How it Works
Zyxel
Loading...
ZyWALL 110
User Manual
12 pgs1.07 Mb0
Service Manual
749 pgs28.4 Mb0
User’s Guide
545 pgs14.66 Mb0

Zyxel ZyWALL 110, ZyWALL 310, ZyWALL 1100 Service Manual

www.zyxel.com
Default Login Details
LAN Port IP Address
https://192.168.1.1
User Name
admin
Password
1234
ZyWALL/USG Series
USG20-VPN / USG20W-VPN / USG40 / USG40W / USG60 / USG60W / USG110 / USG210 / USG310 / USG1100 / USG1900 / USG2200-VPN /
Security Firewalls
Firmware Version 4.25 Edition 2, 4/2017
Handbook
1/749
www.zyxel.com
copyright © 2017 ZyXEL Communications Corporation
Table of Content
How to Configure Site-to-site IPSec VPN with Amazon VPC .................. 17
Set Up the IPSec VPN Tunnel on the Amazon VPC ............................ 18
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ............................. 22
Test the IPSec VPN Tunnel ....................................................................... 26
What Could Go Wrong? ........................................................................ 27
How to Configure Site-to-site IPSec VPN with Microsoft (MS) Azure ...... 29
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ............................. 30
Set Up the IPSec VPN Tunnel on the MS Azure .................................... 36
Test the IPSec VPN Tunnel ....................................................................... 45
What Could Go Wrong? ........................................................................ 47
How to Configure GRE over IPSec VPN Tunnel......................................... 50
Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate
Network (HQ) ........................................................................................... 51
Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate
Network (Branch) .................................................................................... 55
Test the GRE over IPSec VPN Tunnel ...................................................... 60
What Could Go Wrong? ........................................................................ 60
How to Configure Site-to-site IPSec VPN Where the Peer has a Static IP
Address ........................................................................................................ 62
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ........................................................................................................... 62
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) .................................................................................................... 66
Test the IPSec VPN Tunnel ....................................................................... 70
What Could Go Wrong? ........................................................................ 71
How to Configure Site-to-site IPSec VPN Where the Peer has a Dynamic
IP Address .................................................................................................... 73
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ........................................................................................................... 73
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
2/749
www.zyxel.com
(Branch has a Dynamic IP Address) ..................................................... 77
Test the IPSec VPN Tunnel ....................................................................... 81
What Could Go Wrong? ........................................................................ 82
How to Configure IPSec Site to Site VPN while one Site is behind a NAT
router ............................................................................................................ 84
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ........................................................................................................... 84
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) .................................................................................................... 88
Set Up the NAT Router (Using ZyWALL USG device in this example) 91
Test the IPSec VPN Tunnel ....................................................................... 93
What Could Go Wrong? ........................................................................ 94
How to Configure Hub-and-Spoke IPSec VPN ......................................... 96
Set Up the IPSec VPN Tunnel on the ZyWALL/USG by Using VPN
Concentrator Hub_HQ-to-Branch_A.................................................... 97
Hub_HQ-to-Branch_B ............................................................................ 101
Hub_HQ Concentrator ......................................................................... 104
Spoke_Branch_A ................................................................................... 106
Spoke_Branch_B .................................................................................... 111
Test the IPSec VPN Tunnel ..................................................................... 115
What Could Go Wrong? ...................................................................... 118
Set Up the IPSec VPN Tunnel of ZyWALL/USG without Using VPN
Concentrator Hub_HQ-to-Branch_A.................................................. 119
Hub_HQ-to-Branch_B ............................................................................ 122
Spoke_Branch_A ................................................................................... 125
Spoke_Branch_B .................................................................................... 128
Test the IPSec VPN Tunnel ..................................................................... 131
What Could Go Wrong? ...................................................................... 133
How to Use Dual-WAN to Perform Fail-Over on VPN Using the VPN
Concentrator ............................................................................................. 135
Set Up the IPSec VPN Tunnel on the ZyWALL/USG
Hub_HQ-to-Branch_A ........................................................................... 136
Hub_HQ-to-Branch_B ............................................................................ 139
Hub_HQ Concentrator ......................................................................... 142
3/749
www.zyxel.com
Spoke_Branch_A ................................................................................... 143
Spoke_Branch_B .................................................................................... 147
