certificate in a Browser ......................................................................................... 880
USG FLEX Series User’s Guide
21
Table of Contents
Chapter 41
IP Exception......................................................................................................................................883
41.1 Overview ..................................................................................................................................... 883
41.2 The IP Exception Screen ............................................................................................................. 883
41.2.1 The IP Exception Add/Edit Screen ................................................................................. 884
Chapter 42
Astra Cloud Security....................................... ... .... ..........................................................................886
42.1 Overview ..................................................................................................................................... 886
42.2 Astra Cloud Security Screen ...................................................................................................... 887
Chapter 43
Object...............................................................................................................................................889
43.1 The Device Insight Screen ......................................................................................................... 889
43.1.1 Device Insight Add/Edit Screen ...................................................................................... 890
43.1.2 Example: Block a Profile ................................................................................................... 891
43.2 Zones Overview .......................................................................................................................... 895
43.2.1 What You Need to Know ................................................................................................. 896
43.2.2 The Zone Screen ................................................................................................................ 897
43.3 User/Group Overview ................................................................................................................ 898
43.3.1 What You Need To Know ................................................................................................. 899
43.3.2 User/Group User Summary Screen .................................................................................. 901
43.3.3 User Add/Edit General Screen ........................................................................................ 902
43.3.4 User Add/Edit Two-factor Authentication Screen ........................................................ 906
43.3.5 User/Group Group Summary Screen .............................................................................. 909
43.3.6 User/Group Setting Screen ............................................................................................. 910
43.3.7 User/Group MAC Address Summary Screen ................................................................ 915
43.3.8 User /Group Technical Reference .................................................................................. 917
43.4 AP Profile Overview .................................................................................................................... 918
43.4.1 Radio Screen ..................................................................................................................... 920
43.4.2 SSID Screen ....................................................................................................................... 926
43.5 MON Profile ................................................................................................................................. 945
43.5.1 Configuring MON Profile .................................................................................................. 946
43.5.2 Add/Edit MON Profile ....................................................................................................... 947
43.5.3 Technical Reference ........................................................................................................ 948
43.6 ZyMesh Overview ....................................................................................................................... 949
43.6.1 ZyMesh Profile .................................................................................................................... 951
43.6.2 Add/Edit ZyMesh Profile ................................................................................................... 952
43.7 Address/Geo IP Overview ......................................................................................................... 952
43.7.1 What You Need To Know ................................................................................................. 953
43.7.2 Address Summary Screen ................................................................................................ 953
43.7.3 Address Group Summary Screen .................................................................................... 957
43.7.4 Geo IP Summary Screen .................................................................................................. 959
USG FLEX Series User’s Guide
22
Table of Contents
43.8 Service Overview ........................................................................................................................ 962
43.8.1 What You Need to Know ................................................................................................. 962
43.8.2 The Service Summary Screen .......................................................................................... 963
43.8.3 The Service Group Summary Screen ............................................................................. 965
43.9 Schedule Overview ................................................................................................................... 967
43.9.1 What You Need to Know ................................................................................................. 967
43.9.2 The Schedule Screen ........................................................................................................ 968
43.9.3 The Schedule Group Screen ............................................................................................ 971
43.10 AAA Server Overview ............................................................................................................. 972
43.10.1 Directory Service (AD/LDAP) ......................................................................................... 973
43.10.2 RADIUS Server .................................................................................................................. 973
43.10.3 ASAS .................................................................................................................................. 973
43.10.4 What You Need To Know ............................................................................................... 974
43.10.5 Active Directory or LDAP Server Summary ................................................................... 975
43.10.6 RADIUS Server Summary ................................................................................................. 979
43.11 Auth. Method Overview ......................................................................................................... 982
43.11.1 Before You Begin ............................................................................................................. 982
43.11.2 Example: Selecting a VPN Authentication Method ................................................... 982
43.11.3 Authentication Method Objects ................................................................................... 983
43.11.4 Two-Factor Authentication ............................................................................................ 985
43.11.5 Two-Factor Authentication VPN Access ...................................................................... 988
43.11.6 Two-Factor Authentication Admin Access .................................................................. 990
43.12 Certificate Overview ................................................................................................................ 991
43.12.1 What You Need to Know ............................................................................................... 992
43.12.2 Verifying a Certificate .................................................................................................... 993
43.12.3 The My Certificates Screen ............................................................................................ 994
43.12.4 The Trusted Certificates Screen .................................................................................. 1003
43.12.5 Certificates Technical Reference ............................................................................... 1008
43.13 ISP Account Overview .......................................................................................................... 1008
43.13.1 ISP Account Summary .................................................................................................. 1008
43.14 DHCPv6 Overview .................................................................................................................. 1011
43.14.1 The DHCPv6 Request Screen ....................................................................................... 1011
43.14.2 DHCPv6 Lease Screen .................................................................................................. 1013
Chapter 44
Device HA.......................................................................................................................................1015
44.1 Device HA Overview ................................................................................................................ 1015
44.1.1 What You Can Do in These Screens .............................................................................. 1015
44.2 Device HA Status ...................................................................................................................... 1015
44.3 Device HA Pro ........................................................................................................................... 1017
44.3.1 Deploying Device HA Pro .............................................................................................. 1018
44.3.2 Configuring Device HA Pro ............................................................................................ 1018
44.4 View Log .................................................................................................................................... 1020
USG FLEX Series User’s Guide
23
Table of Contents
Chapter 45
Mgmt. & Analytics.........................................................................................................................1022
45.1 Mgmt. & Analytics Overview ................................................................................................... 1022
45.1.1 What You Can Do in this Chapter ................................................................................. 1022
45.2 Cloud CNM SecuManager .....................................................................................................1022
45.3 Cloud CNM SecuReporter ....................................................................................................... 1025
45.4 Nebula ....................................................................................................................................... 1030
45.4.1 Scenario A-Native Mode ............................................................................................... 1030
45.4.2 Scenario B-Zero Touch Provisioning (ZTP) ..................................................................... 1032
Chapter 46
System.............................................................................................................................................1034
46.1 Overview ................................................................................................................................... 1034
46.1.1 What You Can Do in this Chapter ................................................................................. 1034
46.2 Host Name ................................................................................................................................. 1035
46.3 USB Storage ............................................................................................................................... 1035
46.4 Date and Time .......................................................................................................................... 1037
46.4.1 Pre-defined NTP Time Servers List ................................................................................... 1040
46.4.2 Time Server Synchronization .......................................................................................... 1040
46.5 Console Port Speed ................................................................................................................. 1041
46.6 DNS Overview ........................................................................................................................... 1042
46.6.1 DNS Server Address Assignment .................................................................................... 1042
46.6.2 Configuring the DNS Screen .......................................................................................... 1042
46.6.3 (IPv6) Address Record .................................................................................................... 1046
46.6.4 PTR Record ....................................................................................................................... 1046
46.6.5 Adding an (IPv6) Address/PTR Record ........................................................................ 1046
46.6.6 CNAME Record ............................................................................................................... 1047
46.6.7 Adding a CNAME Record .............................................................................................. 1047
46.6.8 Domain Zone Forwarder ............................................................................................... 1048
46.6.9 Adding a Domain Zone Forwarder ............................................................................... 1048
46.6.10 MX Record .................................................................................................................... 1049
46.6.11 Adding a MX Record .................................................................................................... 1049
46.6.12 Security Option Control ................................................................................................1050
46.6.13 Editing a Security Option Control ................................................................................ 1050
46.6.14 Adding a DNS Service Control Rule ............................................................................ 1051
46.7 WWW Overview ........................................................................................................................ 1052
46.7.1 Service Access Limitations ............................................................................................. 1052
46.7.2 System Timeout ................................................................................................................ 1052
46.7.3 HTTPS ................................................................................................................................. 1052
46.7.4 Configuring WWW Service Control ............................................................................... 1053
46.7.5 Service Control Rules ...................................................................................................... 1056
46.7.6 Customizing the WWW Login Page .............................................................................. 1057
46.7.7 HTTPS Example ................................................................................................................. 1062
USG FLEX Series User’s Guide
24
Table of Contents
46.8 SSH ........................................................................................................................................... 1069
46.8.1 SSH Implementation on the Zyxel Device .................................................................... 1070
46.8.2 Requirements for Using SSH ............................................................................................ 1070
46.8.3 Configuring SSH ............................................................................................................... 1070
46.8.4 Service Control Rules ...................................................................................................... 1071
46.8.5 SSH Example .................................................................................................................... 1072
46.9 Telnet ......................................................................................................................................... 1073
46.9.1 Configuring Telnet ........................................................................................................... 1073
46.9.2 Service Control Rules ...................................................................................................... 1075
46.10 FTP ............................................................................................................................................ 1075
46.10.1 Configuring FTP .............................................................................................................. 1075
46.10.2 Service Control Rules .................................................................................................... 1077
46.11 SNMP ....................................................................................................................................... 1077
46.11.1 SNMPv3 and Security ....................................................................................................1078
46.11.2 Supported MIBs ............................................................................................................. 1079
46.11.3 SNMP Traps ..................................................................................................................... 1079
46.11.4 Configuring SNMP ......................................................................................................... 1079
46.11.5 Add SNMPv3 User .......................................................................................................... 1081
46.11.6 Service Control Rules .................................................................................................... 1082
46.12 Authentication Server ............................................................................................................ 1083
46.12.1 Add/Edit Trusted RADIUS Client .................................................................................. 1084
46.13 Notification > Mail Server ....................................................................................................... 1085
46.14 Notification > SMS ................................................................................................................... 1087
46.15 Notification > Response Message ....................................................................................... 1088
46.16 Language Screen ................................................................................................................... 1089
46.17 IPv6 Screen .............................................................................................................................. 1090
46.18 Zyxel One Network (ZON) Utility ........................................................................................... 1090
46.18.1 Requirements ................................................................................................................. 1091
46.18.2 Run the ZON Utility ......................................................................................................... 1091
46.18.3 Zyxel One Network (ZON) System Screen .................................................................. 1095
Chapter 47
Log and Report....... .... ... ............................................. ... .... ............................................ .................1096
47.1 Overview ................................................................................................................................... 1096
47.1.1 What You Can Do In this Chapter ................................................................................ 1096
47.2 Email Daily Report ..................................................................................................................... 1096
47.3 Log Setting Screens ................................................................................................................. 1098
47.3.1 Log Setting Summary ...................................................................................................... 1098
47.3.2 Edit System Log Settings ................................................................................................ 1100
47.3.3 Edit Log on USB Storage Setting ................................................................................... 1104
47.3.4 Edit Remote Server Log Settings ................................................................................... 1105
47.3.5 Log Category Settings Screen ....................................................................................... 1107
USG FLEX Series User’s Guide
25
Table of Contents
Chapter 48
File Manager ..................................................................................................................................1110
48.1 Overview ................................................................................................................................... 1110
48.1.1 What You Can Do in this Chapter ................................................................................. 1110
48.1.2 What you Need to Know ................................................................................................ 1110
48.2 The Configuration Screen ........................................................................................................ 1114
48.2.1 The Configuration Schedule Backup Screen .............................................................. 1119
48.3 Firmware Management ......................................................................................................... 1120
48.3.1 Cloud Helper ................................................................................................................... 1120
48.3.2 The Firmware Management Screen ............................................................................. 1123
48.3.3 Firmware Upgrade via USB Stick .................................................................................... 1127
48.3.4 Firmware Integrity Check ............................................................................................... 1127
48.4 The Shell Script Screen ............................................................................................................ 1128
Chapter 49
Diagnostics ....................................................................................................................................1131
49.1 Overview ................................................................................................................................... 1131
49.1.1 What You Can Do in this Chapter ................................................................................. 1131
49.2 The Diagnostics Screens .......................................................................................................... 1131
49.2.1 Scripts ............................................................................................................................... 1131
49.2.2 The Diagnostics Controller Screen ................................................................................ 1132
49.2.3 The Diagnostics AP Screen ............................................................................................. 1134
49.2.4 The Diagnostics Files Screen .......................................................................................... 1136
49.3 The Packet Capture Screen .................................................................................................... 1137
49.3.1 The Packet Capture on AP Screen ............................................................................... 1139
49.3.2 The Packet Capture Files Screen .................................................................................. 1142
49.3.3 The Packet Capture Remote Capture Screen ............................................................ 1143
49.4 The CPU / Memory Status Screen ........................................................................................... 1144
49.5 The System Log Screen ............................................................................................................ 1146
49.6 The Network Tool Screen ......................................................................................................... 1146
49.7 The Routing Traces Screen ...................................................................................................... 1149
49.8 The Wireless Frame Capture Screen ...................................................................................... 1150
49.8.1 The Wireless Frame Capture Files Screen .................................................................... 1151
Chapter 50
Packet Flow Explore ......................................................................................................................1152
50.1 Overview ................................................................................................................................... 1152
50.1.1 What You Can Do in this Chapter ................................................................................. 1152
50.2 Routing Status .......................................................................................................................... 1152
50.3 The SNAT Status Screen ............................................................................................................ 1156
Chapter 51
Shutdown........................................................................................................................................1159
USG FLEX Series User’s Guide
26
Table of Contents
51.1 Overview ................................................................................................................................... 1159
51.1.1 What You Need To Know ............................................................................................... 1159
51.2 The Shutdown / Reboot Screen ..............................................................................................1159
Part III: Appendices and Troubleshooting................................................1161
Chapter 52
Troubleshooting..............................................................................................................................1162
52.1 Resetting the Zyxel Device ...................................................................................................... 1180
52.2 Getting More Troubleshooting Help ....................................................................................... 1181
Appendix A Product Features ..................................................................................................... 1182
Appendix B Legal Information..................................................................................................... 1186
USG FLEX Series User’s Guide
27
PART I

