How it Works
Zyxel
Loading...
ZYWALL USG 2000
Support Notes
227 pgs19.08 Mb0
installation guide
120 pgs4.24 Mb0
user manual
964 pgs22.75 Mb0
BROCHURE
4 pgs198.87 Kb0
specifcations
6 pgs935.55 Kb0
user manual
160 pgs52.96 Mb0
user manual
6 pgs1.24 Mb0
Table of contents
Loading...

Zyxel ZYWALL USG 2000 user manual

ZyWALL USG 2000

Unified Security Gateway
LAN Port P1 IP Address http://192.168.1.1 User Name admin Password 1234
www.zyxel.com
Firmware Version 2.11 Edition 1, 2/2009
www.zyxel.com
Copyright © 2009 ZyXEL Communications Corporation

About This User's Guide

About This User's Guide
Intended Audience
This manual is intended for people who want to want to configure the ZyWALL using the web configurator.
How To Use This Guide
•Read Chapter 1 on page 31 chapter for an overview of features available on the ZyWALL.
•Read Chapter 3 on page 47 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL web configurator.
•Read Chapter 4 on page 59 if you’re using the wizards for first time setup and you want more detailed information than what the real time online help provides.
• It is highly recommended you read Chapter 5 on page 101 for detailed information on essential terms us ed in the ZyWALL, what prerequisites are needed to configure a feature and how to use that feature.
• It is highly recommended you read Chapter 6 on page 119 for ZyWALL application examples.
• Subsequent chapters are arranged by menu item as defined in the web configurator. Read each chapter carefully for detailed information on that menu item.
• To find specific information in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find the information you require.
Related Documentation
•Quick Start Guide The Quick Start Guide is designed to show you how to make the ZyWALL
hardware connections, rack mounting an d access the web configur ator wizards. (See the wizard real time help for information on configuring each screen.) It contains a connection diagram, default settings, handy checklists and information on setting up your network and configuring for Internet access.
•CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI)
to configure the ZyWALL.
Note: It is recommended you use the web configurator to configure the ZyWALL.
ZyWALL USG 2000 User’s Guide
3
About This User's Guide
• Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and
supplementary information.
• Support Disc Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
product certifications.
for additional support documentation and
User Guide Feedback
Help us help you. Send all User Guide-related comments, questi ons or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you canno t contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See ht t p ://www.zyxel.com/ web/contact_us.php for contact information. Please have the following information ready when you contact an office.
4
• Product model and serial number.
•Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Disclaimer
Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software fo r y our dev ice. Ev ery effort has been made to ensur e that the information in this manual is accurate.
ZyWALL USG 2000 User’s Guide

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL USG 2000 may be referred to as the “ZyWALL”, the “device”, the “system” or the “product” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “ret urn” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click
Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
ZyWALL USG 2000 User’s Guide
5
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
6
ZyWALL USG 2000 User’s Guide

Safety Warnings

Safety Warnings
• Do NOT use this product near water, for example, in a wet basement or n ear a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Caution: This unit has more than one power supply cord. Disconnect two power supply cords before servicing to avoid electric shock. (has multiple power cords, e.g., chassis­based Ethernet switch. Make sure you specify the correct number of power cords in both the English and the French that follows)
• Attention: Cet appareil comporte plus d'un cordon d'alimentation. Afin de prévenir les chocs électriques, debrancher les deux cordons d'alimentation avant de faire le dépannage.
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately.
ZyWALL USG 2000 User’s Guide
7
Safety Warnings
8
ZyWALL USG 2000 User’s Guide

Contents Overview

Contents Overview
Getting Started .......................................................................................................................29
Introducing the ZyWALL ............................................................................................................ 31
Features and Applications ......................................................................................................... 39
Web Configurator ............................................. ... ... ... .... ............................................. ... ... .......... 47
Wizard Setup ............................................................................................................................. 59
Configuration Basics .............. ... ... ............................................................................................ 101
Tutorials ....................................................................................................................................119
Status ............................................................... ...................... ....................... ........................... 149
Registration ............................................................................................................................. 165
Signature Update .....................................................................................................................171
Network .................................................................................................................................179
Interface .................................... ....................... ...................... ....................... ........................... 181
Trunks .................................................... .......................................... ........................................ 239
Policy and Static Routes ..........................................................................................................249
Routing Protocols ....................................................................................................................263
Zones .................................. ................... ................... .................... ................... ........................ 275
DDNS ...................................................................................................................................... 279
Virtual Servers ......................................................................................................................... 287
HTTP Redirect ........................................................................................................................ 301
ALG ......................................................................................................................................... 305
IP/MAC Binding ....................................................................................................................... 313
Firewall ..................................................................................................................................319
Firewall .................................................................................................................................... 321
VPN ........................................................................................................................................337
IPSec VPN ................... ... .............................................. ... ... ... .... ... ... ........................................ 339
SSL VPN ................................................................................................................................. 379
SSL User Screens ................................................................................................................... 391
SSL User Application Screens ................................................................................................ 399
SSL User File Sharing ............................................................................................................. 401
L2TP VPN ................................................................................................................................ 409
L2TP VPN Example .................................................................................................................415
Application Patrol ................................................................................................................443
Application Patrol .....................................................................................................................445
ZyWALL USG 2000 User’s Guide
9
Contents Overview
Anti-X ....................................................................................................................................471
Anti-Virus ................................................................................................................................. 473
IDP .......................................................................................................................................... 489
ADP ........................................................................................................................................ 523
Content Filtering ..................................................................................................................... 543
Content Filter Reports ............................................................................................................. 567
Anti-Spam ................................................................................................................................ 575
Device HA .............................................................................................................................591
Device HA ............................................................................................................................... 593
Objects ..................................................................................................................................611
User/Group .............................................................................................................................. 613
Addresses ............................................................................................................................... 629
Services ................................. ....................................................... ........................................... 635
Schedules ................................. ................................................. .............................................. 641
AAA Server ............................................................................................................................. 647
Authentication Method ................................. ................................................. ... ... .... ................. 659
Certificates ................................... ....................... ....................... ...................... ........................ 663
