Zyxel ZYWALL USG 1000 installation guide

ZyWALL USG 1000

Unified Security Gateway

Default Login Details

LAN Port P1
IP Address https://192.168.1.1
User Name admin
Password 1234

www.zyxel.com

Firmware Version 2.20
Edition 2, 9/2010

www.zyxel.com

Copyright © 2010
ZyXEL Communications Corporation

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL
using the Web Configurator.

How To Use This Guide

•Read Chapter 1 on page 33 chapter for an overview of features available on the
ZyWALL.

•Read Chapter 3 on page 47 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL Web Configurator.

•Read Chapter 4 on page 65 if you’re using the installation wizard for first time
setup and you want more detailed information than what the real time online
help provides.

•Read Chapter 5 on page 75 if you’re using the quick setup wizards and y ou want
more detailed information than what the real time online help provides.

• It is highly recommended you read Chapter 6 on page 93 for detailed
information on essential terms us ed in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.

• It is highly recommended you read Chapter 7 on page 117 for ZyWALL
application examples.

• Subsequent chapters are arranged by menu item as defined in the Web
Configurator. Read each chapter carefully for detailed information on that menu
item.

• To find specific information in this guide, use the Contents Overview, the
Table of Contents, the Index, or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.

Related Documentation

•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL

hardware connections and access the Web Configurator wizards. (See the
wizard real time help for information on configuring each screen.) It also
contains a connection diagram and package contents list.

•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)

to configure the ZyWALL.

Note: It is recommended you use the Web Configurator to configure the ZyWALL.

ZyWALL USG 1000 User’s Guide

3

About This User's Guide

• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and

supplementary information.

Documentation Feedback

Send your comments, questions or suggestions to: techwriters@zyxel.com.tw

Thank you!

The Technical Writing Team, ZyXEL Communications Corp.,
6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.

Need More Help?

More help is available at www.zyx el.com.

• Download Library
Search for the latest product updates and documentation from this link. Read

the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.

• Knowledge Base
If you have a specific question about your product, the answer may be here.

This is a collection of answers to previously asked questions about ZyXEL
products.

•Forum
This contains discussions on ZyXEL prod ucts. Learn from others who use ZyXEL

products and share your experiences as well.

Customer Support

Should problems arise that cannot be solved by the methods listed above, you
should conta ct your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.

4

ZyWALL USG 1000 User’s Guide

About This User's Guide

See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following informatio n ready when you contact an office.

• Product model and serial number.

•Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Disclaimer

Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software fo r y our dev ice. Ev ery effort has been made to ensur e that the
information in this manual is accurate.

ZyWALL USG 1000 User’s Guide

5

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

Document Conventions

• A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “return” key on you r keyboard.

• “Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click

Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.

6

ZyWALL USG 1000 User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

ZyWALL USG 1000 User’s Guide

7

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power
source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.

Safety Warnings

8

Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.

ZyWALL USG 1000 User’s Guide

Contents Overview

Contents Overview

User’s Guide ........................................................................................................ ...................31

Introducing the ZyWALL ............................................................................................................ 33

Features and Applications ......................................................................................................... 39

Web Configurator ............................................. ... ... ... .... ............................................. ... ... .......... 47

Installation Setup Wizard .................................... ............................................................. ..........65

Quick Setup ...............................................................................................................................75

Configuration Basics .............. ... ... .............................................. ... ... ... ... .... ... ... ... .... ................... 93

Tutorials ...................................................................................................................................117

L2TP VPN Example .................................................................................................................169

Technical Reference ............................................................................................................207

Dashboard .............................................................................................................................. 209

Monitor .................................................................................................................................... 223

Registration ............................................................................................................................. 265

Signature Update .....................................................................................................................271

Interfaces ..................................... ....................................................... ..................................... 277

Trunks ..................................................................................................................................... 337

Policy and Static Routes ..........................................................................................................347

Routing Protocols ....................................................................................................................363

Zones .................................. ................... ................... .................... ................... ........................ 377

DDNS ...................................................................................................................................... 381

NAT ................................. ............................. .............................. ............................. ................. 387

HTTP Redirect ........................................................................................................................397

ALG ......................................................................................................................................... 403

IP/MAC Binding .......................................................................................................................411

Authentication Policy ... ... .... ... ... ... .... ... ................................................ ... .................................. 417

Firewall .................................................................................................................................... 425

IPSec VPN ................... ... .............................................. ... ... ... .... ... ........................................... 443

SSL VPN ................................................................................................................................. 485

SSL User Screens ................................................................................................................... 499

SSL User Application Screens ................................................................................................ 509

SSL User File Sharing ..............................................................................................................511

ZyWALL SecuExtender ...................................................................... ... .................................. 519

L2TP VPN ................................................................................................................................ 523

Application Patrol .....................................................................................................................527

Anti-Virus ................................................................................................................................. 553

IDP .......................................................................................................................................... 569

ADP ........................................................................................................................................ 605

ZyWALL USG 1000 User’s Guide

9

Contents Overview

Content Filtering ..................................................................................................................... 627

Content Filter Reports ............................................................................................................. 651

Anti-Spam ................................................................................................................................ 659

Device HA ................................................................................................................................ 677

User/Group .............................................................................................................................. 699

Addresses ............................................................................................................................... 715

Services ................................. ....................................................... ........................................... 721

Schedules ................................. ................................................. .............................................. 727

AAA Server ............................................................................................................................. 733

Authentication Method ............................................................................... .............................. 743

Certificates ................................... ....................... ....................... ...................... ........................ 749

ISP Accounts ................................... ... ... ... ... .... ... ... ... .... ... ............................................. ........... 771

SSL Application ....................................................................................................................... 775

Endpoint Security .................................................................................................................... 783

System ................................................................................................................................... 793

Log and Report ......................................................................................................................845

File Manager ........................................................................................................................... 863

Diagnostics .............................................................................................................................875

Reboot ..................................................................................................................................... 885

Shutdown ......................................... ............................. ............................. .............................. 887

Troubleshooting ..................................................... .................................................................. 889

Product Specifications ............................................................................................................. 909

10

ZyWALL USG 1000 User’s Guide

Table of Contents

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................6

Safety Warnings ........................................................................................................................8

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

Part I: User’s Guide................................................................................ 31

Chapter 1

Introducing the ZyWALL ........................................................................................................33

1.1 Overview and Key Default Settings ..................................................................................... 33