User’s Guide

28

1.1 Overview

Zyxel Device refers to these models as outlined below.
• USG FLEX 100
• USG FLEX 100W
• USG FLEX 200
• USG FLEX 500
• USG FLEX 700
1.1.1 Model Feature Differences
Note the following differences between the USG FLEX models:
CHAPTER 1

Introduction

Table 1 USG FLEX Model Feature Comparison
FEATURE/MODEL
Microsoft Azure YES YES YES YES YES
Amazon VPC CLI only CLI only CLI only CLI only CLI only
Anomaly Detection & Prevention YES YES YES YES YES
Email Security (Anti-Spam) YES YES YES YES YES
IPS (IDP) YES YES YES YES YES
Anti-Malware YES YES YES YES YES
App Patrol YES YES YES YES YES
Web Filtering (Content Filtering) YES YES YES YES YES
SecuReporter YES YES YES YES YES
Reputation Filter (IP and DNS) NO NO NO NO NO
URL Threat Filter YES YES YES YES YES
Sandboxing NO NO NO NO NO
IP Exception YES YES YES YES YES
AP Controller YES YES YES YES YES
Device HA Pro NO NO NO YES YES
Hotspot Management NO NO YES YES YES
Concurrent Device Upgrade NO NO NO YES YES
LAG NO NO NO YES YES
Port Group NO NO NO NO YES
Port Role YES YES YES YES NO
USG FLEX 100
USG FLEX 100W
USG FLEX 200
USG FLEX 500
USG FLEX 700
USG FLEX Series User’s Guide
29
Chapter 1 Introduction
Table 1 USG FLEX Model Feature Comparison (continued)
FEATURE/MODEL
SD-WAN Mode NO NO NO NO NO
SSL Application YES YES YES YES YES
SSL encrypted traffic inspection YES YES YES YES YES
Bundled UTM Feature License Validity
Virtual Server Load Balancing YES YES YES YES YES
Built-in AP NO YES NO NO NO
USG FLEX 100
1 year 1 year 1 year 1 year 1 year
USG FLEX 100W
USG FLEX 200
USG FLEX 500
USG FLEX 700
Management by Nebula Control Center (NCC)
YES YES YES YES YES
Note: Your Zyxel Device does not support sandboxing, DNS threat filter and IP reputation by
default. To activate these features, please purchase a gold pack license; see Section
7.1.2 on page 252 for more information.
• Not all models support all features. See Table 1 on page 29 for the specific features that your model supports.
Table 2 Security Feature List
• Application Security (Application Patrol) • Intrusion Prevention System (IPS)
• Anomaly Detection & Prevention (ADP) • Web Filtering (Content Filtering)
• Malware Blocker (Anti-Virus) • Email Security (Anti-Spam)
• Secure Socket Layer (SSL) encrypted traffic Inspection
The following security features work without a security license:
• Configuration > Content Filter > Trusted Web Sites
• Configuration > IPS > Custom Signatures
• Configuration > Anti-Virus > Black/White List
• Configuration > Anti-Spam/Email Security > Block/Allow List
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see
See the product’s datasheet for detailed information on a specific model.

1.2 On Premises Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose On Premises Mode to manage your Zyxel Device directly using either the browser-based Web Configurator or the Command Line Interface (CLI).
Section 3.3 on page 100.
USG FLEX Series User’s Guide
30
Chapter 1 Introduction
Figure 1 On Premises Mode
Follow the wizard to configure the Zyxel Device network settings to manage your Zyxel Device directly. Note that once you complete the device registration step and register your Zyxel Device at portal.myzyxel.com, you cannot change to Nebula Mode unless you reset the Zyxel Device.

1.3 Nebula Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose Nebula Mode to manage your Zyxel Device remotely using Nebula Control Center (NCC). Select this mode if you want to configure and monitor one or more Zyxel Devices through the cloud.
Figure 2 Nebula Mode
USG FLEX Series User’s Guide
31
Follow the wizard to configure the Zyxel Device network settings to connect to NCC. Note that once you complete th WAN configuration step, you cannot change to On Premises Mode unless you reset the Zyxel Device.
Nebula Control Center (NCC) is an Internet portal that allows you to configure and monitor groups of Zyxel Devices in organizations. You cannot manage a Zyxel Device directly through the Web Configurator or Command Line Interface (CLI) when NCC is managing the Zyxel Device. See
page 29 to see which Zyxel Devices can be managed by NCC.
Follow this procedure to have NCC manage your Zyxel Device.
1.3.1 NCC Portal
You should already have created an account at myZyxel.com. Follow these steps at the NCC portal.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account. If you do not have a myZyxel
account, you will be redirected to another screen to create one.
2 After you log in, click Go under Nebula Control Center and then Let’s Start to run the Nebula setup
wizard. Create an organization and a site or select an existing site.
Chapter 1 Introduction
Table 1 on
3 Add the Zyxel Device to this site by entering its MAC address and serial number. You’ll find the MAC
address and serial number of the Zyxel Device on its label or scan the QR code using the Nebula app.
4 Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.
5 If you’re given a choice, select Native Mode. If you cannot select Native Mode, configure the email
address of the person who will configure the Zyxel Device for management by Nebula. An email will be sent to this person containing an activation link that allows automatic management of the Zyxel Device by Nebula (Zero Touch Provisioning (ZTP)).
1.3.2 Your Zyxel Device
The person who will configure the Zyxel Device for management by Nebula should follow this procedure.
1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P1 or P2) to the Ethernet port of a
device that will provide Internet access.
2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P3 or P4) to your computer.
Make sure your computer can receive an IP address automatically. This is the default for all computers, so the computer should be fine unless you changed it.
3 Connect the power port to an appropriate power source and turn on the Zyxel Device. Wait for the SYS
LED to turn solid green.
4 Back up your current configuration before passing management to Nebula. Log into the web
configurator, and go to Maintenance > File Manager > Configuration File. Select startup-config.conf, then click Download.
USG FLEX Series User’s Guide
32
Chapter 1 Introduction
5 If you cannot select Native Mode, reset the Zyxel Device to the factory defaults. Push the Reset button
until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all previous configurations will be erased.
Skip this step if you did not configure your Zyxel Device before (including just logging in and changing the default password.). You must reset the Zyxel Device if it does not have the factory default configuration.
1.3.3 Your Email Account for ZTP
If you cannot select Native Mode in the Nebula setup wizard, do the following after the Zyxel Device is on:
1 Check your mailbox for an email from Nebula. You may need to check your spam folder
2 Follow the instructions in the email if you did not complete the instructions above. Look for an activation
link in the email. Click the activation link or copy the link to your web browser. You will see a screen saying that Nebula registration is in process. Please wait.
3 When you see a screen saying Nebula registration has succeeded, management of your Zyxel Device
has passed to Nebula Control Center. The Nebula administrator can now configure and manage your device.

1.4 Change the Mode

Follow the steps below to change your Zyxel Device from On Premises Mode to Nebula Mode or from Nebula Mode to On Premises Mode.
1.4.1 From Nebula Mode to On Premises Mode
Follow this procedure if you want to manage the Zyxel Device directly.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account.
2 Go to Organization-wide > Configuration > Inventory.
USG FLEX Series User’s Guide
33
Chapter 1 Introduction
3 Select the Zyxel Device you want to remove from Nebula.
4 Click Remove.
5 Nebula will automatically reset your Zyxel Device. The Zyxel Device will reboot to the factory defaults. All
Nebula configurations for the Zyxel Device will be erased.
6 Log into the Zyxel Device. Run the wizard and choose On Premises Mode.
7 To restore your previous configuration, log into the web configurator, and go to Maintenance > File
Manager > Configuration File.
8 Under Upload Configuration File, click Browse, select the startup-config.conf on your computer that you
backed up previously and click Upload. The Zyxel Device will then return to the previous settings.
1.4.2 From On Premises Mode to Nebula Mode
1 Back up your current configuration in Maintenance > File Manager > Configuration File.
2 Reset the Zyxel Device to the factory default by pushing the Reset button until the port connection LEDs
turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults.
3 Log into the Zyxel Device. Run the wizard and choose Nebula Mode.
USG FLEX Series User’s Guide
34
Chapter 1 Introduction
4 If you have a choice of Native Mode or ZTP, select Native Mode.