ISP Accounts ......................................... ... ... .... ... ... ..................................................................685
SSL Application ....................................................................................................................... 689
System ..................................................................................................................................695
System ................................................................................................................................... 697
Maintenance, Troubleshooting, & Specifications .............................................................747
File Manager ........................................................................................................................... 749
Logs ........................................................................................................................................761
Reports ................................................................................................................................... 775
Diagnostics ............................................................................................................................. 793
Reboot ..................................................................................................................................... 795
Troubleshooting ..................................................... .................................................................. 797
Product Specifications ............................................................................................................. 803
Appendices and Index .........................................................................................................809
10
ZyWALL USG 2000 User’s Guide

Table of Contents

Table of Contents
About This User's Guide..........................................................................................................3
Document Conventions............................................................................................................5
Safety Warnings ........................................................................................................................7
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
Part I: Getting Started............................................................................ 29
Chapter 1
Introducing the ZyWALL ........................................................................................................31
1.1 Overview and Key Default Settings .....................................................................................31
1.2 Front Panel ......................................... ... .... ............................................. ... ... .... ... ... ............. 32
1.2.1 Dual Personality Interfaces ........................................................................................ 32
1.2.2 Front Panel LEDs .......................................... ............................................................. 35
1.3 Management Overview .......... .... ... ... ................................................ .... ... .............................36
1.4 Starting and Stopping the ZyWALL ............................ ... ................................................ .... ... 37
Chapter 2
Features and Applications.....................................................................................................39
2.1 Features ............................................. ... .... ... ............................................. ... .... ... ... .............39
2.2 Packet Flow ........................................ ............................................. .... ... ... ... .... ... ... .............41
2.2.1 Interface to Interface (Through ZyWALL) ...................................................................42
2.2.2 Interface to Interface (To/From ZyWALL) ................................................ ...................42
2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 42
2.2.4 Interface to Interface (To VPN Tunnel) .......................................................................42
2.3 Applications .................................................. ... ... .... ... ... ... .... ................................................ 43
2.3.1 VPN Connectivity ............. ............................................. ... ... ... .... ... ... .......................... 43
2.3.2 SSL VPN Network Access ........ ... .... ... ... ... .... ... ... ............................................. ... .... ... 43
2.3.3 User-Aware Access Control ....................................................................................... 45
2.3.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ....................................................... 45
2.3.5 Device HA .................... .... ............................................. ... ... ... .... ... ... ... ....................... 46
Chapter 3
Web Configurator....................................................................................................................47
ZyWALL USG 2000 User’s Guide
11
Table of Contents
3.1 Web Configurator Requirements ......................................................................................... 47
3.2 Web Configurator Access ....................................................................................................47
3.3 Web Configurator Main Screen ........................................................................................... 49
3.3.1 Title Bar .................................. ... ............................................. .... ... ... .......................... 50
3.3.2 Navigation Panel .......... .... ... ... ... ................................................................................. 50
3.3.3 Main Window .......................... ... ............................................. .... ... ... ... .... ... ... .............55
3.3.4 Message Bar ... .... ... ... ... .............................................. ... ... ... ... .... ... .............................55
Chapter 4
Wizard Setup...........................................................................................................................59
4.1 Wizard Setup Overview ....................................................................................................... 59
4.2 Installation Setup, One ISP ................................................................................................. 60
4.3 Step 1 Internet Access ........................................... ... ..........................................................62
4.3.1 Ethernet: Auto IP Address Assignment ......................................................................62
4.3.2 Ethernet: Static IP Address Assignment .................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... 63
4.3.3 Step 2 Internet Access Ethernet ................................................... ... ... .... ... ... ... .......... 64
4.3.4 PPPoE: Auto IP Address Assignment ........................................................................ 66
4.3.5 PPPoE: Static IP Address Assignment ...................................................................... 68
4.3.6 Step 2 Internet Access PPPoE ..................................................................................69
4.3.7 PPTP: Auto IP Address Assignment .......................................................................... 71
4.3.8 PPTP: Static IP Address Assignment ......................................................................... 74
4.3.9 Step 2 Internet Access PPTP ................... .... ... ... ... .... ... ... ... ... .................................... 75
4.3.10 Step 4 Internet Access - Finish ............................................................................... 77
4.4 Device Registration .......................................................................................................... 77
4.5 Installation Setup, Two Internet Service Providers .............................................................. 80
4.5.1 Internet Access Wizard Setup Complete ................................................................... 83
4.6 VPN Setup .......................... ... .... ... ... ... ............................................. .... ... ... ... .... ... ................ 84
4.7 VPN Wizards ......................................................................................................................85
4.7.1 VPN Express Wizard ..................................................................................................85
4.8 VPN Express Wizard - Scenario ......................................................................................... 86
4.8.1 VPN Express Wizard - Policy Setting ........................................................................ 88
4.8.2 VPN Express Wizard - Summary ....................................................................... .... ... 89
4.8.3 VPN Express Wizard - Finish .................................................................................... 90
4.8.4 VPN Advanced Wizard ........................ ... ... ................................................................. 91
4.8.5 VPN Advanced Wizard - Advanced Settings ............................................................ 94
4.8.6 VPN Advanced Wizard - Phase 2 ............................................................................. 96
4.8.7 VPN Advanced Wizard - Summary ........................................................................... 98
4.8.8 VPN Advanced Wizard - Finish ................................................................................. 99
Chapter 5
Configuration Basics............................................................................................................101
5.1 Object-based Configuration .......................................................................... .... ... ... ........... 101
5.2 Zones, Interfaces, and Physical Ports ............................................................................... 102
12
ZyWALL USG 2000 User’s Guide
Table of Contents
5.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... ........................ 102
5.2.2 Default Interface and Zone Configuration ................................................................103
5.3 Terminology in the ZyWALL ................... .... ... ... ... .... ............................................. ... ... ... .... . 104
5.4 Feature Configuration Overview ....................................................................................... 105
5.4.1 Feature ...................................... ... .... ... ... ... .... ... ............................................. ... ... ..... 105
5.4.2 Interface .................... ... .............................................. ... ... ... ... .... ... ... ........................ 106
5.4.3 Trunks ............. .... ... ............................................. ... .... ... ... ........................................ 106
5.4.4 IPSec VPN ................ ... .... ... ... ... ... .... ............................................. ... ... .... ... ... ... ... .....107
5.4.5 SSL VPN ...... ... .... ... ... ............................................. .... ... ... ........................................107
5.4.6 L2TP VPN .............................................................. .... ... ... ... ... .... ... ........................... 107
