Loading...
User’s Guide
ZyWALL USG FLEX
Series
Default Login Details
Version 4.60 Edition 1, 10/2020
LAN Port IP Address |
https://192.168.1.1 |
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
User Name |
|
|
admin |
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|||||||||||||
Password |
1234 |
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright © 2020 Zyxel Communications Corporation
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.
Note: The version number on the cover page refers to the Zyxel Device’s latest firmware version to which this User’s Guide applies.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator wizards. (See the wizard real time help for information on configuring each screen.) It also contains a connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
•Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and supplementary information.
•More Information
Go to support.zyxel.com to find other information on Zyxel Device.
ZyWALL USG FLEX Series User’s Guide
2
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Syntax Conventions
•All models in this series may be referred to as the “Zyxel Device” in this guide.
•Product labels, screen names, field labels and field choices are all in bold font.
•A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration > Network > Interface > Ethernet means you first click Configuration in the navigation panel, then Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your device.
Zyxel Device |
Generic Router |
Wireless Router / Access Point |
|
|
|
Switch |
Firewall |
Server |
|
|
|
Internet |
Network Cloud |
Smartphone |
|
|
|
USB Dongle |
|
|
|
|
|
ZyWALL USG FLEX Series User’s Guide
3
|
Contents Overview |
|
Contents Overview |
Introduction ........................................................................................................................................... |
27 |
Initial Setup Wizard ............................................................................................................................... |
51 |
Hardware, Interfaces and Zones ........................................................................................................ |
70 |
Quick Setup Wizards ............................................................................................................................. |
79 |
Dashboard .......................................................................................................................................... |
113 |
Monitor ................................................................................................................................................. |
124 |
Licensing .............................................................................................................................................. |
196 |
Wireless ................................................................................................................................................. |
202 |
Interfaces ............................................................................................................................................. |
228 |
Routing ................................................................................................................................................. |
325 |
DDNS ................................................................................................................................................... |
352 |
NAT ....................................................................................................................................................... |
358 |
Redirect Service .................................................................................................................................. |
375 |
ALG ....................................................................................................................................................... |
381 |
UPnP ..................................................................................................................................................... |
388 |
IP/MAC Binding ................................................................................................................................... |
403 |
Layer 2 Isolation .................................................................................................................................. |
408 |
DNS Inbound LB .................................................................................................................................. |
412 |
IPSec VPN ............................................................................................................................................ |
418 |
SSL VPN ................................................................................................................................................ |
454 |
L2TP VPN .............................................................................................................................................. |
460 |
BWM (Bandwidth Management) .................................................................................................. |
465 |
Web Authentication .......................................................................................................................... |
481 |
Hotspot ................................................................................................................................................ |
513 |
Printer Manager .................................................................................................................................. |
531 |
Free Time ............................................................................................................................................. |
543 |
IPnP ....................................................................................................................................................... |
548 |
Walled Garden ................................................................................................................................... |
551 |
Advertisement Screen ....................................................................................................................... |
557 |
Security Policy ..................................................................................................................................... |
560 |
Application Patrol ............................................................................................................................... |
586 |
Content Filter ....................................................................................................................................... |
595 |
Anti-Malware ....................................................................................................................................... |
620 |
Reputation Filter .................................................................................................................................. |
640 |
IDP ........................................................................................................................................................ |
651 |
Email Security ...................................................................................................................................... |
675 |
SSL Inspection ...................................................................................................................................... |
693 |
IP Exception ......................................................................................................................................... |
707 |
Object .................................................................................................................................................. |
710 |
ZyWALL USG FLEX Series User’s Guide |