1.5 Registration at myZyxel

myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
• For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
• For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can
register your device and activate the services at myZyxel.
You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
USG FLEX Series User’s Guide
35
Figure 3 myZyxel Login
1.5.1 Grace Period
SecuReporter and service licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your licenses. New licenses are valid for 1 year from the date of purchase.
Chapter 1 Introduction
1.5.2 Applications
These are some Zyxel Device application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
Figure 4 Applications: Security Router Applications: Security Router
USG FLEX Series User’s Guide
36
Chapter 1 Introduction
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
Figure 5 Applications: IPv6 Routing
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
Figure 6 Applications: VPN Connectivity
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
USG FLEX Series User’s Guide
37
Chapter 1 Introduction
Web Mail File Share
Web-based Application
https://
Application Server
Non-Web
LAN (192.168.1.X)
Figure 7 SSL VPN With Full Tunnel Mode
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in, so and cannot access either the Internet or the file server.
Figure 8 Applications: User-Aware Access Control
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Figure 9 Applications: Multiple WAN Interfaces
USG FLEX Series User’s Guide
38
Chapter 1 Introduction

1.6 Management Overview

You can manage the Zyxel Device in the following ways.
Web Configurator
The Web Configurator allows easy Zyxel Device setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
Figure 10 Managing the Zyxel Device: Web Configurator
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the Zyxel Device. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
Table 3 Console Port Default Settings
SETTING VALUE
Speed 115200 bps
Data Bits 8
Parity None
Stop Bit 1
Flow Control Off
USG FLEX Series User’s Guide
39
Chapter 1 Introduction
FTP
Use File Transfer Protocol for firmware upgrades and configuration backup or restore.
SNMP
The device can be monitored and/or managed by an SNMP manager. See Section 46.11 on page 1077.
CloudCNM
Use the CloudCNM screen (see Section 46.16 on page 1089) to enable and configure management of the Zyxel Device by a Central Network Management system.
Management Authentication
Managers must be authenticated with a username and password, using one of:
•Local Zyxel Device authentication
• An external RADIUS server
• An external LDAP server
• Certificates