1.2 Rack-mounted Installation ................................................................................................... 33

1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34

1.3 Front Panel ................................... ... ... ... .... ... ... ... .............................................. ... ... .............35

1.3.1 Front Panel LEDs ...................................... .... ... ... ... .... ... ... ... ... .... ................................ 35

1.4 Management Overview .......... .... ... ... ................................................ .... ................................35

1.5 Starting and Stopping the ZyWALL ............................ ... ... .... ................................................ 37

Chapter 2

Features and Applications.....................................................................................................39

2.1 Features ............................................. ... .... ... ............................................. ... .... ... ... .............39

2.2 Applications . .... ... ... ... .............................................. ... ... ... .... ... ............................................. 41

2.2.1 VPN Connectivity ...... ... .... ... ... ... ............................................. .... ... ... ... .... ................... 42

2.2.2 SSL VPN Network Access ..... ... ... .............................................. ... ... ... .... ... ... ............. 42

2.2.3 User-Aware Access Control ....................................................................................... 44

2.2.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ............................................. ... .... ... 44

2.2.5 Device HA .............. ... ... .... ... ... ... ............................................. .... ... ... ... .... ................... 45

Chapter 3

Web Configurator....................................................................................................................47

3.1 Web Configurator Requirements ......................................................................................... 47

3.2 Web Configurator Access ....................................................................................................47

3.3 Web Configurator Screens Overview .................................................................................. 49

3.3.1 Title Bar .................................. ............................................. ... .... ................................ 50

ZyWALL USG 1000 User’s Guide

11

Table of Contents

3.3.2 Navigation Panel ....... ... .... ... ... ... ... .... ... ....................................................................... 51

3.3.3 Main Window .......................... ... ............................................. .... ... ... ... .... ... ................57

3.3.4 Tables and Lists ..................................................................... ....................................59

Chapter 4

Installation Setup Wizard.......................................................................................................65

4.1 Installation Setup Wizard Screens ...................................................................................... 65

4.1.1 Internet Access Setup - WAN Interface ..................................................................... 66

4.1.2 Internet Access: Ethernet .......................................................................................... 66

4.1.3 Internet Access: PPPoE ............................................................................................. 68

4.1.4 Internet Access: PPTP .............................................................................................. 69

4.1.5 ISP Parameters ................................... ... ... .... ... ............................................. ... ... .... ... 69

4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 71

4.1.7 Internet Access - Finish .............................................................................................71

4.2 Device Registration ........................................................................................................... 72

Chapter 5

Quick Setup.............................................................................................................................75

5.1 Quick Setup Overview ........................... .... ... ... ... .............................................. ... ... ... ... ....... 75

5.2 WAN Interface Quick Setup .................................................................................................76

5.2.1 Choose an Ethernet Interface ................ ... .... ... ... ... .... ................................................ 76

5.2.2 Select WAN Type ................................................................... .... ... ... .......................... 76

5.2.3 Configure WAN Settings ............................................................................................ 77

5.2.4 WAN and ISP Connection Settings ............................................................................ 78

5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 80

5.3 VPN Quick Setup .......... ... ... ... .... ............................................. ... ... ... .... ... ............................. 81

5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 82

5.5 VPN Express Wizard - Scenario .........................................................................................83

5.5.1 VPN Express Wizard - Configuration ........................ ... ... .......................................... 84

5.5.2 VPN Express Wizard - Summary ....................... ... .... ... ............................................. 85

5.5.3 VPN Express Wizard - Finish .................................................................................... 86

5.5.4 VPN Advanced Wizard - Scenario ............................................................................87

5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 88

5.5.6 VPN Advanced Wizard - Phase 2 .............................................................................90

5.5.7 VPN Advanced Wizard - Summary ........................................................................... 91

5.5.8 VPN Advanced Wizard - Finish ................................................................................. 92

Chapter 6

Configuration Basics..............................................................................................................93

12

6.1 Object-based Configuration .......................... ... ... .... ... ... ... .... ... ... ... ... .... ................................93

6.2 Zones, Interfaces, and Physical Ports ................................................................................. 94

6.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .......................... 95

6.2.2 Default Interface and Zone Configuration .................................................................. 96

ZyWALL USG 1000 User’s Guide

Table of Contents

6.3 Terminology in the ZyWALL ................... .... ... ... ... .... ... ... ............................................. ... .... ... 97

6.4 Packet Flow .................................. ... ... ... .... ... ............................................. ... .... ... ... .............98

6.4.1 ZLD 2.20 Packet Flow Enhancements ....................................................................... 98

6.4.2 Routing Table Checking Flow Enhancements ............................................................ 99

6.4.3 NAT Table Checking Flow ...................... ... .... ... ... ... .... ... ... ... ..................................... 100

6.5 Feature Configuration Overview ....................................................................................... 101

6.5.1 Feature ...................................... ... .... ... ... ... .... ............................................. ... ... ... ..... 102

6.5.2 Licensing Registration ............................ ... .... ... ... ... .... ... ........................................... 102

6.5.3 Licensing Update ................................................... .... ... ... ... ... .... ... ... ... ..................... 102

6.5.4 Interface .............. ... ... ... .... ... ... ............................................. ... .... ... ... ... ..................... 103

6.5.5 Trunks ....... ... ... .... ... ... ... .... ............................................. ... ... ..................................... 103

6.5.6 Policy Routes ............ ... .... ... ... ... ............................................. .... ... ... ... .... ................. 103

6.5.7 Static Routes .................................... ... ... ............................................. .... ... ... ... ... .....104

6.5.8 Zones ........... ... .... ... ............................................. ... .... ... ........................................... 105

6.5.9 DDNS ............................................... ... ... ... .............................................. ... ... ...........105

6.5.10 NAT ........................................................................................................................ 105

6.5.11 HTTP Redirect ........................................................................................................ 106

6.5.12 ALG ........................................................................................................................ 107

6.5.13 Auth. Policy ............................................................................................................107

6.5.14 Firewall ................................................................................................................... 107

6.5.15 IPSec VPN ............................................................................................................. 108

6.5.16 SSL VPN ................................................................................................................ 108

6.5.17 L2TP VPN .............................................................................................................. 109

6.5.18 Application Patrol ...................................................................................................109

6.5.19 Anti-Virus .................................................................................................................110

6.5.20 IDP ..........................................................................................................................110

6.5.21 ADP .........................................................................................................................110

6.5.22 Content Filter ...........................................................................................................110

