Zyxel ZYWALL 200, ZYWALL USG 100 user manual

ZyWALL USG 100/200 Series

Unified Security Gateway

Default Login Details

LAN1 Port P4
IP Address https://192.168.1.1
User Name admin
Password 1234

www.zyxel.com

Firmware Version 2.20
Edition 2, 9/2010

www.zyxel.com

Copyright © 2010
ZyXEL Communications Corporation

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL
using the Web Configurator.

How To Use This Guide

•Read Chapter 1 on page 33 chapter for an overview of features available on the
ZyWALL.

•Read Chapter 3 on page 47 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL Web Configurator.

•Read Chapter 4 on page 65 if you’re using the installation wizard for first time
setup and you want more detailed information than what the real time online
help provides.

•Read Chapter 5 on page 75 if you’re using the quick setup wizards and y ou want
more detailed information than what the real time online help provides.

• It is highly recommended you read Chapter 6 on page 93 for detailed
information on essential terms us ed in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.

• It is highly recommended you read Chapter 7 on page 117 for ZyWALL
application examples.

• Subsequent chapters are arranged by menu item as defined in the Web
Configurator. Read each chapter carefully for detailed information on that menu
item.

• To find specific information in this guide, use the Contents Overview, the
Table of Contents, the Index, or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.

Related Documentation

•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL

hardware connections and access the Web Configurator wizards. (See the
wizard real time help for information on configuring each screen.) It also
contains a connection diagram and package contents list.

•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)

to configure the ZyWALL.

Note: It is recommended you use the Web Configurator to configure the ZyWALL.

ZyWALL USG 100/200 Series User’s Guide

3

About This User's Guide

• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and

supplementary information.

Documentation Feedback

Send your comments, questions or suggestions to: techwriters@zyxel.com.tw

Thank you!

The Technical Writing Team, ZyXEL Communications Corp.,
6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.

Need More Help?

More help is available at www.zyx el.com.

• Download Library
Search for the latest product updates and documentation from this link. Read

the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.

• Knowledge Base
If you have a specific question about your product, the answer may be here.

This is a collection of answers to previously asked questions about ZyXEL
products.

•Forum
This contains discussions on ZyXEL prod ucts. Learn from others who use ZyXEL

products and share your experiences as well.

Customer Support

Should problems arise that cannot be solved by the methods listed above, you
should conta ct your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.

4

ZyWALL USG 100/200 Series User’s Guide

About This User's Guide

See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following informatio n ready when you contact an office.

• Product model and serial number.

•Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Disclaimer

Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software fo r y our dev ice. Ev ery effort has been made to ensur e that the
information in this manual is accurate.

ZyWALL USG 100/200 Series User’s Guide

5

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

Document Conventions

• A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “ret urn” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click

Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.

6

ZyWALL USG 100/200 Series User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

ZyWALL USG 100/200 Series User’s Guide

7

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or n ear a swimming
pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug
to the power adaptor first before connecting it to a power outlet.

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power
source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.

Safety Warnings

8

Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.

ZyWALL USG 100/200 Series User’s Guide

Contents Overview

Contents Overview

User’s Guide ........................................................................................................ ...................31

Introducing the ZyWALL ............................................................................................................ 33

Features and Applications ......................................................................................................... 39

Web Configurator ............................................. ... ... ... .... ............................................. ... ... .......... 47

Installation Setup Wizard .................................... ............................................................. ..........65

Quick Setup ............................................................................................................................... 75

Configuration Basics .............. ... ... .............................................................................................. 93

Tutorials ...................................................................................................................................117

L2TP VPN Example .................................................................................................................187

Technical Reference ............................................................................................................225

Dashboard .............................................................................................................................. 227

Monitor .................................................................................................................................... 241

Registration ............................................................................................................................. 285

Signature Update .....................................................................................................................291

Interfaces ..................................... ....................................................... ..................................... 297

Trunks ..................................................................................................................................... 373

Policy and Static Routes ..........................................................................................................383

Routing Protocols ....................................................................................................................399

Zones .................................. ................... ................... .................... ................... ........................ 413

DDNS ...................................................................................................................................... 417

NAT .............................. ............................. ................................. ............................. ................. 423

HTTP Redirect ........................................................................................................................ 433

ALG ......................................................................................................................................... 439

IP/MAC Binding ...................................................................................................................... 447

Authentication Policy .......... ... ................................................ .... ... ........................................... 453

Firewall .................................................................................................................................... 461

IPSec VPN ................... ... .............................................. ... ... ... .... ... ... ........................................ 479

SSL VPN ................................................................................................................................. 521

SSL User Screens ................................................................................................................... 535

SSL User Application Screens ................................................................................................ 545

SSL User File Sharing ............................................................................................................. 547

ZyWALL SecuExtender .. .... ... ... ...............................................................................................555

L2TP VPN ................................................................................................................................ 559

Application Patrol .....................................................................................................................563

Anti-Virus ................................................................................................................................. 589

IDP .......................................................................................................................................... 605

ADP ........................................................................................................................................ 641

ZyWALL USG 100/200 Series User’s Guide

9

Contents Overview

Content Filtering ..................................................................................................................... 663

Content Filter Reports ............................................................................................................. 687

Anti-Spam ................................................................................................................................ 695

Device HA ................................................................................................................................ 713

User/Group .............................................................................................................................. 735

Addresses ............................................................................................................................... 751

Services ................................. ....................................................... ........................................... 757

Schedules ................................. ................................................. .............................................. 763

AAA Server ............................................................................................................................. 769

Authentication Method ................................. ................................................. ... ... .... ................. 779

Certificates ................................... ....................... ....................... ...................... ........................ 785

ISP Accounts ......................................... ... ... .... ... ... ..................................................................807

SSL Application ........................................................................................................................811

Endpoint Security .................................................................................................................... 819

System ................................................................................................................................... 829

Log and Report ......................................................................................................................881

File Manager ........................................................................................................................... 897

Diagnostics ............................................................................................................................. 909

Reboot ..................................................................................................................................... 919

Shutdown ......................................... ............................. ............................. .............................. 921

Troubleshooting ..................................................... .................................................................. 923

Product Specifications ............................................................................................................. 943

10

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................6

Safety Warnings ........................................................................................................................8

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

Part I: User’s Guide................................................................................ 31

Chapter 1

Introducing the ZyWALL ........................................................................................................33

1.1 Overview and Key Default Settings .....................................................................................33