Test the IPSec VPN Tunnel .................................................................... 151
What Could Go Wrong? ...................................................................... 153
How to Configure IPSec VPN with ZyWALL IPSec VPN Client ................ 156
Set Up the ZyWALL/USG IPSec VPN Tunnel ........................................ 157
Set Up the ZyWALL IPSec VPN Client .................................................. 161
Test the IPSec VPN Tunnel ..................................................................... 165
What Can Go Wrong? ......................................................................... 166
How to Configure Site-to-site IPSec VPN with FortiGate ....................... 169
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 169
Set Up the IPSec VPN Tunnel on the FortiGate ................................. 173
Test the IPSec VPN Tunnel ..................................................................... 178
What Could Go Wrong? ...................................................................... 179
How to Configure Site-to-site IPSec VPN with WatchGuard ................. 181
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 182
Set Up the IPSec VPN Tunnel on the WatchGuard .......................... 185
Test the IPSec VPN Tunnel ..................................................................... 192
What Could Go Wrong? ...................................................................... 194
How to Configure Site-to-site IPSec VPN with Cisco ............................. 196
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 197
Set Up the IPSec VPN Tunnel on the Cisco ........................................ 203
Test the IPSec VPN Tunnel ..................................................................... 208
What Could Go Wrong? ...................................................................... 210
How to Configure Site-to-site IPSec VPN with a SonicWALL router ...... 212
Set Up the IPSec VPN Tunnel on the ZyWALL/USG ........................... 213
Set Up the IPSec VPN Tunnel on the SonicWALL ............................... 220
Test the IPSec VPN Tunnel ..................................................................... 224
What Could Go Wrong? ...................................................................... 226
How to Configure IPSec VPN Failover ..................................................... 229
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ......................................................................................................... 230
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
4/749
www.zyxel.com
(Branch) .................................................................................................. 233
Set up the WAN Trunk (ZyWALL/USG_HQ) ......................................... 237
Set up the Failover Command Line (ZyWALL/USG HQ) .................. 238
Test the IPSec VPN Tunnel ..................................................................... 240
What Could Go Wrong? ...................................................................... 241
How to Configure L2TP over IPSec VPN while the ZyWALL/USG is behind a
NAT router .................................................................................................. 243
Set Up the L2TP VPN Tunnel on the ZyWALL/USG_HQ ...................... 244
Set Up the NAT Router (Using ZyWALL USG device in this example)
................................................................................................................. 248
Test the L2TP over IPSec VPN Tunnel .................................................... 251
What Could Go Wrong? ...................................................................... 254
How to Configure L2TP VPN with Android 5.0 Mobile Devices ............. 256
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 257
Set Up the L2TP VPN Tunnel on the Android Device ........................ 261
Test the L2TP over IPSec VPN Tunnel .................................................. 265
What Could Go Wrong? ...................................................................... 267
How to Configure L2TP VPN with iOS 8.4 Mobile Devices ..................... 269
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 269
Set Up the L2TP VPN Tunnel on the iOS Device ................................. 275
Test the L2TP over IPSec VPN Tunnel .................................................. 276
What Could Go Wrong? ...................................................................... 279
How to Import ZyWALL/USG Certificate for L2TP over IPsec in Windows 10
.................................................................................................................... 281
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 281
Export a Certificate from ZyWALL/USG and Import it to Windows 10
Operating System ................................................................................. 286
Set Up the L2TP VPN Tunnel on the Windows 10 ............................... 292
Test the L2TP over IPSec VPN Tunnel .................................................. 296
What Could Go Wrong? ...................................................................... 298
How to Import ZyWALL/USG Certificate for L2TP over IPsec in IOS mobile
phone......................................................................................................... 300
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 300
5/749
www.zyxel.com
Export a Certificate from ZyWALL/USG and Import it to iOS Mobile
Phone ...................................................................................................... 304
Set Up the L2TP VPN Tunnel on the iOS Mobile Device .................... 305
Test the L2TP over IPSec VPN Tunnel .................................................. 308
What Could Go Wrong? ...................................................................... 309
How to Import ZyWALL/USG Certificate for L2TP over IPsec in Android
mobile phone............................................................................................ 311
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 311
Export a Certificate from ZyWALL/USG and Import it to Android
Mobile Phone......................................................................................... 316
Set Up the L2TP VPN Tunnel on the Android Mobile Device ........... 317
Test the L2TP over IPSec VPN Tunnel .................................................. 320
What Could Go Wrong? ...................................................................... 322