6.5.23 Anti-Spam ................................................................................................................111

6.5.24 Device HA ...............................................................................................................111

6.6 Objects ............................................ ... ... .... ............................................. ... ... .... ... ...............112

6.6.1 User/Group ....................... ... ... ............................................. ... .... ... ... ... ......................112

6.7 System ............. ............................................. ... ... .... ............................................. ...............113

6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .... ... ... ... .... .. 113

6.7.2 Logs and Reports ......................................................................................................114

6.7.3 File Manager ................ .... ... ... ... ... .... ... ... ... .............................................. ... ... ... ... .... ..114

6.7.4 Diagnostics ................ ... .... ... ... ... ... .............................................. ... ... ... ......................114

6.7.5 Shutdown ............ ... ... ... .... ... ... ............................................. ... .... ... ... ... ......................114

Chapter 7

Tutorials................................................................................................................................117

7.1 How to Configure Interfaces, Port Grouping, and Zones . .... ... ............................................ 117

7.1.1 Configure a WAN Ethernet Interface ............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ..118

ZyWALL USG 1000 User’s Guide

13

Table of Contents

7.1.2 Configure Zones ........................... .... ... ... ... .............................................. ... ... ... ... .... ..118

7.1.3 Configure Port Grouping ...........................................................................................119

7.2 How to Configure a Cellular Interface . ... .... ... ... ... .... ... ... ... .... .............................................. 120

7.3 How to Configure Load Balancing ..................................................................................... 122

7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 122

7.3.2 Configure the WAN Trunk ........................................................................................ 123

7.4 How to Set Up an IPSec VPN Tunnel ................................................................................ 125

7.4.1 Set Up the VPN Gateway ......................................................................................... 126

7.4.2 Set Up the VPN Connection ..................................................................................... 127

7.4.3 Configure Security Policies for the VPN Tunnel ...................................... ................. 128

7.5 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 129

7.6 How to Configure User-aware Access Control .................................................................. 131

7.6.1 Set Up User Accounts .............................................................................................. 132

7.6.2 Set Up User Groups ................................................................................................. 132

7.6.3 Set Up User Authentication Using the RADIUS Server ............................. ... ... ... .....133

7.6.4 Web Surfing Policies With Bandwidth Restrictions .................................................. 135

7.6.5 Set Up MSN Policies ................................................................................................ 138

7.6.6 Set Up Firewall Rules ............................................................................................... 139

7.7 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 140

7.8 How to Use Endpoint Security and Authentication Policies ............................................... 142

7.8.1 Configure the Endpoint Security Objects .................................................................142

7.8.2 Configure the Authentication Policy ......................................................................... 144

7.9 How to Configure Service Control ..................................................................................... 145

7.9.1 Allow HTTPS Administrator Access Only From the LAN ......................................... 146

7.10 How to Allow Incoming H.323 Peer-to-peer Calls ......................... .................................. 148

7.10.1 Turn On the ALG .................................................................................................... 149

7.10.2 Set Up a NAT Policy For H.323 .............................................................................. 149

7.10.3 Set Up a Firewall Rule For H.323 ..................................................... .... ................. 151

7.11 How to Allow Public Access to a Web Server .................... ............................................. .152

7.11.1 Create the Address Objects ................................................................................... 153

7.11.2 Configure NAT ........................................................................................................ 153

7.11.3 Set Up a Firewall Rule ............................................................................................154

7.12 How to Use an IPPBX on the DMZ ................................ .... ... ... ... ... .... ... ........................... 155

7.12.1 Turn On the ALG .................................................................................................... 157

7.12.2 Create the Address Objects ...................................................................................157

7.12.3 Setup a NAT Policy for the IPPBX ......................................................................... 158

7.12.4 Set Up a WAN to DMZ Firewall Rule for SIP .........................................................159

7.12.5 Set Up a DMZ to LAN Firewall Rule for SIP ........................................................... 160

7.13 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ............... 161

7.13.1 Create the Public IP Address Range Object ............ .............................................. 161

7.13.2 Configure the Policy Route .................................................................................... 162

7.14 How to Use Active-Passive Device HA ........................................................................... 162

7.14.1 Before You Start ..................................................................................................... 163

14

ZyWALL USG 1000 User’s Guide

Table of Contents

7.14.2 Configure Device HA on the Master ZyWALL ........................................................164

7.14.3 Configure the Backup ZyWALL .............................................................................. 165

7.14.4 Deploy the Backup ZyWALL .................................................................................. 166

7.14.5 Check Your Device HA Setup ................................................................................ 167

Chapter 8

L2TP VPN Example...............................................................................................................169

8.1 L2TP VPN Example ...........................................................................................................169

8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 169

8.3 Configuring the Default L2TP VPN Connection Example .................................................. 171

8.4 Configuring the L2TP VPN Settings Example ...................................................................172

8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 ..................................................... 173

8.5.1 Configuring L2TP in Windows Vista ......................................................................... 173

8.5.2 Configuring L2TP in Windows XP ............................................................................ 183

8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 189

Part II: Technical Reference................................................................ 207

Chapter 9

Dashboard............................................................................................................................209

9.1 Overview ............. ............................................. ... .... ... ... ... .................................................. 209

9.1.1 What Yo u Can Do in this Chapter ............................................................................ 209

9.2 The Dashboard Screen ..................................................................................................... 209

9.2.1 The CPU Usage Screen ........................................................................................... 216

9.2.2 The Memory Usage Screen ............. ... ... ... .... ... ... ... .... ... ... ... ... .................................. 217

9.2.3 The Session Usage Screen .......................................................... ........................... 218

9.2.4 The VPN Status Screen ...... ... ............................................. ... .... ... ... ... .... ... .............. 219

9.2.5 The DHCP Table Screen ..........................................................................................219

9.2.6 The Number of Login Users Screen .............................. ... ... ..................................... 220

Chapter 10

Monitor..................................................................................................................................223

10.1 Overview .......................................................................................................................... 223

10.1.1 What You Can Do in this Chapter .......................................................................... 223

10.2 The Port Statistics Screen .............................................................................................. 224

10.2.1 The Port Statistics Graph Screen .......................................................................... 226

10.3 Interface Status Screen ...................................................................................................227

10.4 The Traffic Statistics Screen ............................................................................................ 230

10.5 The Session Monitor Screen .......................................................................................... 233

10.6 The DDNS Status Screen ................................................................................................235