1.7 Web Configurator

The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Internet Explorer 11, Mozilla Firefox, or Google Chrome.
In order to use the Web Configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
The recommended minimum screen resolution is 1024 x 768 pixels.
Note: Screenshots and graphics in this book may differ slightly from your product due to
differences in product features or Web Configurator brand style.
1.7.1 Web Configurator Access
1 Make sure your Zyxel Device hardware is properly connected. See the Quick Start Guide.
2 In your browser go to https://192.168.1.1 or https://myrouter.local. By default, the Zyxel Device
automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
USG FLEX Series User’s Guide
40
Chapter 1 Introduction
If you want to change the display language for the Zyxel Device’s Web Configurator screens, select from the drop-down list box. You can also change the display language in Configuration> System>
Language
3 Type the user name (default: “admin”) and password (default: “1234”).
4 Click Login. After you log in for the first time using the default user name and password, you must
change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.
In Configuration > Object > User/Group > Setting, you can enable Password Complexity to require a new password to consist of at least 8 characters and at most 64, where at least 1 character must be a number, at least 1 a lower case letter, at least 1 an upper case letter and at least 1 a special character from the keyboard, such as !@#$%^&*()_+. You can also require periodic changing of the password in that screen by configuring Password must changed every (days).
Make a note of your new password, enter it in the following screen, then click Apply.
5 A Terms of Use screen displays. Read the statement, then click Acknowledge to proceed.
Note: If you are using an Internet Explorer browser, the Terms of Use will be downloaded
automatically.
USG FLEX Series User’s Guide
41
Chapter 1 Introduction
6 The Password Change Notification screen displays. Use this screen to view all the admin accounts expiry
information. We recommend you to change your password regularly in Configuration> Object> User/ Group> User. Select how often to display the screen and click OK.
7 The Network Risk Warning screen displays any unregistered or disabled security services. If your Zyxel
Device is not registered, you will see a prompt to register it. Select how often to display the screen and click OK.
USG FLEX Series User’s Guide
42
Chapter 1 Introduction
If you select Never and you later want to bring this screen back, use these commands (note the space before the underscore).
Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after-30-days every-time never Router(config)# service-register _setremind every-time Router(config)#
See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands.
8 Follow the directions in the Update Admin Info screen. If you change the default password, the Login
screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.
1.7.2 Security Check for Web Interface Overview
Use this screen to configure settings to secure your Zyxel Device. You can configure:
• Secure SSL access from the Internet to the Zyxel Device.
• Secure SSL access from the Internet to the network behind the Zyxel Device.
• The default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device.
USG FLEX Series User’s Guide
43
Chapter 1 Introduction
• The default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device.
1.7.2.1 Secure SSL Access from the Internet to the Zyxel Device
You can configure up to 3 trusted computers to access the Zyxel Device using secure SSL. The default HTTPS SSL port is 443. If you change this, remote connections from the Internet must use this port. For example, if you change this to port 8800 and the Zyxel Device is using IP address 1.1.1.1, then remote users must use htttps://1.1.1.1:8800.
In Figure 11 on page 44, A, B and C can connect to the Zyxel Device to access the Zyxel Device web configurator for remote management.
Configure a new port between 1024 to 65535 that is not in use by other services.
Figure 11 Secure SSL Access Example
1.7.2.2 Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device
The default SSL VPN port is 443. If you change the default SSL VPN port on the Zyxel Device, make sure to make the same change to SecuExtender, the SSL VPN client software. Configure a new port between 1024 to 65535 that is not in use by other services.
You can also restrict SSL VPN access to up to 3 locations on the Internet.
Figure 12 Secure SSL VPN Access Example
USG FLEX Series User’s Guide
44
Chapter 1 Introduction
The table below describes the abbreviations used in the figure.
Table 4 Countries Abbreviations
ABBREVIATION COUNTRY
JP Japan
KR Korea
FR France
1.7.2.3 Change the Default IPSec VPN Provisioning Port
Change the default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. The default is 443 which is already in use for remote management by default. If you change the default IPSec VPN port on the Zyxel Device, make sure to make the same change to the Zyxel IPSec VPN client.
Configure a new port between 1024 to 65535 that is not in use by other services.
Figure 13 IPSec VPN Provisioning Example
Note: The remote management port, the SSL VPN port and the IPSec VPN port all use 443 by
default. If you do not change the default ports, then only 3 connections of the remote management and SSL VPN will be allowed at one time.
1.7.2.4 Change the Default Port for Two-Factor VPN Access Authentication
Change the default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device. VPN clients do not need to change the port number on their devices, because the link to access the network behind the Zyxel Devices will contain the new port number. For example, if you change this to port 8008 and the link is using a.b.c.d, then VPN clients will see this link in their email or SMS to retrieve settings: htttps://a.b.c.d:8008.
You can also change this port in Object > Auth. Method > Two-factor Authentication > VPN Access. See
Section 43.11.4 on page 985 for more information on two-factor authentication.
Configure a new port between 1024 to 65535 that is not in use by other services.
USG FLEX Series User’s Guide
45
Chapter 1 Introduction
Figure 14 Two-Factor Authentication Example
Overall Port Configuration Example
Below is an example of configuring these ports to avoid port conflict.
Table 5 Port Configuration Example
REMOTE MANAGEMENT
8800 8080 443 (default) 8008
SSL VPN
IPSEC VPN PROVISIONING
TWO-FACTOR VPN ACCESS AUTHENTICATION
1.7.2.5 Other Security Measures
New firmware contains patches to enhance security. Make sure to check for new firmware regularly and update firmware in Maintenance > Firmware Management.
Change admin passwords regularly. Select Enable Password Complexity in Object > User/Group > Setting to require the user to use a password that's not easy to guess. The password must include:
• at least 8 characters
• at least one upper case alphabetic character and at least one lower case alphabetic character
•one numeric character
• one special character such as @#$%^
1.7.3 The Security Check for Web Interface Screen
The following screen appears when the Zyxel Device detects a rule that allows traffic such as HTTP, HTTPS, SSL and so on to access to your Zyxel Device from any IPv4 source on the WAN. This may expose your Zyxel Device to a security risk. Configure settings in this screen to allow access only from specified IP addresses, FQDNs or regions to secure your Zyxel Device.
USG FLEX Series User’s Guide
46
Chapter 1 Introduction
Figure 15 Security Check for Web Interface
The following table describes the labels in this screen.
Table 6 Security Check for Web Interface
LABEL DESCRIPTION
Allow secure remote management from WAN
Port Configure a new port between 1024 to 65535 to use it to access the web
Trusted Host 1-3 Configure the IP addresses or FQDNs that are allowed to access the Zyxel
Allow SSL VPN access from WAN Select this to allow SSL VPN clients to access the Zyxel Device only from
Port Configure a new port between 1024 to 65535 to use it to access the web
Trusted Geolocation 1-3 Select the regions that are allowed to access the Zyxel Device from the
Select this to allow access to the Zyxel Device remotely only from specified IP addresses or Fully Qualified Domain Names (FQDNs), such as
1.1.1.1 or www.zyxel.com. See information.
configurator. Do not use a port number that has been used.
For example, use https://1.1.1.1:8800 if you changed the default HTTPS port to 8800.
Device.
specified regions. See
configurator using SSL VPN. Do not use a port number that has been used.
The port you configure here must be the same as the port you use in SecuExtender. See SecuExtender.
drop-down list box.
Section 1.7.2.2 on page 44 for more information.
Section 1.7.2.2 on page 44 for more information on
Section 1.7.2.1 on page 44 for more
USG FLEX Series User’s Guide
47
Chapter 1 Introduction
Table 6 Security Check for Web Interface (continued)
LABEL DESCRIPTION
Change Two-Factor Authentication Port
Change Zyxel IPSec VPN Client Provisioning Port
Please remind me Select how often to display the screen from the drop-down list box. OK Click OK to save your changes back to the Zyxel Device. Cancel Click Cancel to exit this screen without saving your changes.
Select this to change the port VPN clients use to access the Zyxel Device LAN with two-factor authentication. See more information.
Configure a new port between 1024 to 65535. Do not use a port number that has been used.
Select this to change the port IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. See information.
Configure a new port between 1024 to 65535. Do not use a port number that has been used.
The port you configure here must be the same as the port you use when logging in as a Zyxel IPSec VPN client.
1.7.4 Remote Access to the Zyxel Device Networks
Section 1.7.2.4 on page 45 for
Section 1.7.2.3 on page 45 for more
Your Zyxel Device keeps your networks safe while allowing external access by applying the security measures below:
• Two-Factor Authentication: Use two-factor authentication to have double-layer security to access a secured network behind the Zyxel Device. The first layer is the VPN client/Zyxel Device’s login user name / password. The second layer is an authorized SMS (via mobile phone number) or email address. See
Section 43.11.4 on page 985 for more information on two-factor authentication.
• Device Insight: The Zyxel Device can identify and display the basic information and status of clients that are connected to the Zyxel Device networks in Monitor > Network Status > Device Insight. See
Section 6.7 on page 174 for more information on viewing the device insight.
Create device insight profiles in Configuration > Object > Device Insight to block specified clients from accessing the Internet or the Zyxel Device. See Section 43.1 on page 889 for more information on creating and using the device insight profiles.
• IPSec VPN: You can create highly secure connections with IKEv2 or EAP authentication to access networks behind the Zyxel Device. For example, home workers can securely access company resources if they have proper authentication. See IPSec VPN.
• Upload Bandwidth Limit: Zyxel subscription-based SecuExtender IPSec VPN clients with Windows version 5.6.80.007 or later or macOS version 1.2.0.7 or later support upload bandwidth limit. Use this to set the maximum bandwidth for uploading traffic from IPSec VPN clients over IPSec VPN tunnels. See
Section 19.5 on page 542 for more information on upload bandwidth limit.
1.7.5 Web Configurator Screens Overview
Chapter 19 on page 516 for more information on
The Web Configurator screen is divided into these parts:
A – title bar
B – navigation panel
C – main window
USG FLEX Series User’s Guide
48
Chapter 1 Introduction
A
C
B
Figure 16 Web Configurator Screen Overview
Title Bar
Figure 17 Title Bar
The title bar icons in the upper right corner provide the following functions.
Table 7 Title Bar: Web Configurator Icons
LABEL DESCRIPTION
SecuReporter This icon shows when SecuReporter is enabled and the Zyxel Device is added to an
organization.
Click this to open the SecuReporter portal page.
Web Console Click this to open one or multiple console windows from which you can run command line
interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.
Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.
CLI Click this to open a popup window that displays the CLI commands sent by the Web
Configurator to the Zyxel Device.
Reference Click this to check which configuration items reference an object.
Site Map Click this to see an overview of links to the Web Configurator screens.
Forum Go to https://businessforum.zyxel.com for product discussions.
Help Click this to open the help page for the current screen.
USG FLEX Series User’s Guide
49
Chapter 1 Introduction
Table 7 Title Bar: Web Configurator Icons (continued)
LABEL DESCRIPTION
Notification Only Admin or Limited Admin can see notifications. Notifications display what’s new in the Zyxel
Device firmware (ZLD), information on security services about to expire. Slide the switch to Off if you don’t want notifications. Click an item to see more details on it.
Click the Refresh icon or refresh the browser page to update notifications. The latest notification appears at the top. An item is removed once it has been read.
Up to five notifications can be shown here. If there are more than five notifications, then click All Notifications to see them.
About Click this to display basic information about the Zyxel Device.
Logout Click this to log out of the Web Configurator.
About
Click About to display basic information about the Zyxel Device.
Figure 18 About
This table describes the fields in this screen.
Table 8 About
LABEL DESCRIPTION
Current Version This shows the firmware version of the Zyxel Device.
Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released.
System Protection Signature
OK Click this to close the screen.
This shows the system protection signature version of the Zyxel Device. These signatures do not require a license. The Zyxel Device will synch with the Cloud Helper Server every day to update these signatures automatically.
System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross-site scripting and path traversal.
Command injection: This is an attack in which an attacker uses the Zyxel Device vulnerabilities to execute commands to control your Zyxel Device.
Cross-site scripting: This is an attack in which an attacker implants malicious scripts in a website. When you visit this website, the malicious scripts are sent and executed on your web browser.
Path traversal: This is an attack that allows an attacker to access files you store in the web root folder.
Site Map
Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen.
USG FLEX Series User’s Guide
50
Figure 19 Site Map
Chapter 1 Introduction
Web Console
Click Web Console to open one or multiple console windows from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.
Figure 20 Web Console Window
Reference
Click Reference to open the Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
USG FLEX Series User’s Guide
51
Chapter 1 Introduction
Figure 21 Reference
The fields vary with the type of object. This table describes labels that can appear in this screen.
Table 9 Reference
LABEL DESCRIPTION
Type Select an object type to see the services.
Name This identifies the object for which the configuration settings that use it are displayed. Click the
# This field is a sequential value, and it is not associated with any entry.
Service This is the type of setting that references the selected object. Click a service’s name to display the
Priority If it is applicable, this field lists the referencing configuration item’s position in its list, otherwise N/A
Name This field identifies the configuration item that references the object.
Description If the referencing configuration item has a description configured, it displays here.
Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen.
object’s name to display the object’s configuration screen in the main window.
service’s configuration screen in the main window.
displays.
CLI Messages
Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the Web Configurator to display the corresponding commands.
USG FLEX Series User’s Guide
52
Figure 22 CLI Messages
1.7.6 Navigation Panel
Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the Zyxel Device’s navigation panel menus and their screens.
Figure 23 Navigation Panel
Chapter 1 Introduction
Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See the Web Help for details on the dashboard.
USG FLEX Series User’s Guide
53
Chapter 1 Introduction
Monitor Menu
The monitor menu screens display status and statistics information.
Table 10 Monitor Menu Screens Summary
FOLDER OR LINK TAB FUNCTION
Traffic Statistics
Port Statistics Port Statistics Displays packet statistics for each physical port.
Interface Status Interface
Summary
Traffic Statistics Traffic
Statistics
Session Monitor Session
Network Status
DHCP Table DHCP Table Displays a list of interfaces and their DHCP-assigned IP addresses.
Device Insight Device
Login Users Login Users Lists the users currently logged into the Zyxel Device.
Dynamic Guest Dynamic
IGMP Statistics IGMP
DDNS Status DDNS Status Displays the status of the Zyxel Device’s DDNS domain names.
IP/MAC Binding IP/MAC
Cellular Status Cellular
UPnP Port Status Port Statistics Displays details about UPnP connections going through the Zyxel Device.
USB Storage Storage
Ethernet Neighbor
FQDN Object FQDN Object Displays FQDN (Fully Qualified Domain Name) object cache lists used in DNS
Virtual Server LB Virtual Server
Wireless
AP Information AP List Lists APs managed by the Zyxel Device.
Monitor
Insight
Guest
Statistics
Binding
Status
Information
Ethernet Neighbor
Load Balancer Status
Radio List Lists wireless details of APs managed by the Zyxel Device.
Built-in AP Displays associated wireless client usage and number. (For Zyxel Device
Top N APs Lists managed APs with the most wireless traffic usage and most associated
Single AP Lists APs wireless traffic usage and associated wireless stations for a managed
Displays general interface information and packet statistics.
Collect and display traffic statistics.
Displays the status of all current sessions.
Displays a list of WiFi and wireless clients connected to the Zyxel Device networks.
List the dynamic guest accounts in the Zyxel Device’s local database. These are accounts that are created automatically and allowed to access the Zyxel Device’s services for a certain period of time.
Collect and display IGMP statistics.
Lists the devices that have received an IP address from Zyxel Device interfaces using IP/MAC binding.
Displays details about the Zyxel Device’s mobile broadband connection status.
Displays details about USB device connected to the Zyxel Device.
View and manage the Zyxel Device’s neighboring devices via Smart Connect (Layer Link Discovery Protocol (LLDP)). Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).
queries.
Displays traffic statistics between a client and a real server.
model names containing ‘W’.)
wireless stations.
AP.
USG FLEX Series User’s Guide
54
Chapter 1 Introduction
Table 10 Monitor Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
ZyMesh ZyMesh Link
Info
SSID Info SSID Info Display information about the AP’s wireless clients.
Station Info Station List Lists wireless clients associated with the APs managed by the Zyxel Device.
Top N Stations
Single Station Lists wireless traffic usage for an associated wireless station.
Detected Device
Wireless Health Wireless
Printer Status Printer Status Display information about the connected statement printers.
VPN Monitor
IPSec IPSec Displays and manages the active IPSec SAs.
SSL SSL Lists users currently logged into the VPN SSL client portal. You can also log out
L2TP over IPSec L2TP over
Remote AP VPN Remote AP
Security Statistics
App Patrol Summary Displays application patrol statistics.
Content Filter Web
Anti-Malware Summary Collect and display statistics on the malware that the Zyxel Device has
Reputation Filter Summary Displays counts, IP addresses and URLs that are blocked by the Zyxel Device.
IPS Summary Collect and display statistics on the intrusions that the Zyxel Device has
Sandboxing Summary Displays the sandboxing statistics.
Email Security Summary Collect and display spam statistics.
CDR Containment
SSL Inspection Summary Collect and display SSL Inspection statistics.
Log View Log Lists log entries.
Detected Device
Health
IPSec
VPN
Content Filter
DNS Content Filter
Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL
List
History Displays what clients were and are contained by Collaborative Detection &
Certificate Cache List
View AP Log Lists AP log entries.