5.4.7 Zones ............................................................ ... ... ... ............................................. ..... 108
5.4.8 Device HA .................... .... ............................................. ... ... ... .... ... ... ... .....................108
5.4.9 DDNS ..... ............................................. ... ... .... ... ............................................. ... ... ..... 108
5.4.10 Policy Routes ......................................................................................................... 108
5.4.11 Static Routes ...........................................................................................................110
5.4.12 Firewall ....................................................................................................................110
5.4.13 Application Patrol ....................................................................................................111
5.4.14 Anti-Virus .................................................................................................................111
5.4.15 IDP ..........................................................................................................................112
5.4.16 ADP .........................................................................................................................112
5.4.17 Content Filter ...........................................................................................................112
5.4.18 Anti-Spam ................................................................................................................113
5.4.19 Virtual Server (Port Forwarding) .................................................... ... .... ... ... ... ... .... ..113
5.4.20 HTTP Redirect ........................................................................................................114
5.4.21 ALG .........................................................................................................................115
5.5 Objects ............................................ ... ... .............................................. ... ... ... .... ... ...............115
5.5.1 User/Group ....................... ... ............................................. ... ... .... ... ... ... ......................116
5.6 System Management and Maintenance .............................................................................116
5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .......... ... ...... 116
5.6.2 File Manager ....................... ... ... ... .............................................................................117
5.6.3 Licensing Registration ............................... .... ............................................................117
5.6.4 Licensing Update ................................................... .... ... ... ... ... .... ... ... ... ......................118
5.6.5 Logs and Reports ......................................................................................................118
5.6.6 Diagnostics ................ ... .... ... ... ... ... .............................................. ... ... ... .... ..................118
Chapter 6
Tutorials.................................................................................................................................119
6.1 How to Configure Interfaces, Port Grouping, and Zones . .... ... ............................................ 119
6.1.1 Configure a WAN Ethernet Interface ............................. ... ... ... .... ... ... ... .... ... ... ... ... .... . 120
6.1.2 Configure Zones ........................... .... ... ... ... .... ... ... ... ................................................. . 120
6.1.3 Configure Port Grouping .......................................................................................... 121
6.2 How to Configure Load Balancing ..................................................................................... 122
6.2.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 123
ZyWALL USG 2000 User’s Guide
13
Table of Contents
6.2.2 Configure the WAN Trunk ........................................................................................ 123
6.3 How to Set Up an IPSec VPN Tunnel ................................................................................ 124
6.3.1 Set Up the VPN Gateway ......................................................................................... 125
6.3.2 Set Up the VPN Connection ..................................................................................... 125
6.3.3 Set Up the Policy Route for the VPN Tunnel ............................................................ 126
6.3.4 Configure Security Policies for the VPN Tunnel ...................................... ................. 128
6.4 How to Configure User-aware Access Control .................................................................. 128
6.4.1 Set Up User Accounts .............................................................................................. 128
6.4.2 Set Up User Groups ................................................................................................. 129
6.4.3 Set Up User Authentication Using the RADIUS Server ............................. ... ... ... .....129
6.4.4 Set Up Web Surfing Policies With Bandwidth Restrictions ...................................... 131
6.4.5 Set Up MSN Policies ................................................................................................ 133
6.4.6 Set Up Firewall Rules ............................................................................................... 134
6.5 How to Configure Service Control ..................................................................................... 135
6.5.1 Allow HTTPS Administrator Access Only From the LAN ......................................... 135
6.6 How to Allow Incoming H.323 Peer-to-peer Calls .................................................. ... ... .... . 138
6.6.1 Turn On the ALG .............................. ... ............................................. ... .... ... ... ...........139
6.6.2 Set Up a Virtual Server Policy For H.323 .................................................................139
6.6.3 Set Up a Firewall Rule For H.323 ............................................................................ 140
6.7 How to Use Active-Passive Device HA ............................................................................. 141
6.7.1 Before You Start ........................ ............................................. .... ... ... ... .... ... .............. 1 42
6.7.2 Configure Device HA on the Master ZyWALL ........................ .................................. 1 43
6.7.3 Configure the Backup ZyWALL ................................................................................ 144
6.7.4 Deploy the Backup ZyWALL .................................................................................... 145
6.7.5 Check Your Device HA Setup .................................................................................. 146
6.8 How to Allow Public Access to a Server ............................................................................146
6.8.1 Create the Address Objects ................................................... .... ... ........................... 146
6.8.2 Configure a Virtual Server ........................................................................................ 147
Chapter 7
Status.....................................................................................................................................149
7.1 Overview ............. ............................................. ... .... ... ... ... .... .............................................. 149
7.1.1 What You Can Do in the Status Screens ..................................................................149
7.2 The Status Screen ............................................................................................................. 150
7.2.1 The CPU Usage Screen ........................................................................................... 155
7.2.2 The Memory Usage Screen ................... ... .... ... ... ... .... .............................................. 156
7.2.3 The Session Usage Screen .......................................................... ........................... 157
7.2.4 The VPN Status Screen ...... ... ... ............................................................................... 158
7.2.5 The DHCP Table Screen ..........................................................................................159
7.2.6 The Port Statistics Screen ................ ... ... ... .... ... ... ... .... .............................................. 160
7.2.7 The Port Statistics Graph Screen .................. ... ... ... ................................................. . 161
7.2.8 The Current Users Screen ..................... ... .... ... ... ... .... ... ... ........................................ 162
7.2.9 The SEM Status Detail Screen ................................................................................. 162
14
ZyWALL USG 2000 User’s Guide
Table of Contents
Chapter 8
Registration...........................................................................................................................165
8.1 Overview ............. ............................................. ... .... ... ... ... .... .............................................. 165
8.1.1 What You Can Do in the Registration Screens ........................................................ 165
8.1.2 What you Need to Know About Service Registration .............................. ................. 1 65
8.2 The Registration Screen ....................................................................................................167
8.3 The Service Screen ................................... ............................................. ... ... .... ... ... ... ........169
Chapter 9
Signature Update..................................................................................................................171
9.1 Overview ............. ............................................. ... .... ... ... ... .... .............................................. 171
9.1.1 What You Can Do in the Update Screens ........................ ........................................ 171
9.1.2 What you Need to Know About Signature Updates ................................ ... ... ... ... .... . 171
9.2 The Antivirus Update Screen .............................................................................................172
9.3 The IDP/AppPatrol Update Screen ............................... ....................... ...................... ........ 173
9.4 The System Protect Update Screen .. ... ............................................................................ 175
Part II: Network..................................................................................... 179
Chapter 10
Interface.................................................................................................................................181
10.1 Interface Overview ........................................................................................................... 181
10.1.1 What You Can Do in the Interface Screens ................................................. ... ... .... . 181
10.1.2 What You Need to Know About Interfaces .............................................................182
10.2 Interface Status Screen ...................................................................................................185