1.2 Rack-mounted Installation ................................................................................................... 34

1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34

1.3 Front Panel ......................................... ... .... ............................................. ... ... .... ... ... .............35

1.3.1 Front Panel LEDs .......................................... ............................................................. 36

1.4 Management Overview .......... .... ... ... ................................................ .... ... .............................36

1.5 Starting and Stopping the ZyWALL ............................ ... ................................................ .... ... 38

Chapter 2

Features and Applications.....................................................................................................39

2.1 Features ............................................. ... .... ... ............................................. ... .... ... ... .............39

2.2 Applications .................................................. ... ... .... ... ... ... .... ................................................ 41

2.2.1 VPN Connectivity ............. ............................................. ... ... ... .... ... ... .......................... 42

2.2.2 SSL VPN Network Access ........ ... .... ... ... ... .... ... ... ............................................. ... .... ... 42

2.2.3 User-Aware Access Control ....................................................................................... 44

2.2.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ....................................................... 44

2.2.5 Device HA .................... .... ............................................. ... ... ... .... ... ... ... ....................... 45

Chapter 3

Web Configurator....................................................................................................................47

3.1 Web Configurator Requirements ......................................................................................... 47

3.2 Web Configurator Access ....................................................................................................47

3.3 Web Configurator Screens Overview .................................................................................. 49

3.3.1 Title Bar .................................. ... ............................................. .... ... ... .......................... 50

ZyWALL USG 100/200 Series User’s Guide

11

Table of Contents

3.3.2 Navigation Panel .......... .... ... ... ... ................................................................................. 51

3.3.3 Main Window .......................... ... ............................................. .... ... ... ... .... ... ... .............57

3.3.4 Tables and Lists .. ... ... ... .... ............................................. ... ... ... .... ... ... ..........................59

Chapter 4

Installation Setup Wizard.......................................................................................................65

4.1 Installation Setup Wizard Screens ...................................................................................... 65

4.1.1 Internet Access Setup - WAN Interface ..................................................................... 66

4.1.2 Internet Access: Ethernet .......................................................................................... 66

4.1.3 Internet Access: PPPoE ............................................................................................. 68

4.1.4 Internet Access: PPTP .............................................................................................. 69

4.1.5 ISP Parameters ................................... ... ... .... ... ... ............................................. ... .... ... 70

4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 71

4.1.7 Internet Access - Finish .............................................................................................72

4.2 Device Registration ........................................................................................................... 72

Chapter 5

Quick Setup.............................................................................................................................75

5.1 Quick Setup Overview ............................... ... ... ... .... ... ... ... .... ... ... .......................................... 75

5.2 WAN Interface Quick Setup .................................................................................................76

5.2.1 Choose an Ethernet Interface .................................................................... ... ... ... .... ... 76

5.2.2 Select WAN Type ............................. ... ... ............................................. .... ... ... ... .......... 76

5.2.3 Configure WAN Settings ............................................................................................ 77

5.2.4 WAN and ISP Connection Settings ............................................................................ 78

5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 80

5.3 VPN Quick Setup .......... ... ... ... .... ............................................. ... ... ... .... ... ............................. 81

5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 82

5.5 VPN Express Wizard - Scenario ......................................................................................... 83

5.5.1 VPN Express Wizard - Configuration ........................... ... ... ... .... ... ... ... ....................... 84

5.5.2 VPN Express Wizard - Summary ....................................................................... .... ... 85

5.5.3 VPN Express Wizard - Finish .................................................................................... 86

5.5.4 VPN Advanced Wizard - Scenario ............................................................................ 87

5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 88

5.5.6 VPN Advanced Wizard - Phase 2 ............................................................................. 90

5.5.7 VPN Advanced Wizard - Summary ........................................................................... 91

5.5.8 VPN Advanced Wizard - Finish ................................................................................. 92

Chapter 6

Configuration Basics..............................................................................................................93

12

6.1 Object-based Configuration .......................................................................... .... ... ... .............93

6.2 Zones, Interfaces, and Physical Ports ................................................................................. 94

6.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .......................... 95

6.2.2 Default Interface and Zone Configuration .................................................................. 96

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

6.3 Terminology in the ZyWALL ................... .... ... ... ... .... ............................................. ... ... ... .... ... 97

6.4 Packet Flow ........................................ ............................................. .... ... ... ... .... ... ... .............99

6.4.1 ZLD 2.20 Packet Flow Enhancements ....................................................................... 99

6.4.2 Routing Table Checking Flow Enhancements .......................................................... 100

6.4.3 NAT Table Checking Flow ............................. ... ... ... .... ... ... ... ..................................... 101

6.5 Feature Configuration Overview ....................................................................................... 102

6.5.1 Feature ...................................... ... .... ... ... ... .... ... ............................................. ... ... ..... 103

6.5.2 Licensing Registration ............................ ... .... ... ... ... .... ... ... ........................................ 103

6.5.3 Licensing Update ................................................... .... ... ... ... ... .... ... ... ... ..................... 103

6.5.4 Interface .................... ... .............................................. ... ... ... ... .... ... ... ........................ 104

6.5.5 Trunks ............. .... ... ............................................. ... .... ... ... ........................................ 104

6.5.6 Policy Routes ................... ............................................. ... ... ... .... ... ... ... ..................... 104

6.5.7 Static Routes .................................... ... ... ... .............................................. ... ... ... ... .....106

6.5.8 Zones ............................................................ ... ... ... ............................................. ..... 106

6.5.9 DDNS ..... ............................................. ... ... .... ... ............................................. ... ... ..... 106

6.5.10 NAT ........................................................................................................................ 106

6.5.11 HTTP Redirect ........................................................................................................ 107

6.5.12 ALG ........................................................................................................................ 108

6.5.13 Auth. Policy ............................................................................................................108

6.5.14 Firewall ................................................................................................................... 108

6.5.15 IPSec VPN ............................................................................................................. 109

6.5.16 SSL VPN ................................................................................................................ 109

6.5.17 L2TP VPN ...............................................................................................................110

6.5.18 Application Patrol ....................................................................................................110

6.5.19 Anti-Virus .................................................................................................................111

6.5.20 IDP ..........................................................................................................................111

6.5.21 ADP .........................................................................................................................111

6.5.22 Content Filter ...........................................................................................................111

6.5.23 Anti-Spam ................................................................................................................112