Dynamic Users Log
Display statistics about ZyMesh wireless connections between managed APs.
Lists wireless stations with the most wireless traffic usage.
Display information about suspected rogue APs.
Displays information about health or wireless networks for your APs and connected wireless clients.
individual users and delete related session information.
Displays details about current L2TP sessions.
Displays and manages the active remote APs.
Collect and display web content filter statistics.
Collect and display DNS content filter statistics.
detected.
detected.
(Domain Name Service-based spam Black List) statistics.
Displays what clients are currently contained by Collaborative Detection & Response (CDR).
Response (CDR).
Displays traffic to destination servers using certificates.
Lists the Zyxel Device’s dynamic guest account log messages.
USG FLEX Series User’s Guide
55
Chapter 1 Introduction
Configuration Menu
Use the configuration menu screens to configure the Zyxel Device’s features.
Table 11 Configuration Menu Screens Summary
FOLDER OR LINK TAB FUNCTION
Quick Setup Quickly configure WAN interfaces or VPN connections.
Licensing
Registration Registration Register the device and activate trial services.
Service View the licensed service status and upgrade licensed services.
Signature Update
Wireless
Built-in AP General Allow WiFi clients to access your Zyxel Device wirelessly to connect to
Controller Configuration Configure manual or automatic controller registration.
AP Management
Rogue AP Rogue/Friendly AP
Wireless Health Wireless Health Enable wireless health to improve the APs wireless network
Auto Healing Auto Healing Enable auto healing to extend the wireless service coverage area of
RTLS Real Time Location
Network
Interface Port
Signature Update signatures immediately or by a schedule.
the network.
Mgnt AP List Edit or remove entries in the lists of APs managed by the Zyxel Device.
AP Policy Configure the AP controller’s IP address on the managed APs and
determine the action the managed APs take if the current AP controller fails.
AP Group Create groups of APs, define their radio, VLAN, port and load
balancing settings.
Firmware Update the firmware on APs connected to your Zyxel Device.
List
System
Port Role/Port Group/ Port Configuration
Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces.
PPP Create and manage PPPoE and PPTP interfaces.
Cellular Configure a cellular Internet connection for an installed mobile
Tunnel Configure tunneling between IPv4 and IPv6 networks.
VLAN Create and manage VLAN interfaces and virtual VLAN interfaces.
Bridge Create and manage bridges and virtual bridge interfaces.
LAG Configure interface and LAG parameters for each LAG interface.
VTI Configure IP address assignment and interface parameters for VTI
Trunk Create and manage trunks (groups of interfaces) for load balancing.
Configure how the Zyxel Device monitors rogue APs.
performance in Zyxel Device networks.
the managed APs when one of the APs fails.
Use the managed APs as part of an Ekahau RTLS to track the location of Ekahau WiFi tags.
Use this screen to set the Zyxel Device’s flexible ports such as LAN, OPT, WLAN, or DMZ.
broadband card.
(Virtual Tunnel Interface).
USG FLEX Series User’s Guide
56
Chapter 1 Introduction
Table 11 Configuration Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
Routing Policy Route Create and manage routing policies.
Static Route Create and manage IP static routing information.
RIP Configure device-level RIP settings.
OSPF Configure device-level OSPF settings, including areas and virtual links.
BGP Configure exchange of Border Gateway Protocol (BGP) information
over an IPSec tunnel.
DDNS DDNS Define and manage the Zyxel Device’s DDNS domain names.
NAT NAT Set up and manage port forwarding rules.
Virtual Server Load Balancer
Redirect Service
ALG ALG Configure SIP, H.323, and FTP pass-through settings.
UPnP UPnP Configure interfaces that allow UPnP and NAT-PMP connections.
IP/MAC Binding Summary Configure IP to MAC address bindings for devices connected to each
Layer 2 Isolation General Enable layer-2 isolation on the Zyxel Device and the internal
DNS Inbound LB DNS Load Balancing Configure DNS Load Balancing.
VPN
IPSec VPN VPN Connection Configure IPSec tunnels.
SSL VPN Access Privilege Configure SSL VPN access rights for users and groups.
L2TP VPN L2TP VPN Configure L2TP over IPSec tunnels.
Remote AP VPN Remote AP VPN Configure the IP address pool for the Zyxel Device to assign an IP
BWM BWM Enable and configure bandwidth management rules.
Web Authentication
Hotspot
Redirect Service Set up and manage HTTP and SMTP redirection rules.
Exempt List Configure ranges of IP addresses to which the Zyxel Device does not
Allow List Enable and configure the allow list.
VPN Gateway Configure IKE tunnels.
Concentrator Combine IPSec VPN connections into a single secure network
Configuration Provisioning
Global Setting Configure the Zyxel Device’s SSL VPN settings that apply to all
Web Authentication
General/ Authentication Type/Custom Web Portal File/ Custom User Agreement File/ Facebook WiFi
SSO Configure the Zyxel Device to work with a Single Sign On agent.
Configure virtual server load balancer rules that distribute incoming connection requests to a virtual server between multiple real (physical) servers
supported interface.
apply IP/MAC binding.
interfaces.
Set who can retrieve VPN rule settings from the Zyxel Device using the Zyxel Device IPSec VPN Client.
connections.
address to the outgoing interface of each RAP IPSec tunnel.
Define a web portal and exempt services from authentication.
USG FLEX Series User’s Guide
57
Chapter 1 Introduction
Table 11 Configuration Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
Billing General Configure the general billing settings, such as the accounting
method.
Billing Profile Configure the billing profiles for the web-based account generator
and each button on the connected statement printer.
Discount Configure discount price plans.
Payment Service Enable online payment service and configure the service pages.
Printer Manager
Free Time Free Time Allow users to get a free account for Internet surfing during the
IPnP IPnP Enable IPnP on the Zyxel Device and the internal interfaces.
Walled Garden Walled Garden
Advertisement Advertisement Enable and set advertisement links.
Security Policy
Policy Control Policy Create and manage level-3 traffic rules and apply Security Service
ADP General Display and manage ADP bindings.
Session Control Session Control Limit the number of concurrent client NAT/security policy sessions.
Security Service
AppPatrol Profile Manage different types of traffic in this screen. Create App Patrol
Content Filter Web Content Filter:
Anti-Malware Anti-Malware Enable, specify actions to take when encountering malware or
General Configure the printer list, enable printer management and customize
Printout Configuration
General/URL Base/
Domain/IP Base
Profile Create and manage ADP profiles.
Allow List Create an allow list for certain IP or services to let them pass the ADP
General
Web Content Filter: Trusted Web Sites
Web Content Filter: Forbidden Web Sites
DNS Content Filter: General
DNS Content Filter: Allow List
DNS Content Filter: Block List
Block/Allow List Set up a block list to identify spam and an allow list to identify
Signature Search for particular signatures to get more information about them.
the account printout.
Detect the connected statement printers, change their IP addresses and/or add them to the managed printer list.
specified time period.
Create walled garden links that display in the login screen.
profiles.
flood detection.
template(s) of settings to apply to a traffic flow using a security policy.
Create and manage the detailed filtering rules for content filtering profiles and then apply to a traffic flow using a security policy.
Create a list of allowed web sites that bypass content filtering policies.
Create a list of web sites to block regardless of content filtering policies.
Create and manage the detailed filtering rules for DNS content filtering profiles and then apply to a traffic flow using a security policy.
Create a list of allowed web sites that bypass DNS content filtering policies.
Create a list of web sites to block regardless of content filtering policies.
compressed files, and set up a black list to identify files with malware file patterns and a white list to identify files that should not be checked for malware.
legitimate email.
USG FLEX Series User’s Guide
58
Chapter 1 Introduction
Table 11 Configuration Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
Reputation Filter
IPS IPS Enable and configure IPS settings. Create, import, or export custom
Sandboxing Sandboxing Enable sandboxing, and specify the actions the Zyxel Device takes
Email Security Email Security Turn email security on or off and manage email security policies.
CDR Collaborative
SSL Inspection Profile Decrypt HTTPS traffic for Security Service inspection. Create SSL
IP Reputation
General/Allow List/ Block List/ External Block List
DNS Threat Filter
General/Profile/ Allow List/ Block List
General/Allow List/ Block List/ External Block List
Allow List Configure signatures that will be exempted from IPS inspection.
Block/Allow List Set up a block list to identify spam and an allow list to identify
Detection & Response
Exempt List Set up a list of devices that are exempt from Collaborative Detection
Exclude List Configure services to be excluded from SSL Inspection.
Certificate Update Use this screen to update the latest certificates of servers using SSL
Enable IP reputation and specify what action the Zyxel Device takes when any IP address with bad reputation is detected.
You can also set up an allow list to identify which IPv4 addresses should be allowed, and a block list to identify which IPv4 addresses should be blocked.
Set up an external block list which uses block list entries stored in a file on a web server that supports HTTP or HTTPS and is reachable from the Zyxel Device. The Zyxel Device will block incoming and outgoing packets from the black list entries in this file.
Enable DNS threat filtering and specify what action the Zyxel Device takes when a access attempt to a blocked Fully Qualified Domain Name (FQDN) is detected.
You can also set up an allow list to identify which FQDNs should be allowed, and a block list to identify which FQDNs should be blocked.
Enable URL filtering and specify what action the Zyxel Device takes when a access attempt to a blocked website is detected.
You can also set up an allow list to identify which IPv4 addresses and/ or URLs should be allowed, and a block list to identify which IPv4 addresses and/or URLs should be blocked.
Set up an external block list which uses block list entries stored in a file on a web server that supports HTTP or HTTPS and is reachable from the Zyxel Device. The Zyxel Device will block incoming and outgoing packets from the black list entries in this file.
signatures.
when malicious or suspicious files are detected.
Create email security templates of settings to apply to a traffic flow using a security policy.
legitimate email.
Turn CDR on or off and manage CDR policies. Create CDR templates of settings to apply to a traffic flow using a security policy.Configure Collaborative Detection & Response triggering policies with containment actions.
& Response checking.Configure IPv4 and/or MAC addresses of devices that are exempt from CDR checking.
Inspection templates of settings to apply to a traffic flow using a security policy.
connections to the Zyxel Device network.
USG FLEX Series User’s Guide
59
Chapter 1 Introduction
Table 11 Configuration Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
IP Exception IP Exception Use this screen to view the IP exception list for the anti-malware and
IPS (Intrusion Prevention System) features.
The Zyxel Device will not intercept nor inspect the incoming packets that match the rules in the IP exception list for the anti-malware and/ or IPS (Intrusion Prevention System) features.
Object
Device Insight Device Insight Configure profiles to block specified clients from accessing the
Zone Zone Configure zone templates used to define various policies.
User/Group User Create and manage users.
Group Create and manage groups of users.
Setting Manage default settings for all users, general settings for user sessions,
MAC Address Configure the MAC addresses of wireless clients for MAC
AP Profile Radio Create templates of radio settings to apply to policies as an object.
SSID Create templates of wireless settings to apply to radio profiles or
MON Profile MON Profile Create and manage rogue AP monitoring files that can be
ZyMesh Profile ZyMesh Profile Create and manage ZyMesh files that can be associated with
Address/Geo IP Address Create and manage host, range, and network (subnet) addresses.
Address Group Create and manage groups of addresses to apply to policies as a
Geo IP Update the database of country-to-IP address mappings and
Service Service Create and manage TCP and UDP services.
Service Group Create and manage groups of services to apply to policies as a single
Schedule Schedule Create one-time and recurring schedules.
Schedule Group Create and manage groups of schedules to apply to policies as a
AAA Server Active Directory Configure the Active Directory settings.
LDAP Configure the LDAP settings.
RADIUS Configure the RADIUS settings.
Auth. Method Authentication
Method
Two-factor Authentication
Certificate My Certificates Create and manage the Zyxel Device’s certificates.
Trusted Certificates Import and manage certificates from trusted sources.
ISP Account ISP Account Create and manage ISP account information for PPPoE/PPTP
Internet or the Zyxel Device.
and rules to force user authentication.
authentication using the local user database.
policies as an object.
associated with different APs.
different APs.
single objects.
manually configure country-to-IP address mappings for geographic address objects that can be used in security policies.
object.
single object.
Create and manage ways of authenticating users.
Configure SMS or email authentication to access a secured network behind the Zyxel Device via a VPN tunnel.
interfaces.
USG FLEX Series User’s Guide
60
Chapter 1 Introduction
Table 11 Configuration Menu Screens Summary (continued)
FOLDER OR LINK TAB FUNCTION
DHCPv6 Request Configure IPv6 DHCP request type and interface information.
Lease Configure IPv6 DHCP lease type and interface information.
Device HA Device HA Status See the license status for Device HA Pro, and see the status of the
active and passive devices.
Device HA Pro Configure Device HA Pro global settings, monitored interfaces and
synchronization settings.
View Log See logs of the active and passive devices
Mgmt. & Analytics SecuManager Enable and configure management of the Zyxel Device by a Central
SecuReporter Enable SecuReporter logging and access the SecuReporter security
Nebula Use this screen to let Nebula manage your Zyxel Device.
System
Host Name Host Name Configure the system and domain name for the Zyxel Device.
USB Storage Settings Configure the settings for the connected USB devices.
Date/Time Date/Time Configure the current date, time, and time zone in the Zyxel Device.
Console Speed Console Speed Set the console speed.
DNS DNS Configure the DNS server and address records for the Zyxel Device.
WWW Service Control Configure HTTP, HTTPS, and general authentication.
Login Page Configure how the login and access user screens look.
SSH SSH Configure SSH server and SSH service settings.
TELNET TELNET Configure telnet server settings for the Zyxel Device.
FTP FTP Configure FTP server settings.
SNMP SNMP Configure SNMP communities and services.
Auth. Server Auth. Server Configure the Zyxel Device to act as a RADIUS server.
Notification Mail Server Configure a mail server with authentication to send reports and
SMS Enable the SMS service to send dynamic guest account information in
Response Message Create a web page when access to a website is restricted due to a
Language Language Select the Web Configurator language.
IPv6 IPv6 Enable IPv6 globally on the Zyxel Device here.
ZON ZON Use the Zyxel One Network (ZON) utility to view and manage the Zyxel
Log & Report
Email Daily Report
Log Settings Log Settings Configure the system log, email logs, and remote syslog servers.
Email Daily Report Configure where and how to send daily reports and what reports to
Network Management system.
analytics portal that collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal or external threats, and report on network usage.
password expiration notification emails.
text messages and authorization for VPN tunnel access to a secured network.
security service.
Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).
send.
USG FLEX Series User’s Guide
61
Chapter 1 Introduction
Maintenance Menu
Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the Zyxel Device.
Table 12 Maintenance Menu Screens Summary
FOLDER OR LINK
File Manager
Diagnostics Diagnostics Collect diagnostic information.
Packet Flow Explore
Shutdown/ Reboot
TAB FUNCTION
Configuration File Manage and upload configuration files for the Zyxel Device.
Firmware Management
Shell Script Manage and run shell script files for the Zyxel Device.
Packet Capture Capture packets for analysis.
CPU/Memory Status
System Log Connect a USB device to the Zyxel Device and archive the Zyxel Device system
Network Tool Identify problems with the connections. You can use Ping or Traceroute to help
Routing Traces Configure traceroute to identify where packets are dropped for
Wireless Frame Capture
Routing Status Check how the Zyxel Device determines where to route a packet.
SNAT Status View a clear picture on how the Zyxel Device converts a packet’s source IP
Shutdown/ Reboot Turn off or restart the Zyxel Device.
View the current firmware version and upload firmware. Reboot with your choice of firmware.
This screen includes the sub-tabs below:
•Controller
•AP
• Filer
This screen includes the sub-tabs below:
•Capture
•Capture on AP
• Files
•Remote Capture
View CPU and memory usage statistics.
logs to it here.
you identify problems.
troubleshooting.
Capture wireless frames from APs for analysis.
address and check the related settings.
1.7.7 Tables and Lists
Web Configurator tables and lists are flexible with several options for how to display their entries.
Click a column heading to sort the table’s entries according to that column’s criteria.
USG FLEX Series User’s Guide
62
Chapter 1 Introduction
Figure 24 Sorting Table Entries by a Column’s Criteria
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:
• Sort in ascending or descending (reverse) alphabetical order
• Select which columns to display
•Group entries by field
•Show entries in groups
• Filter by mathematical operators (<, >, or =) or searching for text
Figure 25 Common Table Column Options
Select a column heading cell’s right border and drag to re-size the column.
Figure 26 Resizing a Table Column
Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
USG FLEX Series User’s Guide
63
Chapter 1 Introduction
Figure 27 Moving Columns
Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
Figure 28 Navigating Pages of Table Entries
The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.
Figure 29 Common Table Icons
Here are descriptions for the most common table icons.
Table 13 Common Table Icons
LABEL DESCRIPTION
Add Click this to create a new entry. For features where the entry’s position in the numbered list is
Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s
Remove To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it
Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. Connect To connect an entry, select it and click Connect. Disconnect To disconnect an entry, select it and click Disconnect. References Select an entry and click References to check which settings use the entry. Move To change an entry’s position in a numbered list, select it and click Move to display a field to type a
important (features where the Zyxel Device applies the table’s entries in order like the security policy for example), you can select an entry and click Add to create a new entry after the selected entry.
settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied.
before doing so.
number for where you want to put that entry and press [ENTER] to move the entry to the number that you typed. For example, if you type 6, the entry you are moving becomes number 6 and the previous entry 6 (if there is one) gets pushed up (or down) one.
USG FLEX Series User’s Guide
64
Chapter 1 Introduction
Working with Lists
When a list of available entries displays next to a list of selected entries, you can often just double-click an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.
Figure 30 Working with Lists
USG FLEX Series User’s Guide
65
CHAPTER 2