10.3 Port Grouping ................................................................................................................. 188
10.3.1 Port Grouping Overview .................... .......................................... ........................... 188
10.3.2 Port Grouping Screen ............................................................................................ 189
10.4 Ethernet Summary Screen .............................................................................................. 190
10.4.1 Ethernet Edit .........................................................................................................191
10.5 The Static DHCP Screen ................................................................................................. 198
10.6 The PPP Interfaces ........................................................................................................ 198
10.6.1 PPPoE/PPTP Overview ......................................................................................... 199
10.6.2 PPPoE/PPTP Interfaces Overview ........................................................................ 199
10.6.3 PPP Interface Summary ......................................................................................... 200
10.6.4 PPP Interface Add/Edit ......................................................................................... 202
10.7 Cellular Configuration Screen (3G) ................................................................................. 205
10.7.1 Cellular Add/Edit Screen ......................... ............................................................... 208
10.8 Cellular Status Screen ..................................................................................................... 212
10.9 VLAN Interfaces ............................................................................................................. 214
10.9.1 VLAN Overview ...................................................................................................... 214
ZyWALL USG 2000 User’s Guide
15
Table of Contents
10.9.2 VLAN Interfaces Overview .......................... ........................................................... 216
10.9.3 VLAN Summary Screen ............. .... ... ..................................................................... 216
10.9.4 VLAN Add/Edit ...................................................................................................... 217
10.10 Bridge Interfaces .......................................................................................................... 222
10.10.1 Bridge Overview ................................................................................................... 222
10.10.2 Bridge Interface Overview ....................................................................................223
10.10.3 Bridge Summary .................................................................................................. 224
10.10.4 Bridge Add/Edit .............................. ... ... .... ... ... ... .... ... ... ... ... .... ... ........................... 225
10.11 Auxiliary Interface .............................................................. ........................................... 230
10.11.1 Auxiliary Interface Overview ............ ..................................................................... 230
10.11.2 Auxiliary .................... .... ... ... ... ... .............................................. ... ... ... .... ... ... ...........231
10.12 Virtual Interfaces ...........................................................................................................233
10.12.1 Virtual Interfaces Add/Edit .................................................................................... 233
10.13 Interface Technical Reference ....................................................................................... 235
Chapter 11
Trunks....................................................................................................................................239
11.1 Overview .......................................................................................................................... 239
11.1.1 What You Can Do in the Trunk Screens ................................................... .............. 239
11.1.2 What You Need to Know About Trunks .................................................................. 240
11.2 The Trunk Summary Screen ............................................................................................243
11.3 Configuring a Trunk ........................................................................................................245
11.4 Trunk Technical Reference .............................................................................................. 246
Chapter 12
Policy and Static Routes......................................................................................................249
12.1 Policy and Static Routes Overview .................................................................................. 249
12.1.1 What You Can Do in the Policy and Static Route Screens .....................................250
12.1.2 What You Need to Know About Policy and Static Routing .....................................250
12.2 Policy Route Screen ........................................................................................................ 251
12.2.1 Policy Route Edit Screen ....................................................................................... 253
12.3 IP Static Route Screen ....................................................................................................257
12.3.1 Static Route Add/Edit Screen ................................................................................. 258
12.4 Policy Routing Technical Reference ................................................................................ 259
Chapter 13
Routing Protocols .................................................................................................................263
16
13.1 Routing Protocols Overview ............................................................................................ 263
13.1.1 What You Can Do in the RIP and OSPF Screens ............. ... .... ... ........................... 263
13.1.2 What You Need to Know About Routing Protocols ................................................ 263
13.2 The RIP Screen ... ... .... ... ... ... .... ... ... ... ... ................................................. ... ... .... ... ..............264
13.3 The OSPF Screen ............... .... ... ... ................................................ .... ... ... ........................265
13.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 269
ZyWALL USG 2000 User’s Guide
Table of Contents
13.3.2 OSPF Area Add/Edit Screen .................................................................................271
13.4 Routing Protocol Technical Reference ............................................................................ 273
Chapter 14
Zones .....................................................................................................................................275
14.1 Zones Overview ...............................................................................................................275
14.1.1 What You Can Do in the Zones Screens ................................................................ 275
14.1.2 What You Need to Know About Zones ................................................................... 276
14.2 The Zone Screen ..................................... ... ................................................ .... ... ..............277
14.3 Zone Add/Edit ................................................................................................................. 278
Chapter 15
DDNS......................................................................................................................................279
15.1 DDNS Overview .............................................................................................................. 279
15.1.1 What You Can Do in the DDNS Screens ............................................................... 279
15.1.2 What You Need to Know About DDNS ................................................................... 279
15.2 The DDNS Screen ...........................................................................................................280
15.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 282
15.3 The DDNS Status Screen ................................................................................................285
Chapter 16
Virtual Servers.......................................................................................................................287
16.1 Virtual Servers Overview ................................................................................................. 287
16.1.1 What You Can Do in the Virtual Server Screens ....................................................287
16.1.2 What You Need to Know About Virtual Servers ..................................................... 287
16.2 The Virtual Server Screen ............................................................................................... 288
16.2.1 The Virtual Server Add/Edit Screen ....................................................................... 289
16.3 NAT 1:1 and NAT Loopback Examples ........................................................................... 292
Chapter 17
HTTP Redirect......................................................................................................................301
17.1 Overview .......................................................................................................................... 301
17.1.1 What You Can Do in the HTTP Redirect Screens .................................................. 301
17.1.2 What You Need to Know About HTTP Redirect ............................. ........................302
17.2 The HTTP Redirect Screen ............................................................................................. 303
17.2.1 The HTTP Redirect Edit Screen ............................................................................. 304
Chapter 18
ALG ........................................................................................................................................305
18.1 ALG Overview ................................................................................................................. 305
18.1.1 What You Can Do in the ALG Screen ....................................................................305
18.1.2 What You Need to Know About ALG ..................................................................... 306
18.1.3 Before You Begin ...................................................................................................308
ZyWALL USG 2000 User’s Guide
17
Table of Contents
18.2 The ALG Screen .............................................................................................................. 308
18.3 ALG Technical Reference ................................................................................................ 310
Chapter 19
IP/MAC Binding.....................................................................................................................313
19.1 IP/MAC Binding Overview ............................................................................................... 313