6.5.24 Device HA ...............................................................................................................112

6.6 Objects ............................................ ... ... .... ............................................. ... ... .... ... ...............113

6.6.1 User/Group ....................... ... ... ............................................. ... .... ... ... ... .... ..................113

6.7 System ............. ............................................. ... ... .... ... .........................................................114

6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ............. .... .. 114

6.7.2 Logs and Reports ......................................................................................................115

6.7.3 File Manager ....................... ... ... ... .............................................................................115

6.7.4 Diagnostics ................ ... .... ... ... ... ... .............................................. ... ... ... .... ..................115

6.7.5 Shutdown .................. ... .............................................. ... ... ... ... .... ... ... .........................115

Chapter 7

Tutorials................................................................................................................................117

7.1 How to Configure Interfaces, Port Roles, and Zones .........................................................117

7.1.1 Configure a WAN Ethernet Interface ............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ..118

ZyWALL USG 100/200 Series User’s Guide

13

Table of Contents

7.1.2 Configure the OPT Interface for a Local Network .....................................................119

7.1.3 Configure Zones ........................... .... ... ... ... .... ... ... ... ................................................. . 120

7.1.4 Configure Port Roles ................................................................................................ 121

7.2 How to Configure a Cellular Interface . ... .... ... ... ... .... ... ... ... .... .............................................. 122

7.3 How to Configure Load Balancing ..................................................................................... 124

7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 124

7.3.2 Configure the WAN Trunk ........................................................................................ 125

7.4 How to Set Up a Wireless LAN .......................................................................................... 127

7.4.1 Set Up User Accounts .............................................................................................. 127

7.4.2 Create the WLAN Interface ....... ... .... ... ... ................................................. ... ... ... ........128

7.4.3 Set Up the Wireless Clients to Use the WLAN Interface .......................................... 131

7.5 How to Set Up an IPSec VPN Tunnel ................................................................................ 143

7.5.1 Set Up the VPN Gateway ......................................................................................... 144

7.5.2 Set Up the VPN Connection ..................................................................................... 144

7.5.3 Configure Security Policies for the VPN Tunnel ...................................... ................. 146

7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 146

7.7 How to Configure User-aware Access Control .................................................................. 148

7.7.1 Set Up User Accounts .............................................................................................. 149

7.7.2 Set Up User Groups ................................................................................................. 150

7.7.3 Set Up User Authentication Using the RADIUS Server ............................. ... ... ... .....150

7.7.4 Web Surfing Policies With Bandwidth Restrictions .................................................. 152

7.7.5 Set Up MSN Policies ................................................................................................ 155

7.7.6 Set Up Firewall Rules ............................................................................................... 156

7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 157

7.9 How to Use Endpoint Security and Authentication Policies ............................................... 159

7.9.1 Configure the Endpoint Security Objects .................................................................159

7.9.2 Configure the Authentication Policy ......................................................................... 161

7.10 How to Configure Service Control ................................................................................... 162

7.10.1 Allow HTTPS Administrator Access Only From the LAN ....................................... 163

7.11 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................ 165

7.11.1 Turn On the ALG .................................................................................................... 166

7.11.2 Set Up a NAT Policy For H.323 .............................................................................. 166

7.11.3 Set Up a Firewall Rule For H.323 ........................................................................... 168

7.12 How to Allow Public Access to a Web Server ............................. ... ....... ...... ....... ...... ....... . 169

7.12.1 Create the Address Objects ...................................................................................170

7.12.2 Configure NAT ........................................................................................................ 170

7.12.3 Set Up a Firewall Rule ........................................................................................... 171

7.13 How to Use an IPPBX on the DMZ ............................................................................. .... . 172

7.13.1 Turn On the ALG .................................................................................................... 174

7.13.2 Create the Address Objects ...................................................................................174

7.13.3 Setup a NAT Policy for the IPPBX ......................................................................... 175

7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP .........................................................176

7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP ........................................................... 177

14

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ............... 178

7.14.1 Create the Public IP Address Range Object ............ .............................................. 178

7.14.2 Configure the Policy Route .................................................................................... 179

7.15 How to Use Active-Passive Device HA ........................................................................... 179

7.15.1 Before You Start ..................................................................................................... 180

7.15.2 Configure Device HA on the Master ZyWALL ........................................................181

7.15.3 Configure the Backup ZyWALL .............................................................................. 183

7.15.4 Deploy the Backup ZyWALL .................................................................................. 185

7.15.5 Check Your Device HA Setup ................................................................................ 185

Chapter 8

L2TP VPN Example...............................................................................................................187

8.1 L2TP VPN Example ...........................................................................................................187

8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 187

8.3 Configuring the Default L2TP VPN Connection Example .................................................. 189

8.4 Configuring the L2TP VPN Settings Example ...................................................................190

8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 ..................................................... 191

8.5.1 Configuring L2TP in Windows Vista ......................................................................... 191

8.5.2 Configuring L2TP in Windows XP ............................................................................201

8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 207

Part II: Technical Reference................................................................ 225

Chapter 9

Dashboard............................................................................................................................227

9.1 Overview ............. ............................................. ... .... ... ... ... .... .............................................. 227

9.1.1 What Yo u Can Do in this Chapter ............................................................................ 227

9.2 The Dashboard Screen ..................................................................................................... 227

9.2.1 The CPU Usage Screen ........................................................................................... 234

9.2.2 The Memory Usage Screen ................... ... .... ... ... ... .... .............................................. 235

9.2.3 The Session Usage Screen .......................................................... ........................... 236

9.2.4 The VPN Status Screen ...... ... ... ............................................................................... 237

9.2.5 The DHCP Table Screen ..........................................................................................237

9.2.6 The Number of Login Users Screen .............................. ... ... ..................................... 238

Chapter 10

Monitor..................................................................................................................................241

10.1 Overview .......................................................................................................................... 241

10.1.1 What You Can Do in this Chapter .......................................................................... 241

10.2 The Port Statistics Screen .............................................................................................. 242

10.2.1 The Port Statistics Graph Screen .......................................................................... 244

ZyWALL USG 100/200 Series User’s Guide

15

Table of Contents

10.3 Interface Status Screen ...................................................................................................245

10.4 The Traffic Statistics Screen ............................................................................................ 248

10.5 The Session Monitor Screen .......................................................................................... 251

10.6 The DDNS Status Screen ................................................................................................254

10.7 IP/MAC Binding Monitor .................................................................................................. 254