Initial Setup Wizard

2.1 Initial Setup Wizard: Select Management Mode

When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. This wizard helps you configure Internet connection settings and activate subscription services.
Note: For Zyxel Devices that already have firmware version 4.25 or later, you have to register
your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
This chapter provides information on configuring the Web Configurator's Initial Setup Wizard. See the feature-specific chapters in this User’s Guide for background information.
• Click the double arrow in the upper right corner to display or hide the help.
• Click Logout to exit the In itial Setup Wizard or click Next to continue the wizard. Click Finish at the end of the wizard to complete the wizard.
Select On Premises Mode to manage your Zyxel Device using the Web Configurator or the Command Line Interface (CLI). Use this mode to secure your networks with the Zyxel Device security services. Follow the On Premises mode wizard to set up your Zyxel Device, such as configuring the WAN settings, registering your Zyxel Device and allowing remote access to your Zyxel Device.
Select Nebula Mode to manage your Zyxel Device using Nebula Control Center (NCC). NCC is a cloud based network management system that allows you to remotely manage and monitor your Zyxel Device. Use this mode to manage your Zyxel Device with accounts at different privilege levels. You can also manage your Zyxel Device licenses and status through NCC.Follow the Nebula mode wizard to configure the WAN settings to pass the management of your Zyxel Device to NCC.
Note: You need to press the reset button to change the Zyxel Device mode once you finish
the wizard. You will not see this screen if you reset the Zyxel Device through the web configurator or the CLI.
USG FLEX Series User’s Guide
66
Chapter 2 Initial Setup Wizard
Figure 31 Management Mode: On Premises Mode
2.1.1 Welcome Screen
Select On Premises Mode in the previous screen to show the Welcome screen. Use this screen to see the settings you can configure using the On Premises mode initial setup wizard.
Figure 32 On Premises Mode- Welcome
2.1.2 Internet Access Setup - WAN Interface
Use this screen to set how many WAN interfaces to configure and the first WAN interface’s type of encapsulation and method of IP address assignment.
USG FLEX Series User’s Guide
67
Chapter 2 Initial Setup Wizard
The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field.
Note: Enter the Internet access information exactly as your ISP gave it to you. Leave a field
blank if you don’t have that information.
I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one. This option appears when you are configuring the first WAN interface.
VLAN Tagged: Select this to tag the traffic going out from the Zyxel Device. Enter a VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1-4080.
Encapsulation: Choose the Ethernet option when the WAN port is used as a regular Ethernet. Choose PPPoE, PPTP or L2TP for a dial-up connection according to the information from your ISP.
MTU: The Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the Zyxel Device divides it into smaller fragments. Allowed values are 576-1500. Usually, this value is 1500.
WAN Interface: This is the interface you are configuring for Internet access.
Zone: This is the security zone to which this interface and Internet connection belong.
IP Address Assignment: Select Auto if your ISP did not assign you a fixed IP address. Select Static if the ISP assigned a fixed IP address.
DHCP Option 60: This field will show if you choose Auto as the IP Address Assignment. DHCP Option 60 is used by the Zyxel Device for identification to the DHCP server using the VCI (Vendor Class Identifier) on the DHCP server. The Zyxel Device adds it in the initial DHCP discovery message that a DHCP client broadcasts in search of an IP address. The DHCP server can assign different IP addresses or options to clients with the specific VCI or reject the request from clients without the specific VCI.
Type a string using up to 63 of these characters [a-zA-Z0-9!\"#$%&\'()*+,-./:;<=>?@\[\\\]^_`{}] to identify this Zyxel Device to the DHCP server. For example, Zyxel-TW.
Figure 33 Internet Access
USG FLEX Series User’s Guide
68
Chapter 2 Initial Setup Wizard
2.1.3 Internet Access: Ethernet
This screen is read-only if you set the previous screen’s IP Address Assignment field to Auto. If you set the previous screen’s IP Address Assignment field to Static, use this screen to configure your IP address settings.
•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you configured in the previous screen.
Encapsulation: This displays the type of Internet connection you are configuring.
MTU: This displays the maximum size of each data packet that can move through this interface.
First WAN Interface: This is the number of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.
DHCP Option 60: This field will show if you selected Auto as the IP Address Assignment in the previous screen. This displays the string you configured to identify DHCP server using VCI.
The following fields display if you selected static IP address assignment.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers.
2.1.3.1 Possible Errors
• Check that your cable connection is coming from the correct interface you’re using for the WAN connection on the Zyxel Device.
• Check that the interface is connected to the device you’re using for Internet access such as a broadband router and that the router is turned on. The LED of the interface you’re using for the WAN connection on the Zyxel Device should be orange.
• If your Zyxel Device was not able to obtain an IP address, check that your Internet access information uses DHCP as the WAN connection type. If it fails again, check with your Internet service provider or administrator for correct WAN settings.
• If your Zyxel Device was not able to use the IP address entered, check that you were given an IP address, subnet mask and gateway address as part of your Internet access information. Re-enter your IP address, subnet mask and gateway IP address exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.
USG FLEX Series User’s Guide
69
Chapter 2 Initial Setup Wizard
Figure 34 Internet Access: Ethernet Encapsulation
2.1.4 Internet Access: PPPoE
2.1.4.1 Internet Access - First WAN Interface
•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you
configured in the previous screen.
2.1.4.2 ISP Parameters
•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you
configured in the previous screen.
Encapsulation: This displays the type of Internet connection you are configuring.
MTU: This displays the maximum size of each data packet that can move through this interface.
• Type the PPPoE Service Name from your service provider. PPPoE uses a service name to identify and reach the PPPoE server. You can use alphanumeric and -_@$./ characters, and it can be up to 64 characters long.
Authentication Type - Select an authentication protocol for outgoing connection requests. Options are:
Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.
Chap - Your Zyxel Device accepts CHAP only.
PAP - Your Zyxel Device accepts PAP only.
MSCHAP - Your Zyxel Device accepts MSCHAP only.
MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.
• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.
•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.
•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPPoE server.
USG FLEX Series User’s Guide
70
Chapter 2 Initial Setup Wizard
2.1.4.3 WAN IP Address Assignments
WAN Interface: This is the name of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.
2.1.4.4 Possible Errors
• Check that you’re using the correct PPPoE Service Name and Authentication Type.
• Make sure that your Internet access information uses PPPoE as the WAN connection type. Re-enter your PPPoE user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.
• If you were given an IP address and DNS server information as part of your Internet access information, re-enter them exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.
Figure 35 Internet Access: PPPoE Encapsulation
2.1.5 Internet Access: PPTP
2.1.5.1 ISP Parameters
MTU: This displays the maximum size of each data packet that can move through this interface.
Authentication Type - Select an authentication protocol for outgoing calls. Options are:
Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.
Chap - Your Zyxel Device accepts CHAP only.
USG FLEX Series User’s Guide
71
PAP - Your Zyxel Device accepts PAP only.
MSCHAP - Your Zyxel Device accepts MSCHAP only.
MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.
• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.
•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank. Re-type your password in the next field to confirm it.
•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPTP server.
2.1.5.2 PPTP Configuration
Base Interface: This identifies the Ethernet interface you configure to connect with a modem or router.
•Type a Base IP Address (static) assigned to you by your ISP.
• Type the IP Subnet Mask assigned to you by your ISP (if given).
Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
Server IP: Type the IP address of the PPTP server.
•Type a Connection ID or connection name. It must follow the “c:id” and “n:name” format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your broadband modem or router. You can use alphanumeric and -_: characters, and it can be up to 31 characters long.
Chapter 2 Initial Setup Wizard
2.1.5.3 WAN IP Address Assignments
First WAN Interface: This is the connection type on the interface you are configuring to connect with your ISP.
Zone This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers.
2.1.5.4 Possible Errors
• Check that you’re using the correct PPPT Service IP, Base IP Address, IP Subnet Mask, Gateway IP Address, Connection ID and Authentication Type.
• Make sure that your Internet access information uses PPTP as the WAN connection type. Re-enter your PPTP user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.
• If you were given an IP address and DNS server information as part of your Internet access information, re-enter them exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.
USG FLEX Series User’s Guide
72
Chapter 2 Initial Setup Wizard
Figure 36 Internet Access: PPTP Encapsulation
2.1.6 Internet Access: L2TP
2.1.6.1 ISP Parameters
Authentication Type - Select an authentication protocol for outgoing connection requests. Options are:
Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.
Chap - Your Zyxel Device accepts CHAP only.
PAP - Your Zyxel Device accepts PAP only.
MSCHAP - Your Zyxel Device accepts MSCHAP only.
MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.
• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.
•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.
•Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPPoE server.
2.1.6.2 L2TP Configuration
Base Interface: This identifies the Ethernet interface you configure to connect with a modem or router.
•Type a Base IP Address (static) assigned to you by your ISP.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
USG FLEX Series User’s Guide
73
Chapter 2 Initial Setup Wizard
Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
Server IP: Type the IP address of the L2TP server.
2.1.6.3 WAN IP Address Assignments
WAN Interface: This is the name of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers.
2.1.6.4 Possible Errors
• Check that you’re using the correct L2PT Server IP, Subnet Mask, Gateway IP Address, IP Subnet Mask and Authentication Type.
• Make sure that your Internet access information uses L2TP as the WAN connection type. Re-enter your L2TP user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.
• If you were given an IP address and DNS server information as part of your Internet access information, re-enter them exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.
USG FLEX Series User’s Guide
74
Chapter 2 Initial Setup Wizard
Figure 37 Internet Access: L2TP Encapsulation
2.1.7 Internet Access Setup - Second WAN Interface
If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see
Section 2.1.2 on page 67).
USG FLEX Series User’s Guide
75
Chapter 2 Initial Setup Wizard
Figure 38 Internet Access: Step 3: Second WAN Interface
2.1.8 Internet Access: Congratulations
You have set up your Zyxel Device to access the Internet. A screen displays with your settings. Click Connection Test to check that you can access the Internet. If you cannot, click Back and confirm that you entered the settings correctly. If you have, check that you got the correct settings from your ISP or network administrator.
Figure 39 Internet Access: Summary
USG FLEX Series User’s Guide
76
2.1.9 Date and Time Settings
It’s important to have correct date and time values in the logs. The Zyxel Device can automatically update the time and date by detecting your time zone and whether Daylight Savings is in effect in that time zone.
If your Zyxel Device cannot get the correct date and time, it may not able to connect to a time server. Check that the Zyxel Device has Internet access, then click Sync. Now.
Figure 40 Date and Time Settings
Chapter 2 Initial Setup Wizard
2.1.10 Register Device
Click the Register button in this screen to register your device at portal.myzyxel.com.
Note: The Zyxel Device must be connected to the Internet in order to register.
USG FLEX Series User’s Guide
77
Figure 41 Register Device
Chapter 2 Initial Setup Wizard
You may need the Zyxel Device’s serial number and LAN MAC address to register it at myZyxel if you have not already done so. Refer to the label at the back of the Zyxel Device’s for details.
Figure 42 myZyxel Login
Click Refresh or use the Configuration > Licensing > Registration screen to update your Zyxel Device registration status. Please note that you cannot change to Nebula Mode once you click Next unless you reset the Zyxel Device.
USG FLEX Series User’s Guide
78
Figure 43 Registered Device
2.1.11 Activate Service
Chapter 2 Initial Setup Wizard
After you register your Zyxel Device, you can register for the services supported by your model. See
Subscription Services Available on page 252 for more information on the subscription services for the two
types of security packs.
Here are the services available for the Zyxel Device.
• Web Filtering (CF): access a database that can block websites by category.
• IPS (IDP): use this feature to detect Intrusion Detection and Prevention attacks.
• Application Patrol: use signatures for Application Patrol inspection to manage the use of various applications on the network.
• Anti-Malware: use signatures to detect malware patterns in files.
• Email Security (Anti-Spam): use anti-spam signatures to mark or discard spam (unsolicited commercial or junk email).
• SecuReporter: collect and analyze logs from your Zyxel Device in order to identify anomalies, notify you of potential internal or external threats, and report on network usage.
USG FLEX Series User’s Guide
79
Chapter 2 Initial Setup Wizard
Figure 44 USG FLEX 500 Activate Service
Click Refresh and wait a few moments for the registration information to update in this screen. If the page does not refresh, make sure the Internet connection is working and click Refresh again. To check your Internet connection, try to access the Internet from a computer connected to a LAN port on the Zyxel Device. If you cannot, then check your Internet access settings on the Zyxel Device.
2.1.12 Service Settings
You can enable or disable the following features in this screen. This screen varies depending on the security pack that you purchase. See on the subscription services for the two types of security packs.
Note: Select the I have read SecuReporter GDPR and agree policy check box to have
SecuReporter collect and analyze logs from this Zyxel Device. This check box won’t appear again if you have already selected this before.
• : Use this feature to detect and block access to specific URLs, by comparing URL addresses of sites that users attempt to access with a database of either permitted or blocked sites.
Anti-Malware: Use this feature to detect malware patterns in files.
IDP: Use this feature to detect Intrusion Detection and Prevention attacks.
Content Filter: Use this feature to access a database that can block websites by category.
App Patrol: Use this feature to manage the use of various applications on the network.
Email Security: Use this feature to mark or discard spam (unsolicited commercial or junk email).
SecuReporter: Use this feature to collect and analyze logs from your Zyxel Device in order to identify anomalies, notify you of potential internal or external threats, and report on network usage.
Subscription Services Available on page 252 for more information
USG FLEX Series User’s Guide
80
Chapter 2 Initial Setup Wizard
Figure 45 USG FLEX Service Settings
2.1.13 Service Settings: SecuReporter
Use this screen to add the Zyxel Device to a new or existing organization, and choose the level of data protection for traffic going through this Zyxel Device.
Server Status: This is the connection status between the Zyxel Device and the SecuReporter server. This field shows Connected when the Zyxel Device can synchronize with the SecuReporter server. This field shows Timeout when the Zyxel Device can’t synchronize with the SecuReporter server. This field shows Fail when the connection between the Zyxel Device and the SecuReporter server is down.
Device Name: Enter the name of the Zyxel Device. This Zyxel Device will be added to a new or existing organization.
Organization: This field appears if you haven’t created an organization in the SecuReporter server. Type a name of up to 255 characters and description to create a new organization.
Select from existing organization: Select an existing organization from the drop-down list box to add the Zyxel Device to the selected organization.
Create new organization: Type a name of up to 255 characters and description to create a new organization.
Partially Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with artificial identifiers in downloaded logs.
Fully Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with anonymized information in downloaded logs.
Non-Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be identifiable in downloaded logs.
USG FLEX Series User’s Guide
81
Chapter 2 Initial Setup Wizard
Figure 46 SecuReporter Settings
The following screen appears when the Zyxel Device is already added in an organization.
Figure 47 SecuReporter Settings
2.1.14 Wireless Settings: Management Mode
The Management Mode screen appears for Zyxel Devices that have a built-in AP. Select Built-in AP if you want WiFi clients to access your Zyxel Device wirelessly. Select AP Controller to allow the Zyxel Device to manage APs in the same network as the Zyxel Device. Both modes cannot work simultaneously. Click Next to continue the wizard.
USG FLEX Series User’s Guide
82
Chapter 2 Initial Setup Wizard
Figure 48 Wireless Setup Wizard > Management Mode (Models with Built-in AP)
2.1.15 Wireless Settings: AP Controller
The Zyxel Device can act as an AP Controller that can manage APs in the same network as the Zyxel Device. Select Yes if you want your Zyxel Device to manage APs in your network; otherwise select No.
Figure 49 Wireless Setup Wizard > Management Mode
2.1.16 Wireless Settings: SSID & Security
Configure SSID and wireless security in this screen.
SSID Setting
SSID - Enter a descriptive name of up to 32 printable characters for the wireless LAN.
Security Mode - Select Pre-Shared Key to add security on this wireless network. Otherwise, select None to allow any wireless client to associate this network without authentication.
Pre-Shared Key - Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters.
USG FLEX Series User’s Guide
83
Chapter 2 Initial Setup Wizard
Hidden SSID - Select this option if you want to hide the SSID in the outgoing beacon frame. A wireless client then cannot obtain the SSID through scanning using a site survey tool.
Enable Intra-BSS Traffic Blocking - Select this option if you want to prevent crossover traffic from within the same SSID. Wireless clients can still access the wired network but cannot communicate with each other.
For Zyxel Devices with Built - in AP Only
Bridged to: Zyxel Devices with W in the model name have a built-in AP. Select an interface to bridge with
the built-in AP wireless network. Devices connected to this interface will then be in the same broadcast domain as devices in the AP wireless network.
Figure 50 Wireless Settings: SSID & Security
2.1.17 Remote Management
Configure settings in this screen to add a rule that has priority over other rules in Policy Control. It restricts access to the web configurator and SSL VPN service from the Internet.
USG FLEX Series User’s Guide
84
Chapter 2 Initial Setup Wizard
Figure 51 Remote Management
• Enable Allow secure remote management from WAN to create a rule in the Policy Control screen. It allows you to access the Zyxel Device from the WAN using HTTPS.
• Enable Restrict access only to trusted host to have the Zyxel Device allow access only from the IP addresses or FQDNs specified in the fields below.
• Enable Allow SSL VPN access from WAN to allow access to the Zyxel Device remotely through the SSL VPN tunnel.
• Enable Restrict access by GeoIP to have the Zyxel Device allow access only from countries specified in the fields below.
Figure 52 Object > Service > Service Group - HTTPS