19.1.1 What You Can Do in the IP/MAC Binding Screens .................................. ... ... ... .... . 313
19.1.2 What You Need to Know About IP/MAC Binding ................................................... 314
19.2 IP/MAC Binding Summary ............................................................................................... 314
19.2.1 IP/MAC Binding Edit ............................................................................................... 315
19.2.2 Static DHCP Edit .................................................................................................... 316
19.3 IP/MAC Binding Exempt List ........................................................................................... 317
19.4 IP/MAC Binding Monitor .................................................................................................. 317
Part III: Firewall .................................................................................... 319
Chapter 20
Firewall...................................................................................................................................321
20.1 Overview .......................................................................................................................... 321
20.1.1 What You Can Do in the Firewall Screens ............................................................. 321
20.1.2 What You Need to Know About the Firewall ..........................................................322
20.1.3 Firewall Rule Example Applications ....................................................................... 324
20.1.4 Firewall Rule Configuration Example ..................................................................... 326
20.2 The Firewall Screen ................. ... ... ... ... ................................................. ... ... .... ................. 328
20.2.1 Configuring the Firewall Screen ............................... .............................................. 329
20.2.2 The Firewall Edit Screen ............................................................. ... ... .... ... ... ... ... .... . 333
20.3 The Session Limit Screen ................................................................................................334
20.3.1 The Session Limit Edit Screen ............................................................................... 336
Part IV: VPN.......................................................................................... 337
Chapter 21
IPSec VPN..............................................................................................................................339
21.1 IPSec VPN Overview .......................................................................................................339
21.1.1 What You Can Do in the IPSec VPN Screens ........................................................ 340
21.1.2 What You Need to Know About IPSec VPN ........................................................... 340
21.1.3 Before You Begin ...................................................................................................341
21.2 The VPN Connection Screen .......................................................................................... 341
21.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 343
21.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 350
18
ZyWALL USG 2000 User’s Guide
Table of Contents
21.3 The VPN Gateway Screen .............................................................................................. 354
21.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 355
21.4 The VPN Concentrator Screen ........................................................................................ 363
21.4.1 The VPN Concentrator Add/Edit Screen .............................. .... ... ... ... .... ... ... ... ........364
21.5 The SA Monitor Screen ..................................................................................................366
21.6 IPSec VPN Background Information ............................................................................... 367
Chapter 22
SSL VPN.................................................................................................................................379
22.1 Overview .......................................................................................................................... 379
22.1.1 What You Can Do in the SSL VPN Screens ..........................................................379
22.1.2 What You Need to Know About SSL VPN .............................................................. 379
22.2 The SSL Access Privilege Screen ................................................................................... 381
22.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 383
22.3 The SSL VPN Connection Monitor Screen ...................................................................... 385
22.4 The SSL Global Setting Screen .................. ... ... ................................................. ... ... ... .... . 386
22.4.1 How to Upload a Custom Logo .............................................................................. 387
22.5 Establishing an SSL VPN Connection ............................................................................. 388
Chapter 23
SSL User Screens.................................................................................................................391
23.1 Overview .......................................................................................................................... 391
23.1.1 What You Need to Know About the SSL User Screens ......................................... 391
23.2 Remote User Login ..........................................................................................................392
23.3 The SSL VPN User Screens ................................................ ... ... ... .... ... ... ... .... ... ... ... ........395
23.4 Bookmarking the ZyWALL ............................................................................................... 396
23.5 Logging Out of the SSL VPN User Screens ....................................................................396
Chapter 24
SSL User Application Screens ............................................................................................399
24.1 SSL User Application Screens Overview ........................................................................ 399
24.2 The Application Screen ...................................................................................................399
Chapter 25
SSL User File Sharing ..........................................................................................................401
25.1 Overview .......................................................................................................................... 401
25.1.1 What You Need to Know About the SSL VPN File Sharing ................................... 401
25.2 The Main File Sharing Screen ......................................................................................... 402
25.3 Opening a File or Folder ................................... ....................................................... ........402
25.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 404
25.3.2 Saving a File ..........................................................................................................405
25.4 Creating a New Folder ......................... ....................... ....................... ...................... ........405
25.5 Renaming a File or Folder ............................................................................................... 406
ZyWALL USG 2000 User’s Guide
19
Table of Contents
25.6 Deleting a File or Folder ..................................................................................................406
25.7 Uploading a File ............................. ....................... ...................... ....................... .............. 407
Chapter 26
L2TP VPN...............................................................................................................................409
26.1 Overview .......................................................................................................................... 409
26.1.1 What You Can Do in the L2TP VPN Screens ......................................................... 409
26.1.2 What You Need to Know About L2TP VPN ....................... ................................ ..... 4 09
26.2 L2TP VPN Screen ............... .... ... ... ................................................ .... ... ... .........................411
26.3 L2TP VPN Session Monitor Screen ................................................................................ 412
Chapter 27
L2TP VPN Example...............................................................................................................415
27.1 L2TP VPN Example ....................... ... ... .... ... ... ... .... ... ... ................................................ .... . 415
27.2 Configuring the Default L2TP VPN Gateway Example .................................................... 416
27.3 Configuring the Default L2TP VPN Connection Example ................................................417
27.4 Configuring the L2TP VPN Settings Example .................................................................418
27.5 Configuring the Policy Route for L2TP Example ............................................................. 419
27.6 Configuring L2TP VPN in Windows XP and 2000 ........................................................... 420
27.6.1 Configuring L2TP in Windows XP .......................................................................... 420
27.6.2 Configuring L2TP in Windows 2000 ....................................................................... 426
Part V: Application Patrol.................................................................... 443
Chapter 28
Application Patrol.................................................................................................................445
28.1 Overview .......................................................................................................................... 445
28.1.1 What You Can Do in the Application Patrol Screens .............................................. 445
28.1.2 What You Need to Know About Application Patrol ................................................ 446
28.1.3 Application Patrol Bandwidth Management Examples ........................................... 450
28.2 Application Patrol General Screen ..................................................................................454
28.3 Application Patrol Applications ........................................................................................ 455
28.3.1 The Application Patrol Edit Screen ........................................................................ 456
28.3.2 The Application Patrol Policy Edit Screen ............................................................. 459
28.4 The Other Applications Screen ........................................................................................ 462
28.4.1 The Other Applications Add/Edit Screen ................................................................ 464
28.5 Application Patrol Statistics .............................................................................................466
28.5.1 Application Patrol Statistics: General Setup ................... ... ... .... ... ... ... .... ... ... ........... 467
28.5.2 Application Patrol Statistics: Bandwidth Statistics ....... ........................................... 468