10.8 The Login Users Screen ...................................... ... ................................................ ... .... . 256

10.9 WLAN Interface Station Monitor Screen .......................................................................... 256

10.10 Cellular Status Screen ...................................................................................................258

10.11 USB Storage Screen ..................................................................................................... 260

10.12 Application Patrol Statistics ........................................................................................... 261

10.12.1 Application Patrol Statistics: General Setup ......................................................... 261

10.12.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 262

10.12.3 Application Patrol Statistics: Protocol Statistics ................................................... 263

10.12.4 Application Patrol Statistics: Individual Protocol Statistics by Rule .....................264

10.13 The IPSec Monitor Screen ........................................................................................... 265

10.13.1 Regular Expressions in Searching IPSec SAs ..................................................... 267

10.14 The SSL Connection Monitor Screen ............................................................................ 268

10.15 L2TP over IPSec Session Monitor Screen .................................................................... 269

10.16 The Anti-Virus Statistics Screen .................................................................................... 270

10.17 The IDP Statistics Screen .............................................................................................. 272

10.18 The Content Filter Statistics Screen ..............................................................................274

10.19 Content Filter Cache Screen ......................................................................................... 275

10.20 The Anti-Spam Statistics Screen ................................................................................... 278

10.21 The Anti-Spam Status Screen ....................................................................................... 280

10.22 Log Screen ....................................................................................................................281

Chapter 11

Registration...........................................................................................................................285

11.1 Overview .......................................................................................................................... 285

11.1.1 What You Can Do in this Chapter ......................... .... ... ... ... ..................................... 285

11.1.2 What you Need to Know .........................................................................................285

11.2 The Registration Screen .................................................................................................. 287

11.3 The Service Screen ......................................................................................................... 289

Chapter 12

Signature Update..................................................................................................................291

12.1 Overview .......................................................................................................................... 291

12.1.1 What You Can Do in this Chapter .......................................................................... 291

12.1.2 What you Need to Know ........................................................................................ 291

12.2 The Antivirus Update Screen ........................................................................................... 292

12.3 The IDP/AppPatrol Update Screen .................................................................................. 293

12.4 The System Protect Update Screen ............................................................................... 295

16

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Chapter 13

Interfaces...............................................................................................................................297

13.1 Interface Overview ........................................................................................................... 297

13.1.1 What You Can Do in this Chapter .......................................................................... 297

13.1.2 What You Need to Know ........................................................................................ 298

13.2 Port Role ......................................................................................................................... 301

13.3 Ethernet Summary Screen .............................................................................................. 302

13.3.1 Ethernet Edit .........................................................................................................304

13.3.2 Object References ................................................................................................. 312

13.4 PPP Interfaces ................................................................................................................ 313

13.4.1 PPP Interface Summary ......................................................................................... 314

13.4.2 PPP Interface Add or Edit ..................................................................................... 316

13.5 Cellular Configuration Screen (3G) ................................................................................. 320

13.5.1 Cellular Add/Edit Screen ......................... ............................................................... 322

13.6 WLAN Interface General Screen ..................................................................................... 329

13.6.1 WLAN Add/Edit Screen .. ... ... ... ... .... ... ... .................................................................. 332

13.6.2 WLAN Add/Edit: WEP Security ...................... ........................................................ 338

13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security ...................................................339

13.6.4 WLAN Add/Edit: WPA/WPA2 Security ...................................................................340

13.7 WLAN Interface MAC Filter ............................................................................................ 342

13.8 VLAN Interfaces ............................................................................................................. 344

13.8.1 VLAN Summary Screen ............. .... ... ..................................................................... 346

13.8.2 VLAN Add/Edit ...................................................................................................... 347

13.9 Bridge Interfaces ............................................................................................................ 354

13.9.1 Bridge Summary ....................................................................................................356

13.9.2 Bridge Add/Edit ..................................................................................................... 357

13.10 Auxiliary Interface ......................................................................................................... 363

13.10.1 Auxiliary Interface Overview ................................................................................. 363

13.10.2 Auxiliary ................................................................................................................ 363

13.11 Virtual Interfaces ............ ............................................. .... ... ... ... ... .... .............................. 365

13.11.1 Virtual Interfaces Add/Edit ..................... .... ... ... ... .... ... ... ... ... .................................. 366

13.12 Interface Technical Reference ....................................................................................... 367

Chapter 14

Trunks...................................................................................................................................373

14.1 Overview .......................................................................................................................... 373

14.1.1 What You Can Do in this Chapter .......................................................................... 373

14.1.2 What You Need to Know ........................................................................................ 374

14.2 The Trunk Summary Screen ................................................. ... ... ... .... ... ... ... .... ... ... ... ... .....378

14.3 Configuring a Trunk ........................................................................................................ 379

14.4 Trunk Technical Reference .............................................................................................. 381

ZyWALL USG 100/200 Series User’s Guide

17

Table of Contents

Chapter 15

Policy and Static Routes......................................................................................................383

15.1 Policy and Static Routes Overview .................................................................................. 383

15.1.1 What You Can Do in this Chapter .......................................................................... 383

15.1.2 What You Need to Know ....................................................................................... 384

15.2 Policy Route Screen ........................................................................................................ 386

15.2.1 Policy Route Edit Screen ....................................................................................... 389

15.3 IP Static Route Screen ....................................................................................................393

15.3.1 Static Route Add/Edit Screen ................................................................................. 394

15.4 Policy Routing Technical Reference ................................................................................ 395

Chapter 16

Routing Protocols .................................................................................................................399

16.1 Routing Protocols Overview ............................................................................................ 399

16.1.1 What You Can Do in this Chapter .......................................................................... 399

16.1.2 What You Need to Know ........................................................................................ 399

16.2 The RIP Screen ... ... .... ... ... ... .... ... ................................................ ... .... ... ........................... 400

16.3 The OSPF Screen ............... .... ... ... ................................................ .... ... ... ........................401

16.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 405

16.3.2 OSPF Area Add/Edit Screen .................................................................................408

16.3.3 Virtual Link Add/Edit Screen ................................................................................. 409

16.4 Routing Protocol Technical Reference ............................................................................ 410

Chapter 17

Zones .....................................................................................................................................413

17.1 Zones Overview ...............................................................................................................413

17.1.1 What You Can Do in this Chapter .......................................................................... 413

17.1.2 What You Need to Know ........................................................................................ 414