How to Configure the L2TP VPN with Apple MAC OS X 10.11 Operating
System........................................................................................................ 324
Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 324
Set Up the L2TP VPN Tunnel on the Apple MAC OS X 10.11 El Capitan
Operating System ................................................................................. 330
Test the L2TP over IPSec VPN Tunnel .................................................. 332
What Could Go Wrong? ...................................................................... 334
How to configure if I want user can only see SSL VPN Login button in web
portal login page ...................................................................................... 336
Set Up the DNS Service.......................................................................... 337
Set Up the ZyWALL/USG SSL VPN Setting ............................................. 337
Set Up the ZyWALL/USG System Setting .............................................. 338
Test the SSL VPN ..................................................................................... 339
How to Deploy SSL VPN with Windows 10 Operating System ............... 343
Set Up the SSL VPN Tunnel on the ZyWALL/USG ................................ 344
Set Up the SSL VPN Tunnel on the Windows 10 Operating System 348
Test the SSL VPN Tunnel ......................................................................... 352
What Could Go Wrong? ...................................................................... 353
How to Deploy SSL VPN with Apple Mac OS X 10.10 Operating System
.................................................................................................................... 354
6/749
www.zyxel.com
Set Up the SSL VPN Tunnel on the ZyWALL/USG ................................ 355
Set Up the SSL VPN Tunnel on the Apple MAC OS X 10.10 Operating
System ..................................................................................................... 360
Test the SSL VPN Tunnel ......................................................................... 364
What Could Go Wrong? ...................................................................... 367
How To Configure SSL VPN for Remote Access Mobile Devices .......... 369
Set Up the SSL VPN Tunnel on the ZyWALL/USG ................................ 369
Test the SSL VPN Tunnel ......................................................................... 372
What Could Go Wrong? ...................................................................... 375
How to Configure an SSL VPN Tunnel (with SecuExtender version 4.0.0.1)
on the Windows 10 Operating System .................................................... 376
Set up the SSL VPN Tunnel with Windows 10 ..................................... 376
What Can Go Wrong? ......................................................................... 380
How to redirect multiple LAN interface traffic to the VPN tunnel ......... 382
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(HQ) ......................................................................................................... 383
Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network
(Branch) .................................................................................................. 386
Set up the Policy Route (ZyWALL/USG_HQ) ...................................... 389
Set up the Policy Route (ZyWALL/USG_Branch) ............................... 390
Test the IPSec VPN Tunnel ..................................................................... 391
What Could Go Wrong? ...................................................................... 393
How to Create VTI and Configure VPN Failover with VTI ...................... 395
VTI Deployment Flow ............................................................................ 395
Set Up the ZyWALL/USG VTI of Corporate Network (HQ) ............... 396
Set Up the ZyWALL/USG VTI of Corporate Network (Branch) ........ 401
Test the IPSec VPN Tunnel .................................................................... 407
What Can Go Wrong? ......................................................................... 409
How to configure the USG when using a Cloud Based SIP system ...... 411
Set Up the SIP ALG ................................................................................. 412
Test result ................................................................................................ 413
What could go wrong? ........................................................................ 413
7/749
www.zyxel.com
How to block HTTPS websites by Domain Filter without applying SSL
Inspection .................................................................................................. 414
Set Up the Content Filter on the ZyWALL/USG .................................. 415
Set Up the Security Policy on the ZyWALL/USG ................................ 417
Set Up the System Policy on the ZyWALL/USG .................................. 417
Test the Result ........................................................................................ 418
How to Configure Content Filter 2.0 with Geo IP Blocking .................... 420
Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 421
Set Up the Security Policy on the ZyWALL/USG ................................ 422
Test the Result ........................................................................................ 423
What Could Go Wrong? ...................................................................... 424
How to Configure Content Filter 2.0 with HTTPs Domain Filter ............... 425
Application Scenario ............................................................................ 425
Set Up the Content Filter on the ZyWALL/USG ................................... 425
Set Up the Security Policy on the ZyWALL/USG ................................ 427
Set Up the System Policy on the ZyWALL/USG .................................. 428
Test the Result ........................................................................................ 429
What Could Wrong? ............................................................................. 430
How to block the client accessing to certain country using Geo IP and
Content Filter ............................................................................................. 431
Check Geo IP License Status on the ZyWALL/USG ........................... 432
Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 432
Set Up the Security Policy on the ZyWALL/USG ................................ 433
Test the Result ........................................................................................ 434
How to set up Link Aggregation Group (LAG) ....................................... 437
Set up the Active-backup, 802.3ad, Balance-alb ........................... 437
Set up the active-backup mode. ...................................................... 441
Test the Result ........................................................................................ 443
What can go wrong ............................................................................. 443
How to Restrict Web Portal access from the Internet ............................ 444
Set Up the ZyWALL/USG System Setting .............................................. 445
Test the Web Access ............................................................................. 446
How to Setup and Configure Daily Report ............................................. 448
8/749
www.zyxel.com
Set Up the ZyWALL/USG Email Daily Report Setting ........................... 449
Test the Daily Log Report ...................................................................... 450
What Could Go Wrong? ...................................................................... 451
How to Setup and Configure Email Logs ................................................ 452
Set Up the ZyWALL/USG Email Logs Setting ........................................ 452
Test the Email Log .................................................................................. 454
What Could Go Wrong? ...................................................................... 455
How to Setup and send logs to a Syslog Server .................................... 456
Set Up the Syslog Server (Use Papertrail syslog in this example) ....... 456
Set Up the ZyWALL/USG Remote Server Setting ................................. 459
Test the Remote Server ......................................................................... 460
What Could Go Wrong? ...................................................................... 461
How to Setup and send logs to a Vantage Reports Server................... 462
Set Up the VRPT Server .......................................................................... 463
Set Up the ZyWALL/USG Remote Server Setting ................................. 466
Test the Remote Server ......................................................................... 466
What Could Go Wrong? ...................................................................... 467
How to Setup and send logs to the USB storage .................................... 468
Set Up the USB System Settings ............................................................. 469
Set Up the USB Log Storage .................................................................. 469
Check the USG Log Files ...................................................................... 470
How to Activate a Free Access Hotspot ................................................. 471
Set up the Free Access Hotspot .......................................................... 472
Test the User Agreement and Advertisement Webpage ............... 474
What could Go Wrong? ....................................................................... 475
Set up Enable the Free Time Feature ................................................. 476
Test Free Time Feature .......................................................................... 481
What Can Go Wrong? ......................................................................... 484
How to Setup IPv6 Interfaces for Pure IPv6 Routing ............................... 486
Setting Up the IPv6 Interface ............................................................... 487
Set up the Prefix Delegation and Router Advertisement ............... 489
Test ........................................................................................................... 493
What Can Go Wrong? ......................................................................... 493
9/749
www.zyxel.com
Test ........................................................................................................... 495
How to Perform and Use the Packet Capture Feature on the ZyWALL/USG
.................................................................................................................... 496
Set Up the Packet Capture Feature .................................................... 497
Check the Capture Files ...................................................................... 499
How to Automatically Reboot the ZyWALL/USG by Schedule ............. 501
Set Up the Shell Script ............................................................................ 502
Set Up the Schedule Run ...................................................................... 503
Check the Reboot Status..................................................................... 504
How To Schedule YouTube Access ......................................................... 506
Set Up the Schedule on the ZyWALL/USG .......................................... 506
Create the Application Objects on the ZyWALL/USG ...................... 507
Set Up the Application Patrol Profile on the ZyWALL/USG ................ 508
Set Up SSL Inspection on the ZyWALL/USG ......................................... 509
Set Up the Security Policy on the ZyWALL/USG ................................. 509
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ................................................................................. 510
Test the Result ........................................................................................ 516
What Could Go Wrong? ...................................................................... 516
How to continuously run a ZySH script .................................................... 518
Set Up the Shell Script ............................................................................ 519
Set Up the Schedule Run ...................................................................... 520
Check the Result ................................................................................... 521
How To Register Your Device and Services at myZyXEL.com .............. 523
Account Creation ................................................................................. 524
Device Registration ............................................................................... 526