10.7 IP/MAC Binding Monitor .................................................................................................. 236

ZyWALL USG 1000 User’s Guide

15

Table of Contents

10.8 The Login Users Screen ................................................................................... ... ... ... .... . 237

10.9 Cellular Status Screen ..................................................................................................... 238

10.10 USB Storage Screen .................................................................................................... 240

10.11 Application Patrol Statistics .......................... ... .... ... ... ... .... ... ... ... .....................................241

10.11.1 Application Patrol Statistics: General Setup .................... ... .... ... ... ... .... ... ... ... ........241

10.11.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 242

10.11.3 Application Patrol Statistics: Protocol Statistics ................................................... 243

10.11.4 Application Patrol Statistics: Individual Protocol Statistics by Rule ...................... 244

10.12 The IPSec Monitor Screen ........................................................................................... 245

10.12.1 Regular Expressions in Searching IPSec SAs ..................................................... 247

10.13 The SSL Connection Monitor Screen ............................................................................ 248

10.14 L2TP over IPSec Session Monitor Screen .................................................................... 249

10.15 The Anti-Virus Statistics Screen .................................................................................... 250

10.16 The IDP Statistics Screen .............................................................................................. 252

10.17 The Content Filter Statistics Screen ..............................................................................254

10.18 Content Filter Cache Screen ......................................................................................... 255

10.19 The Anti-Spam Statistics Screen ................................................................................... 258

10.20 The Anti-Spam Status Screen ....................................................................................... 260

10.21 Log Screen .................................................................................................................... 261

Chapter 11

Registration...........................................................................................................................265

11.1 Overview .......................................................................................................................... 265

11.1.1 What You Can Do in this Chapter ......................... .... ... ... ... ... .... ... ... ........................ 265

11.1.2 What you Need to Know .........................................................................................265

11.2 The Registration Screen .................................................................................................. 267

11.3 The Service Screen ......................................................................................................... 269

Chapter 12

Signature Update..................................................................................................................271

12.1 Overview .......................................................................................................................... 271

12.1.1 What You Can Do in this Chapter .......................................................................... 271

12.1.2 What you Need to Know ........................................................................................ 271

12.2 The Antivirus Update Screen ........................................................................................... 272

12.3 The IDP/AppPatrol Update Screen .................................................................................. 273

12.4 The System Protect Update Screen ............................................................................... 275

Chapter 13

Interfaces...............................................................................................................................277

16

13.1 Interface Overview ........................................................................................................... 277

13.1.1 What You Can Do in this Chapter .......................................................................... 277

13.1.2 What You Need to Know ........................................................................................ 278

13.2 Port Grouping ................................................................................................................. 280

ZyWALL USG 1000 User’s Guide

Table of Contents

13.2.1 Port Grouping Overview .................... .......................................... ........................... 281

13.2.2 Port Grouping Screen ............................................................................................ 281

13.3 Ethernet Summary Screen .............................................................................................. 282

13.3.1 Ethernet Edit .........................................................................................................284

13.3.2 Object References ................................................................................................. 291

13.4 PPP Interfaces ................................................................................................................ 292

13.4.1 PPP Interface Summary ......................................................................................... 293

13.4.2 PPP Interface Add or Edit ..................................................................................... 295

13.5 Cellular Configuration Screen (3G) ................................................................................. 299

13.5.1 Cellular Add/Edit Screen ......................... ............................................................... 301

13.6 VLAN Interfaces ............................................................................................................. 308

13.6.1 VLAN Summary Screen ............. .... ... ..................................................................... 310

13.6.2 VLAN Add/Edit .......................................................................................................311

13.7 Bridge Interfaces ............................................................................................................ 318

13.7.1 Bridge Summary ....................................................................................................320

13.7.2 Bridge Add/Edit .....................................................................................................321

13.8 Auxiliary Interface ........................................................................................................... 327

13.8.1 Auxiliary Interface Overview ................................................................................... 327

13.8.2 Auxiliary .................................................................................................................. 327

13.9 Virtual Interfaces .............................................................................................................329

13.9.1 Virtual Interfaces Add/Edit ........................................... ................... ................... ..... 330

13.10 Interface Technical Reference ....................................................................................... 331

Chapter 14

Trunks...................................................................................................................................337

14.1 Overview .......................................................................................................................... 337

14.1.1 What You Can Do in this Chapter .......................................................................... 337

14.1.2 What You Need to Know ........................................................................................ 338

14.2 The Trunk Summary Screen ................................................. ... ... ... .... ... ... ... .... ... ... ... ... .....342

14.3 Configuring a Trunk ........................................................................................................ 343

14.4 Trunk Technical Reference ..............................................................................................345

Chapter 15

Policy and Static Routes......................................................................................................347

15.1 Policy and Static Routes Overview .................................................................................. 347

15.1.1 What You Can Do in this Chapter .......................................................................... 347

15.1.2 What You Need to Know ....................................................................................... 348

15.2 Policy Route Screen ........................................................................................................ 350

15.2.1 Policy Route Edit Screen ....................................................................................... 353

15.3 IP Static Route Screen ....................................................................................................357

15.3.1 Static Route Add/Edit Screen ................................................................................. 358

15.4 Policy Routing Technical Reference ................................................................................ 359

ZyWALL USG 1000 User’s Guide

17

Table of Contents

Chapter 16

Routing Protocols .................................................................................................................363

16.1 Routing Protocols Overview ............................................................................................ 363

16.1.1 What You Can Do in this Chapter .......................................................................... 363

16.1.2 What You Need to Know ........................................................................................ 363

16.2 The RIP Screen ... ... .... ... ... ... .... ................................................ ........................................ 364

16.3 The OSPF Screen ......... ... ... .... ... ... ... ... .... ... ................................................ .... .................365

16.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 369

16.3.2 OSPF Area Add/Edit Screen .................................................................................372

16.3.3 Virtual Link Add/Edit Screen ................................................................................. 373

16.4 Routing Protocol Technical Reference ............................................................................ 374

Chapter 17

Zones .....................................................................................................................................377

17.1 Zones Overview ............................................................................................................... 377

17.1.1 What You Can Do in this Chapter .......................................................................... 377

17.1.2 What You Need to Know ........................................................................................ 378

17.2 The Zone Screen .................................................................................. ... ........................ 379

17.3 Zone Edit ........................................................................................................................ 380

Chapter 18

DDNS......................................................................................................................................381