17.2 The Zone Screen ..................................... ... ................................................ .... ... ..............415

17.3 Zone Edit ........................................................................................................................ 416

Chapter 18

DDNS......................................................................................................................................417

18.1 DDNS Overview .............................................................................................................. 417

18.1.1 What You Can Do in this Chapter .......................................................................... 417

18.1.2 What You Need to Know ........................................................................................ 417

18.2 The DDNS Screen ...........................................................................................................418

18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 420

Chapter 19

NAT.........................................................................................................................................423

19.1 NAT Overview .................................................................................................................. 423

19.1.1 What You Can Do in this Chapter .......................................................................... 423

18

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

19.1.2 What You Need to Know ........................................................................................ 424

19.2 The NAT Screen .................................. .... ... ................................................ .... ... ..............424

19.2.1 The NAT Add/Edit Screen . ... ... ... .... ........................................................................ 426

19.3 NAT Technical Reference ................................................................................................429

Chapter 20

HTTP Redirect......................................................................................................................433

20.1 Overview .......................................................................................................................... 433

20.1.1 What You Can Do in this Chapter .......................................................................... 433

20.1.2 What You Need to Know ........................................................................................ 434

20.2 The HTTP Redirect Screen ............................................................................................. 435

20.2.1 The HTTP Redirect Edit Screen ............................................................................. 436

Chapter 21

ALG ........................................................................................................................................439

21.1 ALG Overview ................................................................................................................. 439

21.1.1 What You Can Do in this Chapter .......................................................................... 439

21.1.2 What You Need to Know ........................................................................................ 440

21.1.3 Before You Begin ...................................................................................................443

21.2 The ALG Screen .............................................................................................................. 443

21.3 ALG Technical Reference ................................................................................................ 445

Chapter 22

IP/MAC Binding....................................................................................................................447

22.1 IP/MAC Binding Overview ............................................................................................... 447

22.1.1 What You Can Do in this Chapter .......................................................................... 447

22.1.2 What You Need to Know ........................................................................................ 448

22.2 IP/MAC Binding Summary ............................................................................................... 448

22.2.1 IP/MAC Binding Edit ............................................................................................... 449

22.2.2 Static DHCP Edit .................................................................................................... 450

22.3 IP/MAC Binding Exempt List ........................................................................................... 451

Chapter 23

Authentication Policy...........................................................................................................453

23.1 Overview .......................................................................................................................... 453

23.1.1 What You Can Do in this Chapter .......................................................................... 453

23.1.2 What You Need to Know ........................................................................................ 454

23.2 Authentication Policy Screen ........................................................................................... 454

23.2.1 Adding Exceptional Services .................................................................................. 456

23.2.2 Creating/Editing an Authentication Policy .............................................................. 457

Chapter 24

Firewall...................................................................................................................................461

ZyWALL USG 100/200 Series User’s Guide

19

Table of Contents

24.1 Overview .......................................................................................................................... 461

24.1.1 What You Can Do in this Chapter .......................................................................... 461

24.1.2 What You Need to Know ........................................................................................ 462

24.1.3 Firewall Rule Example Applications ....................................................................... 464

24.1.4 Firewall Rule Configuration Example ..................................................................... 467

24.2 The Firewall Screen ................. ... ... ... ... ................................................. ... ... .... ................. 469

24.2.1 Configuring the Firewall Screen ............................... .............................................. 470

24.2.2 The Firewall Add/Edit Screen ................................................................................. 473

24.3 The Session Limit Screen ................................................................................................474

24.3.1 The Session Limit Add/Edit Screen ........................................................................ 476

Chapter 25

IPSec VPN..............................................................................................................................479

25.1 IPSec VPN Overview .......................................................................................................479

25.1.1 What You Can Do in this Chapter .......................................................................... 479

25.1.2 What You Need to Know ........................................................................................ 480

25.1.3 Before You Begin ...................................................................................................482

25.2 The VPN Connection Screen .......................................................................................... 482

25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 484

25.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 491

25.3 The VPN Gateway Screen .............................................................................................. 494

25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 495

25.4 VPN Concentrator ..........................................................................................................503

25.4.1 IPSec VPN Concentrator Example ........................................................................ 503

25.4.2 VPN Concentrator Screen ...................................................................................... 506

25.4.3 The VPN Concentrator Add/Edit Screen .............................. .... ... ... ... .... ... ... ... ........506

25.5 IPSec VPN Background Information ............................................................................... 507

Chapter 26

SSL VPN.................................................................................................................................521

26.1 Overview .......................................................................................................................... 521

26.1.1 What You Can Do in this Chapter .......................................................................... 521

26.1.2 What You Need to Know ........................................................................................ 521

26.2 The SSL Access Privilege Screen ................................................................................... 524

26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 526

26.3 The SSL Global Setting Screen .................. ... ... .... ................................................ ... ... .... . 529

26.3.1 How to Upload a Custom Logo .............................................................................. 531

26.4 Establishing an SSL VPN Connection ............................................................................. 532

Chapter 27

SSL User Screens.................................................................................................................535

27.1 Overview .......................................................................................................................... 535

27.1.1 What You Need to Know ........................................................................................ 535

20

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

27.2 Remote User Login ..........................................................................................................536

27.3 The SSL VPN User Screens ................................................ ... ... ... .... ... ... ... .... ... ... ... ........541

27.4 Bookmarking the ZyWALL ............................................................................................... 542

27.5 Logging Out of the SSL VPN User Screens ....................................................................542

Chapter 28

SSL User Application Screens ............................................................................................545

28.1 SSL User Application Screens Overview ........................................................................ 545

28.2 The Application Screen ...................................................................................................545

Chapter 29

SSL User File Sharing ..........................................................................................................547

29.1 Overview .......................................................................................................................... 547

29.1.1 What You Need to Know ........................................................................................ 547

29.2 The Main File Sharing Screen ......................................................................................... 548

29.3 Opening a File or Folder ................................... ....................................................... ........548

29.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 550

29.3.2 Saving a File ..........................................................................................................551

29.4 Creating a New Folder ......................... ....................... ....................... ...................... ........551

29.5 Renaming a File or Folder ............................................................................................... 552

29.6 Deleting a File or Folder ..................................................................................................552

29.7 Uploading a File ............................. ....................... ...................... ....................... .............. 553

Chapter 30

ZyWALL SecuExtender.........................................................................................................555