Service Registration (In the Case of Standard License) .................. 527
Device Management (In the Case of Registering Bundled Licenses)
................................................................................................................. 528
Refresh Service ...................................................................................... 529
What Could Go Wrong? ...................................................................... 529
How To Exempt Specific Users From Security Control ........................... 531
Set Up the Security Policy on the ZyWALL/USG for Employees ....... 532
10/749
www.zyxel.com
Set Up the Security Policy on the ZyWALL/USG for Executives ........ 533
Test the Result ........................................................................................ 536
What Could Go Wrong? ...................................................................... 537
How To Detect and Prevent TCP Port Scanning with ADP ..................... 538
Set Up the ADP Profile on the ZyWALL/USG ....................................... 539
Test the Result ........................................................................................ 542
What Could Go Wrong? ...................................................................... 543
How To Block Facebook .......................................................................... 544
Set Up the Content Filter on the ZyWALL/USG ................................... 545
Set Up the SSL Inspection on the ZyWALL/USG .................................. 545
Set Up the Security Policy on the ZyWALL/USG ................................. 546
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ................................................................................. 548
Test the Result ........................................................................................ 553
What Could Go Wrong? ...................................................................... 554
How To Exempt Specific Users From a Blocked Website ...................... 555
Set Up the Security Policy on the ZyWALL/USG for Employees ....... 556
Set Up the Security Policy on the ZyWALL/USG for Executives ........ 557
Test the Result ........................................................................................ 560
What Could Go Wrong? ...................................................................... 560
How To Control Access To Google Drive................................................ 561
Set Up the Application Patrol on the ZyWALL/USG ........................... 562
Set Up the SSL Inspection on the ZyWALL/USG .................................. 564
Set Up the Security Policy on the ZyWALL/USG ................................. 565
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ................................................................................. 566
Test the Result ........................................................................................ 570
What Could Go Wrong? ...................................................................... 571
How To Block HTTPS Websites Using Content Filtering and SSL Inspection
.................................................................................................................... 572
Set Up the Content Filter on the ZyWALL/USG ................................... 573
Set Up SSL Inspection on the ZyWALL/USG ......................................... 574
Set Up the Security Policy on the ZyWALL/USG ................................. 575
11/749
www.zyxel.com
Export Certificate from ZyWALL/USG and Import it to Windows 7
Operation System ................................................................................. 576
Test the Result ........................................................................................ 581
What Could Go Wrong? ...................................................................... 582
How To Block the Spotify Music Streaming Service ............................... 583
Set Up IDP Profile on the ZyWALL/USG ................................................ 584
Test the Result ........................................................................................ 585
What Could Go Wrong? ...................................................................... 586
How To Test the EICAR Anti-Virus Test File............................................... 587
Set Up the Anti-Virus Profile on the ZyWALL/USG ............................... 588
Set Up the Security Policy on the ZyWALL/USG ................................. 589
Test the Result ........................................................................................ 590
What Could Go Wrong? ...................................................................... 591
How To Block Downloading of DOC, PDF, XLS and ZIP Files ................. 592
Set Up the Anti-Virus Profile on the ZyWALL/USG ............................... 593
Set Up the Security Policy on the ZyWALL/USG ................................. 595
Test the Result ........................................................................................ 596
What Could Go Wrong? ...................................................................... 597
How To Configure an Anti-Spam Policy with Mail Scan and DNSBL .... 599
Set Up the Anti-Spam Profile on the ZyWALL/USG ............................. 600
Set Up the Security Policy on the ZyWALL/USG ................................. 603
Test the Result ........................................................................................ 604
What Could Go Wrong? ...................................................................... 605
How to Configure Bandwidth Management for FTP and HTTP Traffic ... 606
Set Up the Bandwidth Management for FTP on the ZyWALL/USG 607 Set Up the Bandwidth Management for HTTP on the ZyWALL/USG
................................................................................................................. 608
Set Up the Bandwidth Management Global Setting on the
ZyWALL/USG ........................................................................................... 610
Test the Result ........................................................................................ 610
What Could Go Wrong? ...................................................................... 611
How to Limit BitTorrent or Other Peer-to-Peer Traffic.............................. 612
Set Up the Application Patrol Profile on the ZyWALL/USG ................ 613
12/749
www.zyxel.com