18.1 DDNS Overview .............................................................................................................. 381

18.1.1 What You Can Do in this Chapter .......................................................................... 381

18.1.2 What You Need to Know ........................................................................................ 381

18.2 The DDNS Screen ...........................................................................................................382

18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 384

Chapter 19

NAT.........................................................................................................................................387

19.1 NAT Overview .................................................................................................................. 387

19.1.1 What You Can Do in this Chapter .......................................................................... 387

19.1.2 What You Need to Know ........................................................................................ 388

19.2 The NAT Screen ............................ ... ... .... ... ... ... .... ... ... ... .... .............................................. 388

19.2.1 The NAT Add/Edit Screen . ... ... ... .... ........................................................................ 390

19.3 NAT Technical Reference ................................................................................................ 393

Chapter 20

HTTP Redirect......................................................................................................................397

18

20.1 Overview .......................................................................................................................... 397

20.1.1 What You Can Do in this Chapter .......................................................................... 397

20.1.2 What You Need to Know ........................................................................................ 398

20.2 The HTTP Redirect Screen ............................................................................................. 399

ZyWALL USG 1000 User’s Guide

Table of Contents

20.2.1 The HTTP Redirect Edit Screen ............................................................................. 400

Chapter 21

ALG ........................................................................................................................................403

21.1 ALG Overview ................................................................................................................. 403

21.1.1 What You Can Do in this Chapter .......................................................................... 403

21.1.2 What You Need to Know ........................................................................................ 404

21.1.3 Before You Begin ................................................................................................... 407

21.2 The ALG Screen ..............................................................................................................407

21.3 ALG Technical Reference ................................................................................................ 409

Chapter 22

IP/MAC Binding....................................................................................................................411

22.1 IP/MAC Binding Overview ................................................................................................411

22.1.1 What You Can Do in this Chapter ...........................................................................411

22.1.2 What You Need to Know ........................................................................................ 412

22.2 IP/MAC Binding Summary ............................................................................................... 412

22.2.1 IP/MAC Binding Edit ............................................................................................... 413

22.2.2 Static DHCP Edit .................................................................................................... 414

22.3 IP/MAC Binding Exempt List ........................................................................................... 415

Chapter 23

Authentication Policy...........................................................................................................417

23.1 Overview .......................................................................................................................... 417

23.1.1 What You Can Do in this Chapter .......................................................................... 417

23.1.2 What You Need to Know ........................................................................................ 418

23.2 Authentication Policy Screen ........................................................................................... 418

23.2.1 Adding Exceptional Services .................................................................................. 420

23.2.2 Creating/Editing an Authentication Policy .............................................................. 421

Chapter 24

Firewall...................................................................................................................................425

24.1 Overview .......................................................................................................................... 425

24.1.1 What You Can Do in this Chapter .......................................................................... 425

24.1.2 What You Need to Know ........................................................................................ 426

24.1.3 Firewall Rule Example Applications ....................................................................... 428

24.1.4 Firewall Rule Configuration Example ..................................................................... 431

24.2 The Firewall Screen ................. ... ... ... ... ................................................. ... ........................ 433

24.2.1 Configuring the Firewall Screen ............................... .............................................. 434

24.2.2 The Firewall Add/Edit Screen ................................................................................. 437

24.3 The Session Limit Screen ................................................................................................ 438

24.3.1 The Session Limit Add/Edit Screen ........................................................................ 440

ZyWALL USG 1000 User’s Guide

19

Table of Contents

Chapter 25

IPSec VPN..............................................................................................................................443

25.1 IPSec VPN Overview .......................................................................................................443

25.1.1 What You Can Do in this Chapter .......................................................................... 443

25.1.2 What You Need to Know ........................................................................................ 444

25.1.3 Before You Begin ................................................................................................... 446

25.2 The VPN Connection Screen .......................................................................................... 446

25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 448

25.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 455

25.3 The VPN Gateway Screen .............................................................................................. 458

25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 459

25.4 VPN Concentrator ..........................................................................................................467

25.4.1 IPSec VPN Concentrator Example ........................................................................ 467

25.4.2 VPN Concentrator Screen ...................................................................................... 470

25.4.3 The VPN Concentrator Add/Edit Screen .............................. .... ... ... ... .... ... ... ........... 4 70

25.5 IPSec VPN Background Information ............................................................................... 471

Chapter 26

SSL VPN.................................................................................................................................485

26.1 Overview .......................................................................................................................... 485

26.1.1 What You Can Do in this Chapter .......................................................................... 485

26.1.2 What You Need to Know ........................................................................................ 485

26.2 The SSL Access Privilege Screen ................................................................................... 488

26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 490

26.3 The SSL Global Setting Screen .................. ... ... .... ................................................ ... ... .... . 492

26.3.1 How to Upload a Custom Logo .............................................................................. 494

26.4 Establishing an SSL VPN Connection ............................................................................. 495

Chapter 27

SSL User Screens.................................................................................................................499

27.1 Overview .......................................................................................................................... 499

27.1.1 What You Need to Know ........................................................................................ 499

27.2 Remote User Login ..........................................................................................................500

27.3 The SSL VPN User Screens ................................................ ... ... ... .... ... ... ... .... ... ... ... ........505

27.4 Bookmarking the ZyWALL ............................................................................................... 506

27.5 Logging Out of the SSL VPN User Screens .................................................................... 506

Chapter 28

SSL User Application Screens ............................................................................................509

28.1 SSL User Application Screens Overview ........................................................................ 509

28.2 The Application Screen ...................................................................................................509

20

ZyWALL USG 1000 User’s Guide

Table of Contents

Chapter 29

SSL User File Sharing ..........................................................................................................511

29.1 Overview ...........................................................................................................................511

29.1.1 What You Need to Know .........................................................................................511

29.2 The Main File Sharing Screen ......................................................................................... 512

29.3 Opening a File or Folder ................................... ....................................................... ........512

29.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 514

29.3.2 Saving a File ..........................................................................................................515

29.4 Creating a New Folder ......................... ....................... ....................... ...................... ........515

29.5 Renaming a File or Folder ............................................................................................... 516

29.6 Deleting a File or Folder ..................................................................................................516

29.7 Uploading a File ............................. ....................... ...................... ....................... .............. 517

Chapter 30

ZyWALL SecuExtender.........................................................................................................519

30.1 The ZyWALL SecuExtender Icon .................................................................................... 519