30.1 The ZyWALL SecuExtender Icon .................................................................................... 555

30.2 Statistics .......................................................................................................................... 556

30.3 View Log ..........................................................................................................................557

30.4 Suspend and Resume the Connection ....................... ..................................................... 557

30.5 Stop the Connection ........................................................................................................ 558

30.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 558

Chapter 31

L2TP VPN...............................................................................................................................559

31.1 Overview .......................................................................................................................... 559

31.1.1 What You Can Do in this Chapter .......................................................................... 559

31.1.2 What You Need to Know ........................................................................................ 559

31.2 L2TP VPN Screen ............... .... ... ... ................................................ .... ... ... ........................561

Chapter 32

Application Patrol.................................................................................................................563

32.1 Overview .......................................................................................................................... 563

32.1.1 What You Can Do in this Chapter .......................................................................... 563

ZyWALL USG 100/200 Series User’s Guide

21

Table of Contents

32.1.2 What You Need to Know ....................................................................................... 564

32.1.3 Application Patrol Bandwidth Management Examples ........................................... 569

32.2 Application Patrol General Screen ..................................................................................573

32.3 Application Patrol Applications ........................................................................................ 574

32.3.1 The Application Patrol Edit Screen ........................................................................ 575

32.3.2 The Application Patrol Policy Edit Screen ............................................................. 579

32.4 The Other Applications Screen ........................................................................................ 582

32.4.1 The Other Applications Add/Edit Screen ................................................................ 585

Chapter 33

Anti-Virus...............................................................................................................................589

33.1 Overview .......................................................................................................................... 589

33.1.1 What You Can Do in this Chapter .......................................................................... 589

33.1.2 What You Need to Know ........................................................................................ 590

33.1.3 Before You Begin ...................................................................................................592

33.2 Anti-Virus Summary Screen ............. ................................................. ... ... ... .... ... ... ... ... .... . 592

33.2.1 Anti-Virus Policy Add or Edit Screen ......................................................................595

33.3 Anti-Virus Black List .........................................................................................................597

33.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 598

33.5 Anti-Virus White List ...... ... ... .... ... ... ... ... .... ... ... ... ................................................. ... ... ... ..... 599

33.6 Signature Searching ........................................................................................................ 600

33.7 Anti-Virus Technical Reference ........................................................................................ 603

Chapter 34

IDP.........................................................................................................................................605

34.1 Overview .......................................................................................................................... 605

34.1.1 What You Can Do in this Chapter .......................................................................... 605

34.1.2 What You Need To Know ....................................................................................... 605

34.1.3 Before You Begin ...................................................................................................606

34.2 The IDP General Screen ................................................................................................. 607

34.3 Introducing IDP Profiles ................................................................................................. 609

34.3.1 Base Profiles ..........................................................................................................610

34.4 The Profile Summary Screen ...........................................................................................611

34.5 Creating New Profiles ...................................................................................................... 612

34.5.1 Procedure To Create a New Profile ........................................................................ 612

34.6 Profiles: Packet Inspection ............................................................................................. 613

34.6.1 Profile > Group View Screen .................................................................................. 613

34.6.2 Policy Types ........................................................................................................... 616

34.6.3 IDP Service Groups ...............................................................................................617

34.6.4 Profile > Query View Screen .................................................................................. 618

34.6.5 Query Example ...................................................................................................... 621

34.7 Introducing IDP Custom Signatures ............................................................................... 623

34.7.1 IP Packet Header ...................................................................................................623

22

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

34.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 624

34.8.1 Creating or Editing a Custom Signature ................................................................ 626

34.8.2 Custom Signature Example ........................................... ... ..................................... 632

34.8.3 Applying Custom Signatures ..................................................................................634

34.8.4 Verifying Custom Signatures .................................................................................. 635

34.9 IDP Technical Reference ................................................................................................. 636

Chapter 35

ADP .......................................................................................................................................641

35.1 Overview .......................................................................................................................... 641

35.1.1 ADP and IDP Comparison ..................................................................................... 641

35.1.2 What You Can Do in this Chapter ......................................................................... 641

35.1.3 What You Need To Know ....................................................................................... 641

35.1.4 Before You Begin ...................................................................................................642

35.2 The ADP General Screen ........................ ................................................... ..................... 6 43

35.3 The Profile Summary Screen .......................................................................................... 644

35.3.1 Base Profiles ..........................................................................................................645

35.3.2 Configuring The ADP Profile Summary Screen .....................................................645

35.3.3 Creating New ADP Profiles ............................ ........................................................ 646

35.3.4 Traffic Anomaly Profiles ........................................................................................ 646

35.3.5 Protocol Anomaly Profiles ................................... .... ... ... ... ..................................... 649

35.3.6 Protocol Anomaly Configuration ............................................................................. 649

35.4 ADP Technical Reference ................................................................................................ 653

Chapter 36

Content Filtering..................................................................................................................663

36.1 Overview .......................................................................................................................... 663

36.1.1 What You Can Do in this Chapter .......................................................................... 663

36.1.2 What You Need to Know ........................................................................................ 663

36.1.3 Before You Begin ...................................................................................................665

36.2 Content Filter General Screen .................... ....................................................... ..............665

36.3 Content Filter Policy Add or Edit Screen ......................................................................... 668

36.4 Content Filter Profile Screen ..........................................................................................670

36.5 Content Filter Categories Screen ................................................................................... 670

36.5.1 Content Filter Blocked and Warning Messages ..................................................... 682

36.6 Content Filter Customization Screen .............................................................................. 683

36.7 Content Filter Technical Reference ................................................................................. 685

Chapter 37

Content Filter Reports..........................................................................................................687

37.1 Overview .......................................................................................................................... 687

37.2 Viewing Content Filter Reports ............................................. ........................................... 687

ZyWALL USG 100/200 Series User’s Guide

23

Table of Contents

Chapter 38

Anti-Spam..............................................................................................................................695

38.1 Overview .......................................................................................................................... 695

38.1.1 What You Can Do in this Chapter .......................................................................... 695

38.1.2 What You Need to Know ........................................................................................ 695

38.2 Before You Begin ............................................................................................................. 697

38.3 The Anti-Spam General Screen ....................................................................................... 697

38.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 699

38.4 The Anti-Spam Black List Screen .................................................................................... 701