|
4
|
Contents Overview |
Device HA ........................................................................................................................................... |
826 |
Cloud CNM ........................................................................................................................................ |
833 |
System .................................................................................................................................................. |
841 |
Log and Report ................................................................................................................................... |
902 |
File Manager ....................................................................................................................................... |
915 |
Diagnostics ......................................................................................................................................... |
931 |
Packet Flow Explore ........................................................................................................................... |
952 |
Shutdown ............................................................................................................................................. |
959 |
Troubleshooting .................................................................................................................................. |
963 |
ZyWALL USG FLEX Series User’s Guide
5
Table of Contents |
|
Table of Contents |
|
Document Conventions ...................................................................................................................... |
3 |
Contents Overview ............................................................................................................................. |
4 |
Table of Contents ................................................................................................................................. |
6 |
Part I: User’s Guide.......................................................................................... |
26 |
Chapter 1 |
|
Introduction ........................................................................................................................................ |
27 |
1.1 Overview ......................................................................................................................................... |
27 |
1.1.1 Model Feature Differences .................................................................................................. |
27 |
1.2 Registration at myZyxel .................................................................................................................. |
28 |
1.2.1 Grace Period ......................................................................................................................... |
29 |
1.2.2 Applications ........................................................................................................................... |
29 |
1.3 Management Overview ................................................................................................................ |
32 |
1.4 Web Configurator ........................................................................................................................... |
33 |
1.4.1 Web Configurator Access .................................................................................................... |
33 |
1.4.2 Web Configurator Screens Overview ................................................................................. |
36 |
1.4.3 Navigation Panel .................................................................................................................. |
40 |
1.4.4 Tables and Lists ...................................................................................................................... |
48 |
Chapter 2 |
|
Initial Setup Wizard............................................................................................................................. |
51 |
2.1 Initial Setup Wizard Screens .......................................................................................................... |
51 |
2.1.1 Internet Access Setup - WAN Interface ............................................................................. |
51 |
2.1.2 Internet Access: Ethernet .................................................................................................... |
52 |
2.1.3 Internet Access: PPPoE ......................................................................................................... |
53 |
2.1.4 Internet Access: PPTP ........................................................................................................... |
55 |
2.1.5 Internet Access: L2TP ............................................................................................................ |
57 |
2.1.6 Internet Access Setup - Second WAN Interface ............................................................... |
59 |
2.1.7 Internet Access: Congratulations ....................................................................................... |
60 |
2.1.8 Date and Time Settings ........................................................................................................ |
61 |
2.1.9 Register Device ..................................................................................................................... |
61 |
2.1.10 Activate Service .................................................................................................................. |
63 |
2.1.11 Service Settings .................................................................................................................... |
64 |
2.1.12 Service Settings: SecuReporter .......................................................................................... |
65 |
2.1.13 Wireless Settings: Management Mode ............................................................................. |
66 |
ZyWALL USG FLEX Series User’s Guide |
|
6
Table of Contents |
|
2.1.14 Wireless Settings: AP Controller ......................................................................................... |
67 |
2.1.15 Wireless Settings: SSID & Security ...................................................................................... |
67 |
2.1.16 Remote Management ...................................................................................................... |
68 |
Chapter 3 |
|
Hardware, Interfaces and Zones ...................................................................................................... |
70 |
3.1 Hardware Overview ....................................................................................................................... |
70 |
3.1.1 Front Panels ............................................................................................................................ |
70 |
3.1.2 Rear Panels ............................................................................................................................ |
72 |
3.2 Installation Scenarios ..................................................................................................................... |
74 |
3.2.1 Desktop Installation Procedure ........................................................................................... |
74 |
3.2.2 Rack-mounting ...................................................................................................................... |
75 |
3.2.3 Wall-mounting ....................................................................................................................... |
76 |
3.3 Default Zones, Interfaces, and Ports ............................................................................................ |
77 |
3.4 Stopping the Zyxel Device ............................................................................................................ |
78 |