2.2 Nebula Mode Initial Setup Wizard

Select Nebula Mode to manage and monitor your Zyxel Device remotely. Follow the wizard to configure the WAN settings to pass the management of your Zyxel Device to NCC.
USG FLEX Series User’s Guide
85
Chapter 2 Initial Setup Wizard
Figure 53 Management Mode: Nebula Mode
2.2.1 Connect to Internet (WAN)
Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.
Use this screen to set how many WAN interfaces to configure and the first WAN interface’s type of encapsulation and method of IP address assignment.
The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field.
Note: Enter the Internet access information exactly as your ISP gave it to you. Leave a field
blank if you don’t have that information.
I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one. This option appears when you are configuring the first WAN interface.
VLAN Tagged: Select this to tag the traffic going out from the Zyxel Device. Enter a VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1-4080.
Encapsulation: Choose the Ethernet option when the WAN port is used as a regular Ethernet. Choose PPPoE for a dial-up connection according to the information from your ISP.
MTU: The Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the Zyxel Device divides it into smaller fragments. Allowed values are 576-1500. Usually, this value is 1500.
WAN Interface: This is the interface you are configuring for Internet access.
IP Address Assignment: Select Auto if your ISP did not assign you a fixed IP address. Select Static if the ISP assigned a fixed IP address.
USG FLEX Series User’s Guide
86
Chapter 2 Initial Setup Wizard
DHCP Option 60: This field will show if you choose Auto as the IP Address Assignment. DHCP Option 60 is used by the Zyxel Device for identification to the DHCP server using the VCI (Vendor Class Identifier) on the DHCP server. The Zyxel Device adds it in the initial DHCP discovery message that a DHCP client broadcasts in search of an IP address. The DHCP server can assign different IP addresses or options to clients with the specific VCI or reject the request from clients without the specific VCI.
Type a string using up to 63 of these characters [a-zA-Z0-9!\"#$%&\'()*+,-./:;<=>?@\[\\\]^_`{}] to identify this Zyxel Device to the DHCP server. For example, Zyxel-TW.
Figure 54 Internet Access
2.2.2 Internet Access: Ethernet
This screen is read-only if you set the previous screen’s IP Address Assignment field to Auto. If you set the previous screen’s IP Address Assignment field to Static, use this screen to configure your IP address settings.
•VLAN ID: This displays the VLAN ID tag for the traffic going out from Zyxel Device you configured in the previous screen.
Encapsulation: This displays the type of Internet connection you are configuring.
MTU: This displays the maximum size of each data packet that can move through this interface.
First WAN Interface: This is the number of the interface that will connect with your ISP.
IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen.
DHCP Option 60: This field will show if you selected Auto as the IP Address Assignment in the previous screen. This displays the string you configured to identify DHCP server using VCI.
The following fields display if you selected static IP address assignment.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
USG FLEX Series User’s Guide
87
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.
2.2.2.1 Possible Errors
• Check that your cable connection is coming from the correct interface you’re using for the WAN connection on the Zyxel Device.
• Check that the interface is connected to the device you’re using for Internet access such as a broadband router and that the router is turned on. The LED of the interface you’re using for the WAN connection on the Zyxel Device should be orange.
• If your Zyxel Device was not able to obtain an IP address, check that your Internet access information uses DHCP as the WAN connection type. If it fails again, check with your Internet service provider or administrator for correct WAN settings.
• If your Zyxel Device was not able to use the IP address entered, check that you were given an IP address, subnet mask and gateway address as part of your Internet access information. Re-enter your IP address, subnet mask and gateway IP address exactly as given. If it fails again, check with your Internet service provider or administrator for correct IP address, subnet mask and gateway address and other WAN settings.
Figure 55 Internet Access: Ethernet Encapsulation
Chapter 2 Initial Setup Wizard
2.2.3 Internet Access: PPPoE
Internet Access - First WAN Interface
•VLAN ID: This displays the VLAN ID tag for the traffic going out from the Zyxel Device, which you
configured in the previous screen.
ISP Parameters
Encapsulation: This displays the type of Internet connection you are configuring.
USG FLEX Series User’s Guide
88
Chapter 2 Initial Setup Wizard
MTU: This displays the maximum size of each data packet that can move through this interface.
• Type the PPPoE Service Name from your service provider. PPPoE uses a service name to identify and reach the PPPoE server. You can use alphanumeric and -_@$./ characters, and it can be up to 64 characters long.
Authentication Type - Select an authentication protocol for outgoing connection requests. Options are:
Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node.
Chap - Your Zyxel Device accepts CHAP only.
PAP - Your Zyxel Device accepts PAP only.
MSCHAP - Your Zyxel Device accepts MSCHAP only.
MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.
• Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long.
•Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.
IP Address Assignments
WAN Interface: This is the name of the interface that will connect with your ISP.
IP Address: This displays Auto as the IP Address Assignment is set to Auto in the previous screen.
The following fields display if you selected static IP address assignment.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a machine in order to access it.
2.2.3.1 Possible Errors
• Make sure that your Internet access information uses PPPoE as the WAN connection type. Re-enter your PPPoE user name and password exactly as given. If it fails again, check with your Internet service provider or administrator for correct WAN settings and user credentials.
USG FLEX Series User’s Guide
89
Chapter 2 Initial Setup Wizard
Figure 56 Internet Access: PPPoE Encapsulation
2.2.4 Internet Access: Congratulations
You have set up your Zyxel Device to access the Internet. A screen displays with your settings. Click Connection Test to check that you can access the Internet. If you cannot, click Back and confirm that you entered the settings correctly. If you have, check that you got the correct settings from your ISP or network administrator.
Click Next to go to the next screen to finish the Nebula mode wizard. Please note that you cannot change to On Premises Mode once you click Next unless you reset the Zyxel Device.
If you cannot access Nebula through the Internet after you left this screen, log in to the Zyxel Device using the support account. Use the Local GUI web configurator for troubleshooting.
USG FLEX Series User’s Guide
90
Chapter 2 Initial Setup Wizard
Figure 57 Internet Access: Summary
2.2.5 QR Code
Click the link to go to Nebula. Follow the steps in this screen to run the Nebula setup wizard.
Create an organization and a site. Add the Zyxel Device to this site by entering its MAC address and serial number. Select Native Mode when you’re given a choice. Click Finish to close the wizard.
Figure 58 Go to Nebula
If you see this screen right after you select Nebula Mode, click the link or the Go to Nebula button to go to Nebula directly. Follow the steps in this screen to run the Nebula setup wizard.
USG FLEX Series User’s Guide
91
Chapter 2 Initial Setup Wizard
Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet on the Nebula setup wizard. Configure an email address to receive the activation link. Follow the steps in the email to allow automatic management of the Zyxel Device by Nebula (ZTP). Click Back to go back to the management mode selection screen.
Figure 59 Go to Nebula
USG FLEX Series User’s Guide
92
Hardware, Interfaces and