28.5.3 Application Patrol Statistics: Protocol Statistics ..................................................... 469
20
ZyWALL USG 2000 User’s Guide
Table of Contents
Part VI: Anti-X....................................................................................... 471
Chapter 29
Anti-Virus...............................................................................................................................473
29.1 Overview .......................................................................................................................... 473
29.1.1 What You Can Do in the Anti-Virus Screens ..........................................................473
29.1.2 What You Need to Know About Anti-Virus ............................................................. 474
29.1.3 Before You Begin ...................................................................................................476
29.2 Anti-Virus Summary Screen ............. ................................................. ... ... ... .... ... ... ... ... .... . 476
29.2.1 Anti-Virus Policy Add or Edit Screen ......................................................................479
29.3 Anti-Virus Black List .........................................................................................................481
29.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 482
29.5 Anti-Virus White List ...... ... ... .... ... ... ... ... .... ... ... ... ................................................. ... ... ... ..... 484
29.6 Signature Searching ........................................................................................................ 485
29.7 Anti-Virus Technical Reference ........................................................................................ 487
Chapter 30
IDP.........................................................................................................................................489
30.1 Overview .......................................................................................................................... 489
30.1.1 What You Can Do Using the IDP Screens .................................. ... ... .... ... ... ........... 489
30.1.2 What You Need To Know About IDP ...................................................................... 489
30.1.3 Before You Begin ...................................................................................................490
30.2 The IDP General Screen ................................................................................................. 491
30.2.1 Configuring IDP Policies ........................................................................................ 493
30.3 Introducing IDP Profiles ................................................................................................. 494
30.3.1 Base Profiles ..........................................................................................................494
30.4 The Profile Summary Screen .......................................................................................... 495
30.5 Creating New Profiles ...................................................................................................... 496
30.5.1 Procedure To Create a New Profile ........................................................................ 496
30.6 Profiles: Packet Inspection ............................................................................................. 498
30.6.1 Policy Types ........................................................................................................... 501
30.6.2 IDP Service Groups ...............................................................................................502
30.6.3 Profile > Query View Screen .................................................................................. 504
30.6.4 Query Example ...................................................................................................... 505
30.7 Introducing IDP Custom Signatures ............................................................................... 506
30.7.1 IP Packet Header ...................................................................................................507
30.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 508
30.8.1 Creating or Editing a Custom Signature ................................................................ 510
30.8.2 Custom Signature Example ........................................... ... ..................................... 516
30.8.3 Applying Custom Signatures ..................................................................................519
30.8.4 Verifying Custom Signatures .................................................................................. 519
30.9 IDP Technical Reference ................................................................................................. 520
ZyWALL USG 2000 User’s Guide
21
Table of Contents
Chapter 31
ADP .......................................................................................................................................523
31.1 Overview .......................................................................................................................... 523
31.1.1 ADP and IDP Comparison ..................................................................................... 523
31.1.2 What You Can Do Using the ADP Screens ...........................................................523
31.1.3 What You Need To Know About ADP ..................................................................... 523
31.1.4 Before You Begin ...................................................................................................524
31.2 The ADP General Screen ........................ ................................................... ..................... 5 25
31.2.1 Configuring ADP Policies ............................... ........................................................ 526
31.3 The Profile Summary Screen .......................................................................................... 527
31.3.1 Base Profiles ..........................................................................................................528
31.3.2 Configuring The ADP Profile Summary Screen .....................................................528
31.3.3 Creating New ADP Profiles ............................ ........................................................ 529
31.3.4 Traffic Anomaly Profiles ........................................................................................ 529
31.3.5 Protocol Anomaly Profiles ................................... .... ... ... ... ..................................... 532
31.3.6 Protocol Anomaly Configuration ............................................................................. 532
31.4 Technical Reference ........................................................................................................534
Chapter 32
Content Filtering..................................................................................................................543
32.1 Overview .......................................................................................................................... 543
32.1.1 What You Can Do in the Content Filter Screens ............................... ..................... 543
32.1.2 What You Need to Know About Content Filtering .................................................. 543
32.1.3 Before You Begin ...................................................................................................545
32.2 Content Filter General Screen .................... ....................................................... ..............546
32.3 Content Filter Policy Add or Edit Screen ......................................................................... 549
32.4 Content Filter Profile Screen ..........................................................................................550
32.5 Content Filter Categories Screen ................................................................................... 550
32.6 Content Filter Customization Screen .............................................................................. 561
32.7 Content Filter Cache Screen ........................................................................................... 563
32.8 Content Filter Technical Reference ................................................................................. 566
Chapter 33
Content Filter Reports..........................................................................................................567
33.1 Overview .......................................................................................................................... 567
33.2 Viewing Content Filter Reports ............................................. ........................................... 567
Chapter 34
Anti-Spam..............................................................................................................................575
22
34.1 Overview .......................................................................................................................... 575
34.1.1 What You Can Do in the Anti-Spam Screens ................................. ........................575
34.1.2 What You Need to Know About Anti-Spam ............................................................575
34.2 Before You Begin ............................................................................................................. 578
ZyWALL USG 2000 User’s Guide
Table of Contents
34.3 The Anti-Spam General Screen ....................................................................................... 578
34.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 579
34.4 The Anti-Spam Black List Screen .................................................................................... 581
34.4.1 The Anti-Spam Black or White List Add/Edit Screen .............................................. 583
34.4.2 Regular Expressions in Black or White List Entries ............................................... 584
34.5 The Anti-Spam White List Screen ....................................................................................585
34.6 The DNSBL Screen ......................................................................................................... 586
34.6.1 The DNSBL Add/Edit Screen ............................ ..................................................... 588
34.7 The Anti-Spam Status Screen .........................................................................................589
Part VII: Device HA............................................................................... 591
Chapter 35
Device HA.............................................................................................................................593
35.1 Overview .......................................................................................................................... 593
35.1.1 What You Can Do in the Device HA Screens ......................................................... 593
35.1.2 What You Need to Know About Device HA ............................................................ 593
35.1.3 Before You Begin ...................................................................................................594
35.2 Device HA General ..........................................................................................................595
35.3 The Active-Passive Mode Screen ................................................................................... 596