Chapter 4 |
|
Quick Setup Wizards.......................................................................................................................... |
79 |
4.1 Quick Setup Overview ................................................................................................................... |
79 |
4.2 WAN Interface Quick Setup .......................................................................................................... |
80 |
4.2.1 Choose an Ethernet Interface ............................................................................................. |
80 |
4.2.2 Select WAN Type ................................................................................................................... |
81 |
4.2.3 Configure WAN IP Settings ................................................................................................... |
81 |
4.2.4 ISP and WAN and ISP Connection Settings ........................................................................ |
82 |
4.2.5 Quick Setup Interface Wizard: Summary ........................................................................... |
85 |
4.3 VPN Setup Wizard ........................................................................................................................... |
86 |
4.3.1 Welcome ................................................................................................................................ |
86 |
4.3.2 VPN Setup Wizard: Wizard Type .......................................................................................... |
87 |
4.3.3 VPN Express Wizard - Scenario ............................................................................................ |
88 |
4.3.4 VPN Express Wizard - Configuration ................................................................................... |
89 |
4.3.5 VPN Express Wizard - Summary ........................................................................................... |
89 |
4.3.6 VPN Express Wizard - Finish .................................................................................................. |
90 |
4.3.7 VPN Advanced Wizard - Scenario ..................................................................................... |
91 |
4.3.8 VPN Advanced Wizard - Phase 1 Settings ........................................................................ |
92 |
4.3.9 VPN Advanced Wizard - Phase 2 ....................................................................................... |
94 |
4.3.10 VPN Advanced Wizard - Summary .................................................................................. |
95 |
4.3.11 VPN Advanced Wizard - Finish ......................................................................................... |
97 |
4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ............................................. |
98 |
4.4.1 Configuration Provisioning Express Wizard - VPN Settings ............................................... |
98 |
4.4.2 Configuration Provisioning VPN Express Wizard - Configuration .................................... |
99 |
4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ...................... |
100 |
4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish .............................. |
101 |
4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................. |
102 |
ZyWALL USG FLEX Series User’s Guide |
|
7
|
Table of Contents |
|
|
4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings |
.... 103 |
|
4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................. |
104 |
|
4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................ |
105 |
|
4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish ....................... |
108 |
4.5 |
VPN Settings for L2TP VPN Settings Wizard ................................................................................. |
108 |
|
4.5.1 L2TP VPN Settings ................................................................................................................ |
109 |
|
4.5.2 L2TP VPN Settings ................................................................................................................ |
110 |
|
4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... |
110 |
|
4.5.4 VPN Settings for L2TP VPN Setting Wizard - Completed ................................................ |
112 |
Chapter 5 |
|
|
Dashboard........................................................................................................................................ |
113 |
|
5.1 |
Overview ....................................................................................................................................... |
113 |
|
5.1.1 What You Can Do in this Chapter ..................................................................................... |
113 |
5.2 |
The General Screen ..................................................................................................................... |
113 |
|
5.2.1 Device Information Screen ................................................................................................ |
115 |
|
5.2.2 System Status Screen .......................................................................................................... |
116 |
|
5.2.3 Tx/Rx Statistics ...................................................................................................................... |
116 |
|
5.2.4 The Latest Logs Screen ....................................................................................................... |
117 |
|
5.2.5 System Resources Screen ................................................................................................... |
117 |
|
5.2.6 DHCP Table Screen ............................................................................................................. |
118 |
|
5.2.7 Number of Login Users Screen ........................................................................................... |
119 |
|
5.2.8 Current Login User ............................................................................................................... |
120 |
|
5.2.9 VPN Status ............................................................................................................................ |
120 |
|
5.2.10 SSL VPN Status .................................................................................................................... |
121 |
5.3 |
The Advanced Threat Protection Screen .................................................................................. |
121 |
Part II: Technical Reference......................................................................... |
123 |
|
Chapter 6 |
|
|
Monitor.............................................................................................................................................. |
|
124 |
6.1 |
Overview ....................................................................................................................................... |
124 |
|
6.1.1 What You Can Do in this Chapter ..................................................................................... |
124 |
6.2 |
The Port Statistics Screen ............................................................................................................ |
126 |
|
6.2.1 The Port Statistics Graph Screen ....................................................................................... |
127 |
6.3 |
Interface Status Screen ................................................................................................................ |
128 |
6.4 |
The Traffic Statistics Screen .......................................................................................................... |
132 |
6.5 |
The Session Monitor Screen ........................................................................................................ |
135 |
6.6 |