Set Up the Bandwidth Management for BitTorrent on the
ZyWALL/USG ........................................................................................... 614
Set Up the Bandwidth Management Global Setting on the
ZyWALL/USG ........................................................................................... 616
Test the Result ........................................................................................ 616
What Could Go Wrong? ...................................................................... 617
How to Configure a Trunk for WAN Load Balancing with a Static or
Dynamic IP Address ................................................................................. 618
Set Up the Available Bandwidth on WAN1 Interfaces on the
ZyWALL/USG ........................................................................................... 619
Set Up the Available Bandwidth on WAN2 Interfaces on the
ZyWALL/USG ........................................................................................... 620
Set Up the WAN Trunk on the ZyWALL/USG ....................................... 620
Test the Result ........................................................................................ 621
What Could Go Wrong? ...................................................................... 622
How to Configure DNS Inbound Load Balancing to balance DNS Queries
Among Interfaces ..................................................................................... 623
Set Up the DNS Inbound Load Balancing on the ZyWALL/USG ..... 624
Set Up the NAT Rule on the ZyWALL/USG .......................................... 625
Test the Result ........................................................................................ 626
What Could Go Wrong? ...................................................................... 627
How to Manage Voice Traffic .................................................................. 628
Set Up the SIP ALG on the ZyWALL/USG ............................................ 629
Set Up the Bandwidth Management for SIP on the ZyWALL/USG . 629 Set Up the Bandwidth Management for P2P on the ZyWALL/USG 630 Set Up the Bandwidth Management for FTP on the ZyWALL/USG 631
Test the Result ........................................................................................ 633
What Could Go Wrong? ...................................................................... 634
How to Manage ZyWALL/USG Configuration Files ................................. 635
Rename the Configuration Files from the ZyWALL/USG .................. 636
Download the Configuration Files on the ZyWALL/USG .................. 637
Copy the Configuration Files on the ZyWALL/USG .......................... 637
Apply the Configuration Files on the ZyWALL/USG .......................... 638
13/749
www.zyxel.com
Upload the Configuration Files from the ZyWALL/USG .................... 639
What Could Go Wrong? ...................................................................... 640
How to Manage ZyWALL/USG Firmware ................................................. 641
Download the Current Firmware Version from ZyXEL.com ............. 642
Upload the Firmware on the ZyWALL/USG ........................................ 643
What Could Go Wrong? ...................................................................... 646
How to Get Started Using the Wizards .................................................... 647
Set Up the Internet Access (Ethernet) Wizard on the ZyWALL/USG
................................................................................................................. 647
Set Up the Internet Access (PPPoE) Wizard on the ZyWALL/USG .. 651
Set Up the Internet Access (PPTP) Wizard on the ZyWALL/USG ..... 653
Set Up the Wireless Settings Wizard on the ZyWALL/USG ................ 656
Set Up the Device Registration on the ZyWALL/USG ....................... 658
How to Configure the 3G/LTE Interface on the ZyWALL/USG as a WAN
Backup ...................................................................................................... 660
Set Up the 3G/LTE Interface on the ZyWALL/USG ............................ 661
Set Up the Trunk on the ZyWALL/USG................................................. 662
Test the Result ........................................................................................ 663
What Could Go Wrong? ...................................................................... 664
How to Configure Two Different WAN Interfaces with Different IP
Addresses in the Same VLAN .................................................................. 665
Set Up the Port Grouping on the ZyWALL/USG................................. 666
Set Up the VLAN on the ZyWALL/USG ................................................ 666
Set Up the Routing on the ZyWALL/USG ............................................ 668
Test the Result ........................................................................................ 668
What Could Go Wrong? ...................................................................... 669
How to Let a Server Use the Same Public IP Address as the WAN
Interface Using the Bridge Interface ....................................................... 670
Set Up the Bridge Interface on the ZyWALL/USG ............................. 671
Test the Result ........................................................................................ 672
What Could Go Wrong? ...................................................................... 673
How to Allow Public Access to a Server Behind ZyWALL/USG ............. 674
Set Up the NAT on the ZyWALL/USG................................................... 675
14/749
www.zyxel.com
Set Up the Security Policy on the ZyWALL/USG ................................ 675
Test the Result ........................................................................................ 676
What Could Go Wrong? ...................................................................... 677
How to Set Up a WiFi Network with ZyXEL APs ........................................ 678
Set Up the AP Management on the ZyWALL/USG ........................... 679
Test the Result ........................................................................................ 681
What Could Go Wrong? ...................................................................... 681
How to Set Up Guest WiFi Network Accounts ........................................ 683
Set Up the WiFi Guest Account, Address Range and Service Rule on