35.3.1 Configuring Active-Passive Mode Device HA ........................................................598
35.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 601
35.5 The Legacy Mode Screen ............................................................................................... 602
35.6 Configuring the Legacy Mode Screen ........ ... ... .... ... ............................................. ... ... .... . 603
35.7 The Legacy Mode Add/Edit Screen ................................................................................. 605
35.8 Device HA Technical Reference ...................................................................................... 608
Part VIII: Objects...................................................................................611
Chapter 36
User/Group............................................................................................................................613
36.1 Overview .......................................................................................................................... 613
36.1.1 What You Can Do Using The User/Group Screens ............................................... 613
36.1.2 What You Need To Know About User/Groups ............................................. .......... . 613
36.2 User Summary Screen .................................................................................................... 616
36.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 616
36.3 User Group Summary Screen ......................................................................................... 619
36.3.1 Group Add/Edit Screen .......................................................................................... 620
36.4 Setting Screen ................................................................................................................ 620
36.4.1 Force User Authentication Policy Add/Edit Screen ................................................624
ZyWALL USG 2000 User’s Guide
23
Table of Contents
36.4.2 User Aware Login Example ............... ... ... .... ... ........................................................ 625
36.5 User /Group Technical Reference ................................................................................... 626
Chapter 37
Addresses.............................................................................................................................629
37.1 Overview .......................................................................................................................... 629
37.1.1 What You Can Do Using The Addresses Screens ................................ .................629
37.1.2 What You Need To Know About Addresses /Groups ............................................. 629
37.2 Address Summary Screen ....................... ........................................................................ 629
37.2.1 Address Add/Edit Screen ....................................................................................... 631
37.3 Address Group Summary Screen ............................... ....................... ......................... ..... 632
37.3.1 Address Group Add/Edit Screen ............................................................................ 633
Chapter 38
Services.................................................................................................................................635
38.1 Overview .......................................................................................................................... 635
38.1.1 What You Can Do in the Services Screens ....................................... ..................... 635
38.1.2 What You Need to Know About Protocols ................................ .............................. 635
38.2 The Service Summary Screen ....................... .......................... .......................... .............. 636
38.2.1 The Service Add/Edit Screen ............................ ..................................................... 638
38.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... ................. 6 38
38.3.1 The Service Group Add/Edit Screen ...................................................................... 640
Chapter 39
Schedules..............................................................................................................................641
39.1 Overview .......................................................................................................................... 641
39.1.1 What You Can Do in the Schedule Screens ........................................................... 641
39.1.2 What You Need to Know About Schedules ....................... ..................................... 641
39.2 The Schedule Summary Screen ...................................................................................... 642
39.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 643
39.2.2 The Recurring Schedule Add/Edit Screen ............................................... ... ... ... .... . 644
Chapter 40
AAA Server...........................................................................................................................647
40.1 Overview .......................................................................................................................... 647
40.1.1 Directory Service (AD/LDAP) Overview ............................ ... .... ... ... ... .... ... .............. 6 47
40.1.2 RADIUS Server Overview ......................................................................................648
40.1.3 ASAS ...................................................................................................................... 648
40.1.4 What You Can Do Using The AAA Screens ...........................................................648
40.1.5 What You Need To Know About AAA Servers .......................................................649
40.2 Active Directory or LDAP Default Server Screen ....................... ... .... ... ... ... .... ... ... ... ... .... . 649
40.2.1 Configuring Active Directory or LDAP Default Server Settings ... ... ... .... ... ... ... ... .... . 651
40.3 Active Directory or LDAP Group Summary Screen ......................................................... 652
24
ZyWALL USG 2000 User’s Guide
Table of Contents
40.3.1 Creating an Active Directory or LDAP Group ......................................................... 653
40.4 Configuring a Default RADIUS Server ............................................................................. 654
40.5 Configuring a Group of RADIUS Servers ....................................................................... 655
40.5.1 Adding a RADIUS Server Member ......................................................................... 656
Chapter 41
Authentication Method.........................................................................................................659
41.1 Overview .......................................................................................................................... 659
41.1.1 What You Can Do Using The Auth. Method Screens ............................... ... ... ... .... . 659
41.1.2 Before You Begin ...................................................................................................659
41.1.3 Example: Selecting a VPN Authentication Method ................................................ 659
41.2 Viewing Authentication Method Objects ..........................................................................660
41.3 Creating an Authentication Method Object ...................................................................... 661
Chapter 42
Certificates ............................................................................................................................663
42.1 Overview .......................................................................................................................... 663
42.1.1 What You Can Do in the Certificate Screens .........................................................663
42.1.2 What You Need to Know About Certificates ........................................................... 663
42.1.3 Verifying a Certificate .............................................................................................665
42.2 The My Certificates Screen ............................................................................................. 667
42.2.1 The My Certificates Add Screen ............................................................................ 668
42.2.2 The My Certificates Edit Screen ........... ............................................. .... ... ... ... ... .... . 673
42.2.3 The My Certificates Import Screen ........................................................................ 676
42.3 The Trusted Certificates Screen ..................................................................................... 677
42.3.1 The Trusted Certificates Edit Screen .................................................................... 678
42.3.2 The Trusted Certificates Import Screen ................................................................682
42.4 Certificates Technical Reference ..................................................................................... 683
42.4.1 OCSP .....................................................................................................................683
Chapter 43
ISP Accounts.........................................................................................................................685
43.1 Overview .......................................................................................................................... 685
43.1.1 What You Can Do in the ISP Account Screens ...................................................... 685
43.2 ISP Account Summary .................................................................................................... 685
43.2.1 ISP Account Edit ................................................................................................... 686
Chapter 44
SSL Application ....................................................................................................................689
44.1 Overview .......................................................................................................................... 689
44.1.1 What You Can Do in the SSL Application Screens ............................... ... ... ... ... .... . 689
44.1.2 What You Need to Know About SSL Application Objects ...................................... 689
44.1.3 Example: Specifying a Web Site for Access .......................................................... 690
ZyWALL USG 2000 User’s Guide
25
Table of Contents
44.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 691
44.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 691
44.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 693
Part IX: System..................................................................................... 695
Chapter 45
System.................................................................................................................................697
45.1 Overview .......................................................................................................................... 697
45.1.1 What You Can Do In The System Screens ............................................................ 697
45.2 Host Name ....................................................................................................................... 698