The Login Users Screen ................................................................................................................ |
137 |
6.7 Dynamic Guest ............................................................................................................................ |
138 |
|
6.8 |
IGMP Statistics ............................................................................................................................... |
139 |
|
ZyWALL USG FLEX Series User’s Guide |
|
8
|
Table of Contents |
|
6.9 The DDNS Status Screen ............................................................................................................... |
140 |
|
6.10 |
IP/MAC Binding ........................................................................................................................... |
141 |
6.11 |
Cellular Status Screen ................................................................................................................ |
142 |
6.11.1 More Information .............................................................................................................. |
144 |
|
6.12 |
The UPnP Port Status Screen ..................................................................................................... |
145 |
6.13 |
USB Storage Screen .................................................................................................................... |
146 |
6.14 |
Ethernet Neighbor Screen ........................................................................................................ |
147 |
6.15 FQDN Object Screen ................................................................................................................ |
148 |
|
6.16 |
Virtual Server Load Balancing .................................................................................................. |
150 |
6.17 |
AP Information: AP List ............................................................................................................... |
151 |
6.17.1 AP List: More Information ................................................................................................ |
155 |
|
6.17.2 AP List: Edit AP ................................................................................................................... |
158 |
|
6.18 |
AP Information: Radio List .......................................................................................................... |
161 |
6.18.1 Radio List: More Information ............................................................................................ |
163 |
|
6.19 |
AP Information: Top N APs ........................................................................................................ |
165 |
6.20 |
AP Information: Single AP .......................................................................................................... |
166 |
6.21 |
ZyMesh ......................................................................................................................................... |
167 |
6.22 |
SSID Info ....................................................................................................................................... |
168 |
6.23 |
Station Info: Station List .............................................................................................................. |
169 |
6.24 |
Station Info: Top N Stations ........................................................................................................ |
170 |
6.25 |
Station Info: Single Station ......................................................................................................... |
171 |
6.26 Detected Device ....................................................................................................................... |
172 |
|
6.27 |
The Printer Status Screen ........................................................................................................... |
173 |
6.28 |
The IPSec Screen ........................................................................................................................ |
174 |
6.29 |
The SSL Screen ............................................................................................................................. |
175 |
6.30 |
The L2TP over IPSec Screen ....................................................................................................... |
176 |
6.31 |
The App Patrol Screen ............................................................................................................... |
177 |
6.32 |
The Content Filter Screen .......................................................................................................... |
178 |
6.33 |
The Anti-Malware Screen .......................................................................................................... |
179 |
6.34 |
The Reputation Filter Screen ...................................................................................................... |
182 |
6.35 |
The IDP Screen ............................................................................................................................ |
183 |
6.36 |
The Email Security Screens ......................................................................................................... |
185 |
6.36.1 Email Security Summary ................................................................................................... |
185 |
|
6.36.2 The Email Security Status Screen ..................................................................................... |
187 |
|
6.37 |
The SSL Inspection Screens ........................................................................................................ |
188 |
6.37.1 Certificate Cache List ....................................................................................................... |
189 |
|
6.38 |
Log Screens ................................................................................................................................. |
190 |
6.38.1 View Log ............................................................................................................................ |
191 |
|
6.38.2 View AP Log ....................................................................................................................... |
192 |
|
6.38.3 Dynamic Users Log ............................................................................................................ |
194 |
|
Chapter 7 |
|
|
Licensing........................................................................................................................................... |
|
196 |
|
ZyWALL USG FLEX Series User’s Guide |
|
9
|
Table of Contents |
|
7.1 |
Registration Overview .................................................................................................................. |
196 |
|
7.1.1 What you Need to Know .................................................................................................... |
196 |
|
7.1.2 Registration Screen ............................................................................................................. |
197 |
|
7.1.3 Service Screen ..................................................................................................................... |
197 |
7.2 |
Signature Update ......................................................................................................................... |
199 |
|
7.2.1 What you Need to Know .................................................................................................... |
199 |
|
7.2.2 The Signature Screen .......................................................................................................... |
200 |
|
7.2.3 Auto Update ........................................................................................................................ |
200 |
Chapter 8 |
|
|