3.1 Hardware Overview

This section describes the front and rear panels for each model.
Note: Your Zyxel Device may not support SFP if its hardware version is HW:Rev 2.0. Please
check your Zyxel Device label.
The following table summarizes the port features of the Zyxel Device by model.
Table 14 USG FLEX Series Port Comparison Table
USG FLEX MODELS USG FLEX 100 USG FLEX 100W USG FLEX 200 USG FLEX 500 USG FLEX 700
USB 3.0 Ports 1 1 2 2 2
1 Gbps SFP interface 1 1 1 1 2
10/100/1000 Mbps Ethernet WAN Ports
10/100/1000 Mbps Ethernet Ports
Console Port 1 (RJ45) 1 (RJ45) 1 (DB9) 1 (DB9) 1 (DB9)
1 1 2
4 4 4 7 12
CHAPTER 3
Zones
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see
3.1.1 Front Panels
The LED indicators are located on the front panel.
Figure 60 USG FLEX 100 Front Panel
Figure 61 USG FLEX 100W Front Panel
Section 3.3 on page 100.
USG FLEX Series User’s Guide
93
Chapter 3 Hardware, Interfaces and Zones
Figure 62 USG FLEX 200 Front Panel
Figure 63 USG FLEX 500 Front Panel
Figure 64 USG FLEX 700 Front Panel
The following table describes the front panel LEDs.
Table 15 LED Descriptions
LED COLOR STATUS DESCRIPTION
PWR Off The Zyxel Device is turned off.
Green On The Zyxel Device is turned on.
Red On There is a hardware component failure. Shut down the device, wait for a few
minutes and then restart the device. If the LED turns red again, then please contact your vendor.
SYS Green Off The Zyxel Device is not ready or has failed.
On The Zyxel Device is ready and running.
Blinking The Zyxel Device is booting.
Red On The Zyxel Device has an error or has failed.
2.4G Green Off The 2.4G wireless interface is off.
On The 2.4G wireless interface is ready.
Blinking The 2.4G wireless connection is active.
5G Green Off The 5G wireless interface is off.
On The 5G wireless interface is ready.
Blinking The 5G wireless connection is active.
P1 (SFP)
LINK Yellow Off There is no connection on this port.
On This port has a successful 1000 Mbps link.
Green Off There is no connection on this port.
On This port has a successful 100 Mbps link.
ACT Green Off There is no traffic on this port.
Blinking The Zyxel Device is sending or receiving packets on this port at 100/1000 Mbps.
USG FLEX Series User’s Guide
94
Chapter 3 Hardware, Interfaces and Zones
Table 15 LED Descriptions (continued)
LED COLOR STATUS DESCRIPTION
P2, P3... (WAN/ LAN/ DMZ)
Yellow Off There is no connection on this port.
On This port has a successful 1000 Mbps link.
Blinking The Zyxel Device is sending or receiving packets on this port at 1000 Mbps.
Green Off There is no connection on this port.
On This port has a successful 10/100 Mbps link.
Blinking The Zyxel Device is sending or receiving packets on this port at 10/100 Mbps.
The following table describes the ports on the front panel.
Table 16 Front Panel Ports
LABEL DESCRIPTION
RESET Press the button in for about 5 seconds (or until the SYS LED starts to blink), then release it to
return the Zyxel Device to the factory defaults (password is 1234, LAN IP address 192.168.1.1 and so on).
CONSOLE You can use the console port to manage the Zyxel Device using CLI commands. You will be
prompted to enter your user name and password. See the Command Reference Guide for more information about the CLI.
When configuring using the console port, you need a computer equipped with communications software configured to the following parameters:
• Speed 115200 bps
• Data Bits 8
•Parity None
•Stop Bit 1
• Flow Control Off
USB Connect a storage device for system logs (see Maintenance > Diagnostics > System Log) and
P2-P7 ( USG FLEX
200)
P2-P8 ( USG FLEX
500)
P1-P12 (USG FLEX
700)
storage (see Configuration > System > USB Storage).
These are 1G RJ-45 Ethernet ports.
3.1.2 Rear Panels
The connection ports are located on the rear panel.
Figure 65 USG FLEX 100 Rear Panel
USG FLEX Series User’s Guide
95
Chapter 3 Hardware, Interfaces and Zones
Figure 66 USG FLEX 100W Rear Panel
Figure 67 USG FLEX 200 Rear Panel
Figure 68 USG FLEX 500 Rear Panel
Figure 69 USG FLEX 700 Rear Panel
Note: Make sure you connect the Zyxel Device's power cord to a socket-outlet with an
earthing connection or its equivalent.
The following table describes the items on the rear panel.
Table 17 Rear Panel Items
LABEL DESCRIPTION
Console You can use the console port to manage the Zyxel Device using CLI commands. You will be
prompted to enter your user name and password. See the Command Reference Guide for more information about the CLI.
When configuring using the console port, you need a computer equipped with communications software configured to the following parameters:
• Speed 115200 bps
• Data Bits 8
•Parity None
•Stop Bit 1
• Flow Control Off
Power Use the included power cord to connect the power socket to a power outlet. Turn the power
switch on if your Zyxel Device has a power switch.
Lock Attach a lock-and-cable from the Kensington lock (the small, metal-reinforced, oval hole) to a
permanent object, such as a pole, to secure the Zyxel Device in place.
Fan The fans are for cooling the Zyxel Device. Make sure they are not obstructed to allow maximum
ventilation.
Note: Use an 8-wire Ethernet cable to run your Gigabit Ethernet connection at 1000 Mbps.
Using a 4-wire Ethernet cable limits your connection to 100 Mbps. Note that the connection speed also depends on what the Ethernet device at the other end can support.
USG FLEX Series User’s Guide
96
Chapter 3 Hardware, Interfaces and Zones

3.2 Installation Scenarios

The Zyxel Device can be:
• Placed on a desktop.
• Wall-mounted on a wall.
• Rack-mounted on a standard EIA rack.
The following table summarizes the installation scenarios of the Zyxel Device by model.
Table 18 USG FLEX Series Installation Comparison Table
USG FLEX MODELS USG FLEX 100 USG FLEX 100W USG FLEX 200 USG FLEX 500
Rubber feet for desktop placement
Wall Mounting Yes Yes Yes No No
Rack Mounting No No No Yes Yes
WARNING! Do NOT block the ventilation holes on the Zyxel Device. Allow 100 mm clearance for the ventilation holes to prevent your Zyxel Device from overheating. Do not store things on the Zyxel Device. Do not place a Zyxel Device on another high temperature device. Overheating could affect the performance of your Zyxel Device, or even damage it.
Yes Yes Yes Yes Yes
USG FLEX 700
3.2.1 Desktop Installation Procedure
1 Make sure the Zyxel Device is clean and dry.
2 Remove the adhesive backing from the rubber feet.
3 Attach the rubber feet to each corner on the bottom of the Zyxel Device. These rubber feet help
protect the Zyxel Device from shock or vibration, and allow air circulation.
USG FLEX Series User’s Guide
97
Chapter 3 Hardware, Interfaces and Zones
Figure 70 Attaching Rubber Feet
4 Set the Zyxel Device on a smooth, level surface strong enough to support the weight of the Zyxel Device
and the connected cables. Make sure there is a power outlet nearby.
Note: Make sure to use the rubber feet when stacking the Zyxel Devices on a desk.
3.2.2 Rack-mounting
Use the following steps to mount the Zyxel Device on an EIA standard size, 19-inch rack or in a wiring closet with other equipment using a rack-mounting kit. Make sure the rack will safely support the combined weight of all the equipment it contains and that the position of the ZyWALL does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.
Use a #2 Phillips screwdriver to install the screws.
Note: Failure to use the proper screws may damage the unit.
1 Align one bracket with the holes on one side of the Zyxel Device and secure it with the included bracket
screws (smaller than the rack-mounting screws).
2 Attach the other bracket in a similar fashion.
USG FLEX Series User’s Guide
98
Chapter 3 Hardware, Interfaces and Zones
Figure 71 Attach Brackets
3 After attaching both mounting brackets, position the Zyxel Device in the rack and match up the bracket
holes with the rack holes. Secure the Zyxel Device to the rack with the rack-mounting screws. Figure 72 Mount on Rack
Note: Make sure there is at least 100 mm of clearance at the sides and 100 mm in the rear to
allow air circulation and the attachment of cables and the power cord. When stacking in a rack, make sure there is at least 40 mm of clearance between Zyxel Devices.
3.2.3 Wall-mounting
Do the following to attach your Zyxel Device to a wall.
The following table lists the distance “X” between mounting holes for each model:
Table 19 Distance “X” Between FLEX Mounting Holes
MODEL NAME DISTANCE “X”
USG FLEX 100 174 mm (6.85”)
USG FLEX 100W 174 mm (6.85”)
USG FLEX 200 206 mm (8.11”)
1 Drill into a wall two holes 3 mm – 4 mm (0.12" – 0.16") wide, 20 mm – 30 mm (0.79” – 1.18”) deep and a
distance X (see the preceding table) apart. Place two screw anchors in the holes.
USG FLEX Series User’s Guide
99
Chapter 3 Hardware, Interfaces and Zones
Figure 73 Wall Mounting Screw Specifications
2 Screw two screws with 6 mm – 8 mm (0.24" – 0.31") wide heads into the screw anchors. Do not screw the
screws all the way in to the wall; leave a small gap between the head of the screw and the wall.
The gap must be big enough for the screw heads to slide into the screw slots and the connection cables to run down the back of the Zyxel Device.
Note: Make sure the screws are securely fixed to the wall and strong enough to hold the
weight of the Zyxel Device with the connection cables.
3 Use the holes on the bottom of the Zyxel Device to hang the Zyxel Device on the screws.
Figure 74 Wall Mounting
Note: Wall-mount the Zyxel Device horizontally. The Zyxel Device's side panels with ventilation
slots should not be facing up or down as this position is less safe.
Make sure there is 100 mm of clearance at the sides and 1 – 1.5 mm distance between the screw head and the wall to allow air circulation and the attachment of cables and the power cord.

3.3 Default Zones, Interfaces, and Ports

The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “wan1” or “wan2”, “ge2” or” ge3”.
USG FLEX Series User’s Guide
100
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use