38.4.1 The Anti-Spam Black or White List Add/Edit Screen ...................................... ... .... . 703

38.4.2 Regular Expressions in Black or White List Entries ............................................... 704

38.5 The Anti-Spam White List Screen ....................................................................................705

38.6 The DNSBL Screen ......................................................................................................... 706

38.7 Anti-Spam Technical Reference ...................................................................................... 708

Chapter 39

Device HA..............................................................................................................................713

39.1 Overview .......................................................................................................................... 713

39.1.1 What You Can Do in this Chapter .......................................................................... 713

39.1.2 What You Need to Know ........................................................................................ 713

39.1.3 Before You Begin ...................................................................................................714

39.2 Device HA General ..........................................................................................................715

39.3 The Active-Passive Mode Screen ................................................................................... 716

39.3.1 Configuring Active-Passive Mode Device HA ........................................................718

39.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 721

39.5 The Legacy Mode Screen ............................................................................................... 723

39.6 Configuring the Legacy Mode Screen ........ ... ... .... ... ............................................. ... ... .... . 724

39.7 Device HA Technical Reference ...................................................................................... 728

Chapter 40

User/Group............................................................................................................................735

40.1 Overview .......................................................................................................................... 735

40.1.1 What You Can Do in this Chapter .......................................................................... 735

40.1.2 What You Need To Know ....................................................................................... 735

40.2 User Summary Screen .................................................................................................... 738

40.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 738

40.3 User Group Summary Screen ......................................................................................... 741

40.3.1 Group Add/Edit Screen .......................................................................................... 742

40.4 Setting Screen ................................................................................................................ 743

40.4.1 Default User Authentication Timeout Settings Edit Screens ..................................746

40.4.2 User Aware Login Example ............... ... ... .... ... ........................................................ 748

40.5 User /Group Technical Reference ................................................................................... 749

24

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Chapter 41

Addresses.............................................................................................................................751

41.1 Overview .......................................................................................................................... 751

41.1.1 What You Can Do in this Chapter .......................................................................... 751

41.1.2 What You Need To Know ....................................................................................... 751

41.2 Address Summary Screen ....................... ........................................................................ 751

41.2.1 Address Add/Edit Screen ....................................................................................... 753

41.3 Address Group Summary Screen ............................... ....................... ......................... ..... 754

41.3.1 Address Group Add/Edit Screen ............................................................................ 755

Chapter 42

Services.................................................................................................................................757

42.1 Overview .......................................................................................................................... 757

42.1.1 What You Can Do in this Chapter .......................................................................... 757

42.1.2 What You Need to Know ........................................................................................ 757

42.2 The Service Summary Screen ....................... .......................... .......................... .............. 758

42.2.1 The Service Add/Edit Screen ............................ ..................................................... 760

42.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... ................. 7 60

42.3.1 The Service Group Add/Edit Screen ...................................................................... 762

Chapter 43

Schedules..............................................................................................................................763

43.1 Overview .......................................................................................................................... 763

43.1.1 What You Can Do in this Chapter .......................................................................... 763

43.1.2 What You Need to Know ........................................................................................ 763

43.2 The Schedule Summary Screen ...................................................................................... 764

43.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 765

43.2.2 The Recurring Schedule Add/Edit Screen ............................................... ... ... ... .... . 766

Chapter 44

AAA Server...........................................................................................................................769

44.1 Overview .......................................................................................................................... 769

44.1.1 Directory Service (AD/LDAP) ................................................................ ................. 769

44.1.2 RADIUS Server ...................................................................................................... 770

44.1.3 ASAS ...................................................................................................................... 770

44.1.4 What You Can Do in this Chapter .......................................................................... 770

44.1.5 What You Need To Know ....................................................................................... 771

44.2 Active Directory or LDAP Server Summary ..................................................................... 773

44.2.1 Adding an Active Directory or LDAP Server ............. ............ ............. ............. ........ 773

44.3 RADIUS Server Summary ............................................................................................... 775

44.3.1 Adding a RADIUS Server ...................................................................................... 777

ZyWALL USG 100/200 Series User’s Guide

25

Table of Contents

Chapter 45

Authentication Method.........................................................................................................779

45.1 Overview .......................................................................................................................... 779

45.1.1 What You Can Do in this Chapter .......................................................................... 779

45.1.2 Before You Begin ...................................................................................................779

45.1.3 Example: Selecting a VPN Authentication Method ................................................ 779

45.2 Authentication Method Objects ...................................... .................................... .............. 780

45.2.1 Creating an Authentication Method Object ........................................... ... ... ... ... .... . 781

Chapter 46

Certificates ............................................................................................................................785

46.1 Overview .......................................................................................................................... 785

46.1.1 What You Can Do in this Chapter .......................................................................... 785

46.1.2 What You Need to Know ........................................................................................ 785

46.1.3 Verifying a Certificate .............................................................................................787

46.2 The My Certificates Screen ............................................................................................. 789

46.2.1 The My Certificates Add Screen ............................................................................ 790

46.2.2 The My Certificates Edit Screen ........... ............................................. .... ... ... ... ... .... . 795

46.2.3 The My Certificates Import Screen ........................................................................ 798

46.3 The Trusted Certificates Screen ..................................................................................... 799

46.3.1 The Trusted Certificates Edit Screen .................................................................... 800

46.3.2 The Trusted Certificates Import Screen ................................................................804

46.4 Certificates Technical Reference ..................................................................................... 805

Chapter 47

ISP Accounts.........................................................................................................................807

47.1 Overview .......................................................................................................................... 807

47.1.1 What You Can Do in this Chapter .......................................................................... 807

47.2 ISP Account Summary .................................................................................................... 807

47.2.1 ISP Account Edit ................................................................................................... 808

Chapter 48

SSL Application ....................................................................................................................811

48.1 Overview ...........................................................................................................................811

48.1.1 What You Can Do in this Chapter ...........................................................................811

48.1.2 What You Need to Know .........................................................................................811

48.1.3 Example: Specifying a Web Site for Access .......................................................... 812

48.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 813

48.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 814

48.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 816

Chapter 49

Endpoint Security.................................................................................................................819

26

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

49.1 Overview .......................................................................................................................... 819

49.1.1 What You Can Do in this Chapter .......................................................................... 820

49.1.2 What You Need to Know ........................................................................................ 820

49.2 Endpoint Security Screen ........ ................................................ ... ... .... ... ... ... .... ... ... ... ... .... . 821

49.3 Endpoint Security Add/Edit .............................................................................................. 823