Wireless ............................................................................................................................................. |
|
202 |
8.1 |
Overview ....................................................................................................................................... |
202 |
|
8.1.1 What You Can Do in this Chapter ..................................................................................... |
202 |
8.2 |
Controller Screen ........................................................................................................................ |
202 |
|
8.2.1 Connecting an AP to the Zyxel Device ............................................................................ |
203 |
|
8.2.2 Connecting an AP to the Zyxel Device Manually ........................................................... |
203 |
|
8.2.3 Connecting an AP to the Zyxel Device Using DHCP Option 138 .................................. |
203 |
8.3 AP Management Screens ........................................................................................................... |
204 |
|
|
8.3.1 Mgnt. AP List ....................................................................................................................... |
204 |
|
8.3.2 AP Policy .............................................................................................................................. |
211 |
|
8.3.3 AP Group ............................................................................................................................. |
212 |
|
8.3.4 Firmware ............................................................................................................................... |
218 |
8.4 Rogue AP ....................................................................................................................................... |
220 |
|
|
8.4.1 Add/Edit Rogue/Friendly List .............................................................................................. |
222 |
8.5 |
Auto Healing ................................................................................................................................. |
223 |
8.6 |
RTLS Overview ............................................................................................................................... |
224 |
|
8.6.1 What You Can Do in this Chapter ..................................................................................... |
224 |
|
8.6.2 Before You Begin ................................................................................................................. |
224 |
|
8.6.3 Configuring RTLS .................................................................................................................. |
225 |
8.7 |
Technical Reference .................................................................................................................... |
226 |
|
8.7.1 Dynamic Channel Selection .............................................................................................. |
226 |
|
8.7.2 Load Balancing ................................................................................................................... |
227 |
Chapter 9 |
|
|
Interfaces |
.......................................................................................................................................... |
228 |
9.1 |
Interface Overview ...................................................................................................................... |
228 |
|
9.1.1 What You Can Do in this Chapter ..................................................................................... |
228 |
|
9.1.2 What You Need to Know ................................................................................................... |
228 |
|
9.1.3 What You Need to Do First ................................................................................................. |
233 |
9.2 |
Port Role ......................................................................................................................................... |
233 |
9.3 |
Port Configuration ........................................................................................................................ |
234 |
9.4 |
Ethernet Summary Screen ........................................................................................................... |
235 |
|
9.4.1 Ethernet Edit ........................................................................................................................ |
237 |
|
ZyWALL USG FLEX Series User’s Guide |
|
10
Table of Contents |
|
9.4.2 Proxy ARP ............................................................................................................................. |
253 |
9.4.3 Virtual Interfaces ................................................................................................................ |
254 |
9.4.4 References ........................................................................................................................... |
255 |
9.4.5 Add/Edit DHCPv6 Request/Release Options ................................................................... |
256 |
9.4.6 Add/Edit DHCP Extended Options ................................................................................... |
257 |
9.5 PPP Interfaces ............................................................................................................................... |
258 |
9.5.1 PPP Interface Summary ...................................................................................................... |
259 |
9.5.2 PPP Interface Add or Edit .................................................................................................. |
260 |
9.6 Cellular Configuration Screen ..................................................................................................... |
265 |
9.6.1 Cellular Choose Slot ........................................................................................................... |
268 |
9.6.2 Add / Edit Cellular Configuration ...................................................................................... |
268 |
9.7 Tunnel Interfaces .......................................................................................................................... |
274 |
9.7.1 Configuring a Tunnel .......................................................................................................... |
276 |
9.7.2 Tunnel Add or Edit Screen .................................................................................................. |
277 |
9.8 VLAN Interfaces ........................................................................................................................... |
281 |
9.8.1 VLAN Summary Screen ....................................................................................................... |
282 |
9.8.2 VLAN Add/Edit ................................................................................................................... |
283 |
9.9 Bridge Interfaces .......................................................................................................................... |
294 |
9.9.1 Bridge Summary .................................................................................................................. |
296 |
9.9.2 Bridge Add/Edit .................................................................................................................. |
297 |
9.10 VTI ................................................................................................................................................. |
308 |
9.10.1 Restrictions for IPSec Virtual Tunnel Interface ................................................................ |
308 |
9.10.2 VTI Screen .......................................................................................................................... |
309 |