the ZyWALL/USG .................................................................................... 684
Set Up the Web Authentication on the ZyWALL/USG ..................... 686
Set Up the Security Policy on the ZyWALL/USG ................................ 687
Test the Result ........................................................................................ 688
What Could Go Wrong? ...................................................................... 690
How to create a Wi-Fi VLAN interfaces to separate staff network and
Guest network ........................................................................................... 692
Set up Wi-Fi VLAN interfaces ............................................................... 693
Test result ................................................................................................ 700
What could go wrong .......................................................................... 701
How to Set Up WiFi Networks with Microsoft Active Directory
Authentication .......................................................................................... 703
Set Up the Wi-Fi Guest Account and Authentication Method on the
ZyWALL/USG ........................................................................................... 704
Set Up the Active Directory Server Account on the ZyWALL/USG 705
Set Up the Security Policy on the ZyWALL/USG ................................ 706
Test the Result ........................................................................................ 707
What Could Go Wrong? ...................................................................... 709
How to Set Up IPv6 Interfaces for Pure IPv6 Routing .............................. 710
Enable the IPv6 on the ZyWALL/USG ................................................. 711
Set Up the WAN IPv6 Interface on the ZyWALL/USG ....................... 711
Set Up the LAN IPv6 Interface on the ZyWALL/USG ......................... 712
Test the Result ........................................................................................ 714
What Could Go Wrong? ...................................................................... 715
15/749
www.zyxel.com
How to Set Up an IPv6 6to4 Tunnel .......................................................... 716
Set Up the LAN IPv6 Interface on the ZyWALL/USG ......................... 717
Set Up the 6to4 Tunnel on the ZyWALL/USG ..................................... 718
Test the Result ........................................................................................ 719
What Could Go Wrong? ...................................................................... 720
How to Set Up an IPv6-in-IPv4 Tunnel ..................................................... 721
Set Up the LAN IPv6 Interface on the ZyWALL/USG ......................... 722
Set Up the 6to4 Tunnel on the ZyWALL/USG ..................................... 723
Set Up the Policy Route on the ZyWALL/USG.................................... 724
Test the Result ........................................................................................ 725
What Could Go Wrong? ...................................................................... 726
How to Update Firmware Automatically from a USB Storage .............. 727
Automatic USB Firmware Upgrade Flow ................................................ 727
Enable the USB Firmware Upgrade Function by CLI Command ... 728
Save the Firmware on the USB ............................................................ 728
Plug the USB into the Device ............................................................... 729
The Device Checks Running Partition for the Model ID and the
Firmware Version ................................................................................... 729
Check Firmware Status......................................................................... 730
What Can Go Wrong? ......................................................................... 731
How to Configure DHCP Option 60 – Vendor Class Identifier ............... 734
DHCP Option 60 Deployment Flow ........................................................ 734
Setting Up DHCP Option 60 on the Web GUI.................................... 734
Setting Up DHCP Option 60 on the CLI .............................................. 736
Test DHCP Option 60 ............................................................................. 736
What Can Go Wrong? ......................................................................... 737
How to Configure Device HA Pro ............................................................ 738
Device HA Pro License ......................................................................... 739
Behavior of the Device HA Pro ........................................................... 740
Device-HA Pro Setting Screen ............................................................. 740
Suggestions ............................................................................................ 742
How do I Configure Device HA Pro in My Current Environment? . 743
What can go wrong? ........................................................................... 749
16/749
www.zyxel.com
Note:
All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG110 (Firmware Version: ZLD 4.25) and Amazon
VPC (June, 2016).
How to Configure Site-to-site IPSec VPN with Amazon VPC
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN
between a ZyWALL/USG and an Amazon VPC platform. The example instructs
how to configure the VPN tunnel between each site. When the VPN tunnel is
configured, each site can be accessed securely.
ZyWALL/USG Site-to-site IPSec VPN with Amazon VPC
17/749
www.zyxel.com
Set Up the IPSec VPN Tunnel on the Amazon VPC
1 Sign into the Amazon AWS Management Console. Go to Networking > VPC.
Amazon AWS Management Console > Networking > VPC
2 In the upper left-hand of the screen, click Start VPC Wizard.
Amazon VPC Management Console > Networking > VPC > Start VPC Wizard
3 Select a VPC Configuration, select VPC with a Private Subnet Only and Hardware VPN
Access, and then click Select.
18/749
www.zyxel.com
Select a VPC Configuration > VPC with a Private Subnet Only and Hardware VPN
Access
4 VPC with a Private Subnet Only and Hardware VPN, add your IP CIDR block and Private
subnet. Click Next.
VPC with a Private Subnet Only and Hardware VPN
19/749
www.zyxel.com
5 Configure your VPN, add your ZyWALL/USG public IP address into Customer Gateway IP.
Name your Customer Gateway name and VPN Connection name. Click Create VPC at the
bottom of the blade.