45.3 Date and Time ................................................................................................................ 698
45.3.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 701
45.3.2 Time Server Synchronization ................................................................................. 702
45.4 Console Port Speed ......................................................................................................... 703
45.5 DNS Overview ................................................................................................................. 703
45.5.1 DNS Server Address Assignment .......................................................................... 703
45.5.2 Configuring the DNS Screen ................................ .......................................... ........ 704
45.5.3 Address Record .................................................................................................... 706
45.5.4 PTR Record ........................................................................................................... 707
45.5.5 Adding an Address/PTR Record ............................................................................ 707
45.5.6 Domain Zone Forwarder ............... ............................................. ... ... .... ................. 707
45.5.7 Adding a Domain Zone Forwarder ................................. ........................................ 7 08
45.5.8 MX Record ............................................................................................................709
45.5.9 Adding a MX Record ..............................................................................................709
45.5.10 Adding a DNS Service Control Rule ................................................................... . 709
45.6 WWW Overview ..............................................................................................................710
45.6.1 Service Access Limitations .....................................................................................711
45.6.2 System Timeout ......................................................................................................711
45.6.3 HTTPS ....................................................................................................................711
45.6.4 Configuring WWW .................................................................................................. 712
45.6.5 Service Control Rules ............................................................................................ 716
45.6.6 Customizing the WWW Login Page ....................................................................... 716
45.6.7 HTTPS Example ....................................................................................................720
45.7 SSH .............................................................................................................................. 728
45.7.1 How SSH Works ......................................................... ... ... ... .... ... ... ........................ 729
45.7.2 SSH Implementation on the ZyWALL ..................................................................... 730
45.7.3 Requirements for Using SSH ................................................................................. 730
45.7.4 Configuring SSH ....................................................................................................730
45.7.5 Secure Telnet Using SSH Examples ...................................................................... 732
45.8 Telnet .............................................................................................................................. 734
26
ZyWALL USG 2000 User’s Guide
Table of Contents
45.8.1 Configuring Telnet .................................................................................................. 734
45.9 FTP ................................................................................................................................. 735
45.9.1 Configuring FTP .....................................................................................................736
45.10 SNMP ........................................................................................................................... 737
45.10.1 Supported MIBs ................................................................................................... 739
45.10.2 SNMP Traps ......................................................................................................... 739
45.10.3 Configuring SNMP ............................................................................................... 739
45.11 Dial-in Management ..... ... ... .... ... ................................................ ... .... ..............................741
45.11.1 Configuring Dial-in Mgmt ........................... ... ... ................................................ .... . 742
45.12 Vantage CNM ...............................................................................................................743
45.12.1 Configuring Vantage CNM ................................................................................... 743
45.13 Language Screen .........................................................................................................744
Part X: Maintenance, Troubleshooting, & Specifications................. 747
Chapter 46
File Manager.........................................................................................................................749
46.1 Overview .......................................................................................................................... 749
46.1.1 What You Can Do in the File Manager Screens ..................................................... 749
46.1.2 What you Need to Know About the File Manager .................................................. 749
46.2 The Configuration File Screen .............................. ...................................................... .....752
46.3 The Firmware Package Screen ...................................................................................... 756
46.4 The Shell Script Screen .......................... ....................................................... .................758
Chapter 47
Logs ......................................................................................................................................761
47.1 Overview .......................................................................................................................... 761
47.2 What You Can Do In The Log Screens ............................................................................ 761
47.3 View Log Screen ................................................... ........................................................... 761
47.4 Log Setting Screens ....................................................................................................... 764
47.4.1 Log Setting Summary ............................................................................................. 765
47.4.2 Edit System Log Settings ......................................................................................766
47.4.3 Edit Remote Server Log Settings .......................................................................... 770
47.4.4 Active Log Summary Screen ................................ ............. .......... ............. ............. . 771
Chapter 48
Reports .................................................................................................................................775
48.1 Overview .......................................................................................................................... 775
48.1.1 What You Can Do in the Report Screens .......................................... ..................... 775
48.2 The Traffic Statistics Screen ............................................................................................ 775
48.3 The Session Monitor Screen .......................................................................................... 778
ZyWALL USG 2000 User’s Guide
27
Table of Contents
48.4 The Anti-Virus Report Screen .......................................................................................... 781
48.5 The IDP Report Screen .................... ... .... ........................................................................ 783
48.6 The Content Filter Report Screen ............................................................ ... .... ................. 785
48.7 The Anti-Spam Report Screen ......................................................................................... 787
48.8 The Email Daily Report Screen ....................................................................................... 790
Chapter 49
Diagnostics...........................................................................................................................793
49.1 The Diagnostics Screen .................................................................................................. 793
Chapter 50
Reboot....................................................................................................................................795
50.1 Overview .......................................................................................................................... 795
50.1.1 What You Need To Know About Reboot ................................................................ 795
50.2 The Reboot Screen .........................................................................................................795
Chapter 51
Troubleshooting....................................................................................................................797
51.1 Resetting the ZyWALL .....................................................................................................799
51.2 Changing a Power Module ............ ... ... .... ... ... ................................................. ... ... ........... 800
51.3 Getting More Troubleshooting Help ................................................................................. 802
Chapter 52
Product Specifications.........................................................................................................803
Part XI: Appendices and Index ........................................................... 809
Appendix A Log Descriptions...............................................................................................811
Appendix B Common Services.............................................................................................871
Appendix C Displaying Anti-Virus Alert Messages in Windows............................................875
Appendix D Importing Certificates........................................................................................881
Appendix E Open Software Announcements.......................................................................887
Appendix F Legal Information ..............................................................................................933
Index.......................................................................................................................................937
28
ZyWALL USG 2000 User’s Guide
PART I

Getting Started

Introducing the ZyWALL (31)
Features and Applications (39)
Web Configurator (47)
Configuration Basics (101)
Tutorials (119)
Status (149)
Registration (165)
Signature Update (171)
29
30
Loading...
+ 934 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use