9.10.3 VTI Add/Edit ....................................................................................................................... |
309 |
9.11 Trunk Overview ........................................................................................................................... |
313 |
9.11.1 What You Need to Know ................................................................................................. |
313 |
9.12 The Trunk Summary Screen ........................................................................................................ |
316 |
9.12.1 Configuring a User-Defined Trunk ................................................................................... |
317 |
9.12.2 Configuring the System Default Trunk ............................................................................ |
319 |
9.13 Interface Technical Reference ................................................................................................. |
320 |
Chapter 10 |
|
Routing .............................................................................................................................................. |
325 |
10.1 Policy and Static Routes Overview ........................................................................................... |
325 |
10.1.1 What You Can Do in this Chapter ................................................................................... |
325 |
10.1.2 What You Need to Know ................................................................................................ |
326 |
10.2 Policy Route Screen ................................................................................................................... |
327 |
10.2.1 Policy Route Edit Screen .................................................................................................. |
329 |
10.3 IP Static Route Screen ................................................................................................................ |
334 |
10.3.1 Static Route Add/Edit Screen .......................................................................................... |
334 |
10.4 Policy Routing Technical Reference ........................................................................................ |
336 |
10.5 Routing Protocols Overview ..................................................................................................... |
336 |
10.5.1 What You Need to Know ................................................................................................. |
337 |
ZyWALL USG FLEX Series User’s Guide |
|
11
Table of Contents |
|
10.6 The RIP Screen ............................................................................................................................. |
337 |
10.7 The OSPF Screen ......................................................................................................................... |
339 |
10.7.1 Configuring the OSPF Screen .......................................................................................... |
342 |
10.7.2 OSPF Area Add/Edit Screen ........................................................................................... |
343 |
10.7.3 Virtual Link Add/Edit Screen ........................................................................................... |
345 |
10.8 BGP (Border Gateway Protocol) .............................................................................................. |
346 |
10.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................ |
347 |
10.8.2 Configuring the BGP Screen ............................................................................................ |
347 |
10.8.3 The BGP Neighbors Screen .............................................................................................. |
349 |
10.8.4 Example Scenario ............................................................................................................. |
350 |
Chapter 11 |
|
DDNS ................................................................................................................................................ |
352 |
11.1 DDNS Overview ........................................................................................................................... |
352 |
11.1.1 What You Can Do in this Chapter ................................................................................... |
352 |
11.1.2 What You Need to Know ................................................................................................. |
352 |
11.2 The DDNS Screen ........................................................................................................................ |
353 |
11.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ |
354 |
Chapter 12 |
|
NAT .................................................................................................................................................... |
358 |
12.1 Overview ..................................................................................................................................... |
358 |
12.2 NAT Overview ............................................................................................................................. |
358 |
12.2.1 What You Can Do in this Chapter ................................................................................... |
358 |
12.2.2 What You Need to Know ................................................................................................. |
359 |
12.3 The NAT Screen ........................................................................................................................... |
360 |
12.3.1 The NAT Add/Edit Screen ................................................................................................. |
361 |
12.4 NAT Technical Reference .......................................................................................................... |
364 |
12.5 Virtual Server Load Balancing ................................................................................................... |
366 |
12.5.1 Load Balancing Example 1 .............................................................................................. |
366 |
12.5.2 Load Balancing Example 2 .............................................................................................. |
367 |
12.5.3 Virtual Server Load Balancing Process ........................................................................... |
367 |
12.5.4 Load Balancing Rules ....................................................................................................... |
368 |
12.5.5 Virtual Server Load Balancing Algorithms ...................................................................... |
369 |
12.6 The Virtual Server Load Balancer Screen ................................................................................. |
370 |
12.6.1 Adding/Editing a Virtual Server Load Balancing Rule .................................................. |
371 |
Chapter 13 |
|
Redirect Service............................................................................................................................... |
375 |
13.1 Overview ..................................................................................................................................... |
375 |
13.1.1 HTTP Redirect ..................................................................................................................... |
375 |
13.1.2 SMTP Redirect .................................................................................................................... |
375 |
13.1.3 What You Can Do in this Chapter ................................................................................... |
376 |
ZyWALL USG FLEX Series User’s Guide |
|
12
|
Table of Contents |
|
13.1.4 What You Need to Know ................................................................................................. |
376 |
|
13.2 |