30.2 Statistics .......................................................................................................................... 520

30.3 View Log ..........................................................................................................................521

30.4 Suspend and Resume the Connection ....................... ..................................................... 521

30.5 Stop the Connection ........................................................................................................ 522

30.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 522

Chapter 31

L2TP VPN...............................................................................................................................523

31.1 Overview .......................................................................................................................... 523

31.1.1 What You Can Do in this Chapter .......................................................................... 523

31.1.2 What You Need to Know ........................................................................................ 523

31.2 L2TP VPN Screen ......... ... ... .... ... ... ... ... .... ... ................................................ .... .................525

Chapter 32

Application Patrol.................................................................................................................527

32.1 Overview .......................................................................................................................... 527

32.1.1 What You Can Do in this Chapter .......................................................................... 527

32.1.2 What You Need to Know ....................................................................................... 528

32.1.3 Application Patrol Bandwidth Management Examples ........................................... 533

32.2 Application Patrol General Screen ..................................................................................537

32.3 Application Patrol Applications ........................................................................................ 538

32.3.1 The Application Patrol Edit Screen ........................................................................ 539

32.3.2 The Application Patrol Policy Edit Screen ............................................................. 543

32.4 The Other Applications Screen ........................................................................................ 546

32.4.1 The Other Applications Add/Edit Screen ................................................................ 549

ZyWALL USG 1000 User’s Guide

21

Table of Contents

Chapter 33

Anti-Virus...............................................................................................................................553

33.1 Overview .......................................................................................................................... 553

33.1.1 What You Can Do in this Chapter .......................................................................... 553

33.1.2 What You Need to Know ........................................................................................ 554

33.1.3 Before You Begin ................................................................................................... 556

33.2 Anti-Virus Summary Screen ....... ... ... ... .... ... ... ... .... ... ... ................................................ .... . 556

33.2.1 Anti-Virus Policy Add or Edit Screen ......................................................................559

33.3 Anti-Virus Black List .........................................................................................................561

33.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 562

33.5 Anti-Virus White List ... ... ... ... ................................................. ... ........................................ 563

33.6 Signature Searching ........................................................................................................ 564

33.7 Anti-Virus Technical Reference ........................................................................................ 567

Chapter 34

IDP.........................................................................................................................................569

34.1 Overview .......................................................................................................................... 569

34.1.1 What You Can Do in this Chapter .......................................................................... 569

34.1.2 What You Need To Know ....................................................................................... 569

34.1.3 Before You Begin ................................................................................................... 570

34.2 The IDP General Screen .................................................................................................571

34.3 Introducing IDP Profiles ................................................................................................. 573

34.3.1 Base Profiles ..........................................................................................................574

34.4 The Profile Summary Screen .......................................................................................... 575

34.5 Creating New Profiles ...................................................................................................... 576

34.5.1 Procedure To Create a New Profile ........................................................................ 576

34.6 Profiles: Packet Inspection ............................................................................................. 577

34.6.1 Profile > Group View Screen .................................................................................. 577

34.6.2 Policy Types ........................................................................................................... 580

34.6.3 IDP Service Groups ...............................................................................................581

34.6.4 Profile > Query View Screen .................................................................................. 582

34.6.5 Query Example ...................................................................................................... 585

34.7 Introducing IDP Custom Signatures ............................................................................... 587

34.7.1 IP Packet Header ...................................................................................................587

34.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 588

34.8.1 Creating or Editing a Custom Signature ................................................................590

34.8.2 Custom Signature Example ........................................... ... ..................................... 596

34.8.3 Applying Custom Signatures .................................................................................. 598

34.8.4 Verifying Custom Signatures .................................................................................. 599

34.9 IDP Technical Reference ................................................................................................. 600

Chapter 35

ADP .......................................................................................................................................605

22

ZyWALL USG 1000 User’s Guide

Table of Contents

35.1 Overview .......................................................................................................................... 605

35.1.1 ADP and IDP Comparison ..................................................................................... 605

35.1.2 What You Can Do in this Chapter ......................................................................... 605

35.1.3 What You Need To Know ....................................................................................... 605

35.1.4 Before You Begin ................................................................................................... 606

35.2 The ADP General Screen ........................ ................................................... ..................... 607

35.3 The Profile Summary Screen .......................................................................................... 608

35.3.1 Base Profiles ..........................................................................................................609

35.3.2 Configuring The ADP Profile Summary Screen ..................................................... 609

35.3.3 Creating New ADP Profiles ............................ ........................................................ 610

35.3.4 Traffic Anomaly Profiles ........................................................................................ 610

35.3.5 Protocol Anomaly Profiles .......................................................................... ... ... .... . 613

35.3.6 Protocol Anomaly Configuration ............................................................................. 613

35.4 ADP Technical Reference ................................................................................................ 617

Chapter 36

Content Filtering..................................................................................................................627

36.1 Overview .......................................................................................................................... 627

36.1.1 What You Can Do in this Chapter .......................................................................... 627

36.1.2 What You Need to Know ........................................................................................ 627

36.1.3 Before You Begin ................................................................................................... 629

36.2 Content Filter General Screen .................... ....................................................... ..............629

36.3 Content Filter Policy Add or Edit Screen ......................................................................... 632

36.4 Content Filter Profile Screen ..........................................................................................634

36.5 Content Filter Categories Screen ................................................................................... 634

36.5.1 Content Filter Blocked and Warning Messages ..................................................... 646

36.6 Content Filter Customization Screen .............................................................................. 647

36.7 Content Filter Technical Reference ................................................................................. 649

Chapter 37

Content Filter Reports..........................................................................................................651

37.1 Overview .......................................................................................................................... 651

37.2 Viewing Content Filter Reports ............................................. ........................................... 651

Chapter 38

Anti-Spam..............................................................................................................................659

38.1 Overview .......................................................................................................................... 659

38.1.1 What You Can Do in this Chapter .......................................................................... 659

38.1.2 What You Need to Know ........................................................................................ 659

38.2 Before You Begin ............................................................................................................. 661

38.3 The Anti-Spam General Screen ....................................................................................... 661

38.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 663

38.4 The Anti-Spam Black List Screen .................................................................................... 665

ZyWALL USG 1000 User’s Guide

23

Table of Contents

38.4.1 The Anti-Spam Black or White List Add/Edit Screen ...................................... ... .... . 667

38.4.2 Regular Expressions in Black or White List Entries ............................................... 668

38.5 The Anti-Spam White List Screen ....................................................................................669