Configure your VPN
6 In the VPC Dashboard, go to VPN Connections. Select Download Configuration from the
upper bar. Select Vendor and Platform to be Generic. Click Yes, Download.
20/749
www.zyxel.com
VPC Dashboard > VPN Connections
7 Open the downloaded configuration txt. file, it displays IKE SA, IPSec SA and Gateway IP
address. Please make sure all the settings match your ZyWALL/USG’s setting.
Configuration txt. File
21/749
www.zyxel.com
Set Up the IPSec VPN Tunnel on the ZyWALL/USG
In the ZyWALL/USG, go to CONFIGURATION >Quick Setup > VPN Setup Wizard,
use the VPN Settings wizard to create a VPN rule that can be used with the
Amazon VPC. Click Next.
Quick Setup > VPN Setup Wizard > Welcome
Choose Advanced to create a VPN rule with the customize phase 1, phase 2
settings and authentication method. Click Next.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type
Type the Rule Name used to identify this VPN connection (and VPN gateway).
You may use 1-31 alphanumeric characters. This value is case-sensitive. Select
the rule to be Site-to-site. Click Next.
22/749
www.zyxel.com
Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario)
Then, configure the Secure Gateway IP as the peer Amazon VPC’s Gateway IP
address (in the example, 52.39.135.203); select My Address to be the interface
connected to the Internet.
Set the Negotiation, Encryption, Authentication, Key Group and SA Life Time
which Amazon VPC supports. Type a secure Pre-Shared Key.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase 1
Setting)
Continue to Phase 2 Settings to select the Encapsulation, Encryption,
Authentication, and SA Life Time settings which Amazon VPC supports.
23/749
www.zyxel.com
Set Local Policy to be the IP address range of the network connected to the
ZyWALL/USG and Remote Policy to be the IP address range of the network connected
to the Amazon VPC. Click OK.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase
2 Setting)
This screen provides a read-only summary of the VPN tunnel. Click Save.
24/749
www.zyxel.com
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings
(Summary)
Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear
in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings
appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the
wizard.
25/749
www.zyxel.com
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings >
Wizard Completed
Test the IPSec VPN Tunnel
Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click
Connect on the upper bar. The Status connect icon is lit when the interface is
connected.
CONFIGURATION > VPN > IPSec VPN > VPN Connection
26/749
www.zyxel.com
Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up
Time and the Inbound(Bytes)/Outbound(Bytes) traffic.
MONITOR > VPN Monitor > IPSec
To test whether or not a tunnel is working, ping from a Local LAN to AWS VPC private
Subnet for verification. Ensure that both computers have Internet access.
Ping from Local LAN to AWS VPC private Subnet for verification:
What Could Go Wrong?
If you see below [info] or [error] log message, please check ZyWALL/USG Phase
1 Settings. Make sure your ZyWALL/USG Phase 1 Settings are supported in the
Amazon VPC IKE Phase 1 setup list.
MONITOR > Log
27/749
www.zyxel.com
If you see that Phase 1 IKE SA process done but still get below [info] log message,
please check ZyWALL/USG Phase 2 Settings. Make sure your ZyWALL/USG Phase
2 Settings are supported in the Amazon VPC IKE Phase 2 setup list.
MONITOR > Log
28/749
www.zyxel.com
Note:
1. All network IP addresses and subnet masks are used as examples in this article. Please
replace them with your actual network IP addresses and subnet masks. This example was
tested using USG40 (Firmware Version: ZLD 4.25) and MS Azure (April, 2016).
How to Configure Site-to-site IPSec VPN with Microsoft (MS) Azure
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN
between a ZyWALL/USG and a Microsoft (MS) Azure platform. The example
instructs how to configure the VPN tunnel between each site. When the VPN
tunnel is configured, each site can be accessed securely.
ZyWALL Site-to-site IPSec VPN with Microsoft (MS) Azure
29/749
www.zyxel.com
Set Up the IPSec VPN Tunnel on the ZyWALL/USG
In the ZyWALL/USG, go to CONFIGURATION >Quick Setup > VPN Setup Wizard, use
the VPN Settings wizard to create a VPN rule that can be used with the MS Azure.
Click Next.
Quick Setup > VPN Setup Wizard > Welcome
Choose Advanced to create a VPN rule with the customize phase 1, phase 2
settings and authentication method. Click Next.
Quick Setup > VPN Setup Wizard > Welcome > Wizard Type
30/749
Loading...
+ 719 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use