The Redirect Service Screen ..................................................................................................... |
378 |
13.2.1 The Redirect Service Edit Screen ..................................................................................... |
379 |
|
Chapter 14 |
|
|
ALG.................................................................................................................................................... |
|
381 |
14.1 ALG Overview ............................................................................................................................. |
381 |
|
14.1.1 What You Need to Know ................................................................................................. |
381 |
|
14.1.2 Before You Begin ............................................................................................................... |
384 |
|
14.2 The ALG Screen .......................................................................................................................... |
384 |
|
14.3 |
ALG Technical Reference ......................................................................................................... |
386 |
Chapter 15 |
|
|
UPnP................................................................................................................................................... |
|
388 |
15.1 UPnP and NAT-PMP Overview ................................................................................................... |
388 |
|
15.2 What You Need to Know ........................................................................................................... |
388 |
|
15.2.1 NAT Traversal ..................................................................................................................... |
388 |
|
15.2.2 Cautions with UPnP and NAT-PMP .................................................................................. |
389 |
|
15.3 |
UPnP Screen ................................................................................................................................ |
389 |
15.4 |
Technical Reference .................................................................................................................. |
390 |
15.4.1 Turning on UPnP in Windows 7 Example ......................................................................... |
390 |
|
15.4.2 Turn on UPnP in Windows 10 Example ............................................................................ |
394 |
|
15.4.3 Auto-discover Your UPnP-enabled Network Device .................................................... |
396 |
|
15.4.4 Web Configurator Easy Access in Windows 7 ............................................................... |
399 |
|
15.4.5 Web Configurator Easy Access in Windows 10 ............................................................. |
401 |
|
Chapter 16 |
|
|
IP/MAC Binding................................................................................................................................ |
403 |
|
16.1 |
IP/MAC Binding Overview ......................................................................................................... |
403 |
16.1.1 What You Can Do in this Chapter ................................................................................... |
403 |
|
16.1.2 What You Need to Know ................................................................................................. |
403 |
|
16.2 IP/MAC Binding Summary ......................................................................................................... |
404 |
|
16.2.1 IP/MAC Binding Edit .......................................................................................................... |
405 |
|
16.2.2 Static DHCP Edit ................................................................................................................ |
406 |
|
16.3 |
IP/MAC Binding Exempt List ....................................................................................................... |
407 |
Chapter 17 |
|
|
Layer 2 Isolation ............................................................................................................................... |
408 |
|
17.1 |
Overview ..................................................................................................................................... |
408 |
17.1.1 What You Can Do in this Chapter ................................................................................... |
408 |
|
17.2 |
Layer-2 Isolation General Screen ............................................................................................. |
408 |
17.3 |
White List Screen ......................................................................................................................... |
409 |
17.3.1 Add/Edit White List Rule ................................................................................................... |
410 |
|
|
ZyWALL USG FLEX Series User’s Guide |
|
13
|
Table of Contents |
|
Chapter 18 |
|
|
DNS Inbound LB................................................................................................................................ |
412 |
|
18.1 DNS Inbound Load Balancing Overview ................................................................................. |
412 |
|
18.1.1 What You Can Do in this Chapter ................................................................................... |
412 |
|
18.2 The DNS Inbound LB Screen ...................................................................................................... |
413 |
|
18.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ |
414 |
|
18.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ |
416 |
|
Chapter 19 |
|
|
IPSec VPN |
......................................................................................................................................... |
418 |
19.1 ................................................................................. |
Virtual Private Networks (VPN) Overview |
418 |
19.1.1 ...................................................................................What You Can Do in this Chapter |
420 |
|
19.1.2 .................................................................................................What You Need to Know |
420 |
|
19.1.3 ...............................................................................................................Before You Begin |
423 |
|
19.2 .....................................................................................................The VPN Connection Screen |
423 |
|
19.2.1 ..........................................................................The VPN Connection Add/Edit Screen |
425 |
|
19.3 .........................................................................................................The VPN Gateway Screen |
432 |
|
19.3.1 ...............................................................................The VPN Gateway Add/Edit Screen |
433 |
|
19.4 .....................................................................................................................VPN Concentrator |
440 |
|
19.4.1 ......................................................VPN Concentrator Requirements and Suggestions |
440 |
|
19.4.2 ...............................................................................................VPN Concentrator Screen |
441 |
|
19.4.3 ........................................................................The VPN Concentrator Add/Edit Screen |
441 |
|
19.5 .................................................... |
Zyxel Device IPSec VPN Client Configuration Provisioning |
442 |
19.6 ......................................................................................... |
IPSec VPN Background Information |
444 |
Chapter 20 |
|
|
SSL VPN.............................................................................................................................................. |
|
454 |