38.6 The DNSBL Screen ......................................................................................................... 670

38.7 Anti-Spam Technical Reference ...................................................................................... 672

Chapter 39

Device HA..............................................................................................................................677

39.1 Overview .......................................................................................................................... 677

39.1.1 What You Can Do in this Chapter .......................................................................... 677

39.1.2 What You Need to Know ........................................................................................ 677

39.1.3 Before You Begin ................................................................................................... 678

39.2 Device HA General ..........................................................................................................679

39.3 The Active-Passive Mode Screen ................................................................................... 680

39.3.1 Configuring Active-Passive Mode Device HA ........................................................ 682

39.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 685

39.5 The Legacy Mode Screen ............................................................................................... 687

39.6 Configuring the Legacy Mode Screen ............................................... ... ... ... .... ... .............. 688

39.7 Device HA Technical Reference ...................................................................................... 692

Chapter 40

User/Group............................................................................................................................699

40.1 Overview .......................................................................................................................... 699

40.1.1 What You Can Do in this Chapter .......................................................................... 699

40.1.2 What You Need To Know ....................................................................................... 699

40.2 User Summary Screen .................................................................................................... 702

40.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 702

40.3 User Group Summary Screen ......................................................................................... 705

40.3.1 Group Add/Edit Screen .......................................................................................... 706

40.4 Setting Screen ................................................................................................................ 707

40.4.1 Default User Authentication Timeout Settings Edit Screens .................................. 710

40.4.2 User Aware Login Example ............... ... ... .... ... ............................................. ... ... .... . 712

40.5 User /Group Technical Reference ................................................................................... 713

Chapter 41

Addresses.............................................................................................................................715

41.1 Overview .......................................................................................................................... 715

41.1.1 What You Can Do in this Chapter .......................................................................... 715

41.1.2 What You Need To Know ....................................................................................... 715

41.2 Address Summary Screen ....................... ........................................................................ 715

41.2.1 Address Add/Edit Screen ....................................................................................... 717

41.3 Address Group Summary Screen ............................... ....................... ......................... ..... 718

41.3.1 Address Group Add/Edit Screen ............................................................................ 719

24

ZyWALL USG 1000 User’s Guide

Table of Contents

Chapter 42

Services.................................................................................................................................721

42.1 Overview .......................................................................................................................... 721

42.1.1 What You Can Do in this Chapter .......................................................................... 721

42.1.2 What You Need to Know ........................................................................................ 721

42.2 The Service Summary Screen ....................... .......................... .......................... .............. 722

42.2.1 The Service Add/Edit Screen ............................ ..................................................... 724

42.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... ................. 724

42.3.1 The Service Group Add/Edit Screen ...................................................................... 726

Chapter 43

Schedules..............................................................................................................................727

43.1 Overview .......................................................................................................................... 727

43.1.1 What You Can Do in this Chapter .......................................................................... 727

43.1.2 What You Need to Know ........................................................................................ 727

43.2 The Schedule Summary Screen ...................................................................................... 728

43.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 729

43.2.2 The Recurring Schedule Add/Edit Screen ............................................... ... ... ... .... . 730

Chapter 44

AAA Server...........................................................................................................................733

44.1 Overview .......................................................................................................................... 733

44.1.1 Directory Service (AD/LDAP) ................................................................ ................. 733

44.1.2 RADIUS Server ...................................................................................................... 734

44.1.3 ASAS ......................................................................................................................734

44.1.4 What You Can Do in this Chapter .......................................................................... 734

44.1.5 What You Need To Know ....................................................................................... 735

44.2 Active Directory or LDAP Server Summary ..................................................................... 737

44.2.1 Adding an Active Directory or LDAP Server ............. ............ ............. ............. ........ 737

44.3 RADIUS Server Summary ............................................................................................... 739

44.3.1 Adding a RADIUS Server ...................................................................................... 741

Chapter 45

Authentication Method.........................................................................................................743

45.1 Overview .......................................................................................................................... 743

45.1.1 What You Can Do in this Chapter .......................................................................... 743

45.1.2 Before You Begin ................................................................................................... 743

45.1.3 Example: Selecting a VPN Authentication Method ................................................ 743

45.2 Authentication Method Objects ...................................... .................................... .............. 744

45.2.1 Creating an Authentication Method Object ........................................... ... ... ... ... .... . 745

Chapter 46

Certificates ............................................................................................................................749

ZyWALL USG 1000 User’s Guide

25

Table of Contents

46.1 Overview .......................................................................................................................... 749

46.1.1 What You Can Do in this Chapter .......................................................................... 749

46.1.2 What You Need to Know ........................................................................................ 749

46.1.3 Verifying a Certificate ............................................................................................. 751

46.2 The My Certificates Screen ............................................................................................. 753

46.2.1 The My Certificates Add Screen ............................................................................ 754

46.2.2 The My Certificates Edit Screen ........... ............................................. .... ... ... ... ... .....759

46.2.3 The My Certificates Import Screen ........................................................................ 762

46.3 The Trusted Certificates Screen ..................................................................................... 763

46.3.1 The Trusted Certificates Edit Screen .................................................................... 764

46.3.2 The Trusted Certificates Import Screen ................................................................768

46.4 Certificates Technical Reference .....................................................................................769

Chapter 47

ISP Accounts.........................................................................................................................771

47.1 Overview .......................................................................................................................... 771

47.1.1 What You Can Do in this Chapter .......................................................................... 771

47.2 ISP Account Summary .................................................................................................... 771

47.2.1 ISP Account Edit ................................................................................................... 772

Chapter 48

SSL Application ....................................................................................................................775

48.1 Overview .......................................................................................................................... 775

48.1.1 What You Can Do in this Chapter .......................................................................... 775

48.1.2 What You Need to Know ........................................................................................ 775

48.1.3 Example: Specifying a Web Site for Access .......................................................... 776

48.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 777

48.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 778

48.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 780

Chapter 49

Endpoint Security.................................................................................................................783

49.1 Overview .......................................................................................................................... 783

49.1.1 What You Can Do in this Chapter .......................................................................... 784

49.1.2 What You Need to Know ........................................................................................ 784

49.2 Endpoint Security Screen .... .... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... .............. 785

49.3 Endpoint Security Add/Edit .............................................................................................. 787

Chapter 50

System.................................................................................................................................793