Chapter 50

System.................................................................................................................................829

50.1 Overview .......................................................................................................................... 829

50.1.1 What You Can Do in this Chapter .......................................................................... 829

50.2 Host Name ....................................................................................................................... 830

50.3 USB Storage .................................................................................................................... 831

50.4 Date and Time ................................................................................................................ 832

50.4.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 834

50.4.2 Time Server Synchronization ................................................................................. 835

50.5 Console Port Speed ......................................................................................................... 836

50.6 DNS Overview ................................................................................................................. 836

50.6.1 DNS Server Address Assignment .......................................................................... 837

50.6.2 Configuring the DNS Screen ................................ .......................................... ........ 837

50.6.3 Address Record .................................................................................................... 840

50.6.4 PTR Record ........................................................................................................... 840

50.6.5 Adding an Address/PTR Record ............................................................................ 840

50.6.6 Domain Zone Forwarder ............... ............................................. ... ... .... ................. 841

50.6.7 Adding a Domain Zone Forwarder ................................. ........................................ 8 41

50.6.8 MX Record ............................................................................................................842

50.6.9 Adding a MX Record ..............................................................................................843

50.6.10 Adding a DNS Service Control Rule ................................................................... . 843

50.7 WWW Overview ..............................................................................................................844

50.7.1 Service Access Limitations .................................................................................... 845

50.7.2 System Timeout ..................................................................................................... 845

50.7.3 HTTPS ...................................................................................................................845

50.7.4 Configuring WWW Service Control ........................................................................ 846

50.7.5 Service Control Rules ............................................................................................ 850

50.7.6 Customizing the WWW Login Page ....................................................................... 850

50.7.7 HTTPS Example ....................................................................................................854

50.8 SSH .............................................................................................................................. 861

50.8.1 How SSH Works ......................................................... ... ... ... .... ... ... ........................ 862

50.8.2 SSH Implementation on the ZyWALL ..................................................................... 863

50.8.3 Requirements for Using SSH ................................................................................. 863

50.8.4 Configuring SSH ....................................................................................................863

50.8.5 Secure Telnet Using SSH Examples ...................................................................... 865

50.9 Telnet .............................................................................................................................. 866

50.9.1 Configuring Telnet .................................................................................................. 867

ZyWALL USG 100/200 Series User’s Guide

27

Table of Contents

50.10 FTP ............................................................................................................................... 868

50.10.1 Configuring FTP ...................................................................................................868

50.11 SNMP .................................... ... ... ... ............................................. .... ... ... ... .... ... ... ...........870

50.11.1 Supported MIBs ............ ... ... ... ... ............................................................................ 872

50.11.2 SNMP Traps ....................... ... ... .... ... ... ... .... ... ........................................................ 872

50.11.3 Configuring SNMP ........... ... ... ... .... ........................................................................ 872

50.12 Dial-in Management ......................................................................................................874

50.12.1 Configuring Dial-in Mgmt ...................................................................................... 875

50.13 Vantage CNM ...............................................................................................................876

50.13.1 Configuring Vantage CNM ................................................................................... 877

50.14 Language Screen .........................................................................................................879

Chapter 51

Log and Report ...................................................................................................................881

51.1 Overview .......................................................................................................................... 881

51.1.1 What You Can Do In this Chapter .......................................................................... 881

51.2 Email Daily Report ..........................................................................................................881

51.3 Log Setting Screens ....................................................................................................... 883

51.3.1 Log Setting Summary ............................................................................................. 884

51.3.2 Edit System Log Settings ......................................................................................885

51.3.3 Edit Log on USB Storage Setting .. ... ... ... .... ... ... ... ..................................................890

51.3.4 Edit Remote Server Log Settings .......................................................................... 892

51.3.5 Active Log Summary Screen ................................ ............. .......... ............. ............. . 894

Chapter 52

File Manager.........................................................................................................................897

52.1 Overview .......................................................................................................................... 897

52.1.1 What You Can Do in this Chapter .......................................................................... 897

52.1.2 What you Need to Know ........................................................................................ 897

52.2 The Configuration File Screen .............................. ...................................................... .....900

52.3 The Firmware Package Screen ...................................................................................... 904

52.4 The Shell Script Screen .......................... ....................................................... .................906

Chapter 53

Diagnostics...........................................................................................................................909

53.1 Overview .......................................................................................................................... 909

53.1.1 What You Can Do in this Chapter .......................................................................... 909

53.2 The Diagnostic Screen ....................................................................................................909

53.2.1 The Diagnostics Files Screen ................................................................................ 910

53.3 The Packet Capture Screen .............................................................................................911

53.3.1 The Packet Capture Files Screen .......................................................................... 914

53.3.2 Example of Viewing a Packet Capture File .............................. ... ... ... .... ... ... ... ... .....915

53.4 Core Dump Screen ..........................................................................................................916

28

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

53.4.1 Core Dump Files Screen ......................... .......................................... ..................... 916

53.5 The System Log Screen .................................................................................................. 917

Chapter 54

Reboot....................................................................................................................................919

54.1 Overview .......................................................................................................................... 919

54.1.1 What You Need To Know ....................................................................................... 919

54.2 The Reboot Screen .........................................................................................................919

Chapter 55

Shutdown...............................................................................................................................921

55.1 Overview .......................................................................................................................... 921

55.1.1 What You Need To Know ....................................................................................... 921

55.2 The Shutdown Screen ..................................................................................................... 921

Chapter 56

Troubleshooting....................................................................................................................923

56.1 Resetting the ZyWALL .....................................................................................................940

56.2 Getting More Troubleshooting Help ................................................................................. 941

Chapter 57

Product Specifications.........................................................................................................943

57.1 3G or WLAN PCMCIA Card Installation .......................................................................... 952

57.2 Power Adaptor Specifications ..........................................................................................952

Appendix A Log Descriptions...............................................................................................955

Appendix B Common Services...........................................................................................1017

Appendix C Displaying Anti-Virus Alert Messages in Windows..........................................1021

Appendix D Importing Certificates......................................................................................1027

Appendix E Wireless LANs ................................................................................................1053

Appendix F Open Software Announcements.....................................................................1069

Appendix G Legal Information............................................................................................1127

Index.....................................................................................................................................1131

ZyWALL USG 100/200 Series User’s Guide

29

Table of Contents

30

ZyWALL USG 100/200 Series User’s Guide