26

50.1 Overview .......................................................................................................................... 793

50.1.1 What You Can Do in this Chapter .......................................................................... 793

50.2 Host Name ....................................................................................................................... 794

ZyWALL USG 1000 User’s Guide

Table of Contents

50.3 USB Storage .................................................................................................................... 795

50.4 Date and Time ................................................................................................................ 796

50.4.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 798

50.4.2 Time Server Synchronization ................................................................................. 799

50.5 Console Port Speed ......................................................................................................... 800

50.6 DNS Overview .................................................................................................................800

50.6.1 DNS Server Address Assignment ..........................................................................801

50.6.2 Configuring the DNS Screen ................................ .......................................... ........ 8 01

50.6.3 Address Record .................................................................................................... 804

50.6.4 PTR Record ........................................................................................................... 804

50.6.5 Adding an Address/PTR Record ............................................................................804

50.6.6 Domain Zone Forwarder ........ ... .... ... ... ............................................. .... ... ... ........... 805

50.6.7 Adding a Domain Zone Forwarder ................................. ........................................ 805

50.6.8 MX Record ............................................................................................................ 806

50.6.9 Adding a MX Record ..............................................................................................807

50.6.10 Adding a DNS Service Control Rule ................................................................... . 807

50.7 WWW Overview ..............................................................................................................808

50.7.1 Service Access Limitations .................................................................................... 809

50.7.2 System Timeout .....................................................................................................809

50.7.3 HTTPS ...................................................................................................................809

50.7.4 Configuring WWW Service Control ........................................................................ 810

50.7.5 Service Control Rules ............................................................................................ 814

50.7.6 Customizing the WWW Login Page ....................................................................... 814

50.7.7 HTTPS Example ....................................................................................................818

50.8 SSH ..............................................................................................................................825

50.8.1 How SSH Works ......................................................... ... ... ... .... ... ... ........................ 826

50.8.2 SSH Implementation on the ZyWALL ..................................................................... 827

50.8.3 Requirements for Using SSH .................................................................................827

50.8.4 Configuring SSH ....................................................................................................827

50.8.5 Secure Telnet Using SSH Examples ...................................................................... 829

50.9 Telnet .............................................................................................................................. 830

50.9.1 Configuring Telnet .................................................................................................. 831

50.10 FTP ...............................................................................................................................832

50.10.1 Configuring FTP ...................................................................................................832

50.11 SNMP .................................... ... ... ... ... .... ............................................. ... ... .... ... ... ...........834

50.11.1 Supported MIBs ............ ... ... ... ... .... ... ............................................. ... .... ... ... ... ... .... . 836

50.11.2 SNMP Traps ....................... ... ... .... ... ... ... .... ... ... ............................................. ... .... . 836

50.11.3 Configuring SNMP ........... ... ... ... .... ... ... ............................................. .... ... ... ... ... .... . 836

50.12 Dial-in Management ......................................................................................................838

50.12.1 Configuring Dial-in Mgmt ...................................................................................... 839

50.13 Vantage CNM ...............................................................................................................840

50.13.1 Configuring Vantage CNM ................................................................................... 841

50.14 Language Screen .........................................................................................................843

ZyWALL USG 1000 User’s Guide

27

Table of Contents

Chapter 51

Log and Report ...................................................................................................................845

51.1 Overview .......................................................................................................................... 845

51.1.1 What You Can Do In this Chapter .......................................................................... 845

51.2 Email Daily Report ..........................................................................................................845

51.3 Log Setting Screens ....................................................................................................... 847

51.3.1 Log Setting Summary ............................................................................................. 848

51.3.2 Edit System Log Settings ...................................................................................... 849

51.3.3 Edit Log on USB Storage Setting .. ... ... ... .... ... ... ... ............................................. .... . 854

51.3.4 Edit Remote Server Log Settings ..........................................................................856

51.3.5 Active Log Summary Screen ................................ ............. .......... ............. ............. . 858

Chapter 52

File Manager.........................................................................................................................863

52.1 Overview .......................................................................................................................... 863

52.1.1 What You Can Do in this Chapter .......................................................................... 863

52.1.2 What you Need to Know ........................................................................................ 863

52.2 The Configuration File Screen .............................. ...................................................... .....866

52.3 The Firmware Package Screen ...................................................................................... 870

52.4 The Shell Script Screen .......................... ....................................................... .................872

Chapter 53

Diagnostics...........................................................................................................................875

53.1 Overview .......................................................................................................................... 875

53.1.1 What You Can Do in this Chapter .......................................................................... 875

53.2 The Diagnostic Screen ....................................................................................................875

53.2.1 The Diagnostics Files Screen ................................................................................ 876

53.3 The Packet Capture Screen ............................................................................................ 877

53.3.1 The Packet Capture Files Screen .......................................................................... 880

53.3.2 Example of Viewing a Packet Capture File .......................... .... ... ... ........................ 881

53.4 Core Dump Screen ..........................................................................................................882

53.4.1 Core Dump Files Screen ......................... .......................................... ..................... 882

53.5 The System Log Screen .................................................................................................. 883

Chapter 54

Reboot....................................................................................................................................885

54.1 Overview .......................................................................................................................... 885

54.1.1 What You Need To Know ....................................................................................... 885

54.2 The Reboot Screen .........................................................................................................885

Chapter 55

Shutdown...............................................................................................................................887

28

55.1 Overview .......................................................................................................................... 887

ZyWALL USG 1000 User’s Guide

Table of Contents

55.1.1 What You Need To Know ....................................................................................... 887

55.2 The Shutdown Screen ..................................................................................................... 887

Chapter 56

Troubleshooting....................................................................................................................889

56.1 Resetting the ZyWALL .....................................................................................................906

56.2 Getting More Troubleshooting Help ................................................................................. 907

Chapter 57

Product Specifications.........................................................................................................909

57.1 3G PCMCIA Card Installation .................................. ........................................................ 915

Appendix A Log Descriptions...............................................................................................917

Appendix B Common Services.............................................................................................977

Appendix C Displaying Anti-Virus Alert Messages in Windows............................................981

Appendix D Importing Certificates........................................................................................987

Appendix E Open Software Announcements.....................................................................1013

Appendix F Legal Information ............................................................................................1071

Index.....................................................................................................................................1075

ZyWALL USG 1000 User’s Guide

29

Table of Contents

30

ZyWALL USG 1000 User’s Guide