20.1 ..................................................................................................................................... |
Overview |
454 |
20.1.1 ...................................................................................What You Can Do in this Chapter |
454 |
|
20.1.2 .................................................................................................What You Need to Know |
454 |
|
20.2 ................................................................................................ |
The SSL Access Privilege Screen |
455 |
20.2.1 .........................................................The SSL Access Privilege Policy Add/Edit Screen |
456 |
|
20.3 ................................................................................................... |
The SSL Global Setting Screen |
458 |
Chapter 21 |
|
|
L2TP VPN............................................................................................................................................ |
|
460 |
21.1 ..................................................................................................................................... |
Overview |
460 |
21.1.1 ...................................................................................What You Can Do in this Chapter |
460 |
|
21.1.2 .................................................................................................What You Need to Know |
460 |
|
21.2 ......................................................................................................................... |
L2TP VPN Screen |
461 |
21.2.1 ................................................Example: L2TP and Zyxel Device Behind a NAT Router |
463 |
|
ZyWALL USG FLEX Series User’s Guide
14
|
Table of Contents |
|
Chapter 22 |
|
|
BWM (Bandwidth Management) ................................................................................................. |
465 |
|
22.1 |
Overview ..................................................................................................................................... |
465 |
22.1.1 What You Can Do in this Chapter ................................................................................... |
465 |
|
22.1.2 What You Need to Know ................................................................................................ |
465 |
|
22.2 The Bandwidth Management Configuration .......................................................................... |
469 |
|
22.2.1 The Bandwidth Management Add/Edit Screen ............................................................ |
472 |
|
Chapter 23 |
|
|
Web Authentication ........................................................................................................................ |
481 |
|
23.1 Web Auth Overview ................................................................................................................... |
481 |
|
23.1.1 What You Can Do in this Chapter ................................................................................... |
481 |
|
23.1.2 What You Need to Know ................................................................................................. |
482 |
|
23.2 |
Web Authentication General Screen ...................................................................................... |
482 |
23.2.1 User-aware Access Control Example ............................................................................. |
487 |
|
23.2.2 Authentication Type Screen ............................................................................................ |
493 |
|
23.2.3 Custom Web Portal / User Agreement File Screen ....................................................... |
497 |
|
23.2.4 Facebook Wi-Fi Screen ..................................................................................................... |
498 |
|
23.3 SSO Overview .............................................................................................................................. |
502 |
|
23.4 |
SSO - Zyxel Device Configuration ............................................................................................. |
503 |
23.4.1 Configuration Overview ................................................................................................... |
504 |
|
23.4.2 Configure the Zyxel Device to Communicate with SSO .............................................. |
504 |
|
23.4.3 Enable Web Authentication ............................................................................................ |
505 |
|
23.4.4 Create a Security Policy ................................................................................................... |
506 |
|
23.4.5 Configure User Information .............................................................................................. |
507 |
|
23.4.6 Configure an Authentication Method ........................................................................... |
508 |
|
23.4.7 Configure Active Directory .............................................................................................. |
509 |
|
23.5 |
SSO Agent Configuration .......................................................................................................... |
510 |
Chapter 24 |
|
|
Hotspot.............................................................................................................................................. |
|
513 |
24.1 |
Overview ..................................................................................................................................... |
513 |
24.2 |
Billing Overview ........................................................................................................................... |
513 |
24.2.1 What You Need to Know ................................................................................................. |
513 |
|
24.3 |
The Billing > General Screen ...................................................................................................... |
514 |
24.4 |
The Billing > Billing Profile Screen ............................................................................................... |
516 |
24.4.1 The Account Generator Screen ...................................................................................... |
517 |
|
24.4.2 The Account Redeem Screen ......................................................................................... |
520 |
|
24.4.3 The Billing Profile Add/Edit Screen ................................................................................... |
522 |
|
24.5 |
The Billing > Discount Screen ..................................................................................................... |
523 |
24.5.1 The Discount Add/Edit Screen ......................................................................................... |
525 |
|
24.6 |
The Billing > Payment Service Screen ....................................................................................... |
525 |
24.6.1 The Payment Service > Desktop / Mobile View Screen ............................................... |
527 |
|
|
ZyWALL USG FLEX Series User’s Guide |
|
15
Table of Contents |
|
Chapter 25 |
|
Printer Manager ............................................................................................................................... |
531 |
25.1 Printer Manager Overview ........................................................................................................ |
531 |
25.1.1 What You Can Do in this Chapter ................................................................................... |
531 |
25.2 The Printer Manager > General Screen ................................................................................... |
531 |
25.2.1 Add Printer Rule ................................................................................................................. |
534 |
25.2.2 Edit Printer Rule .................................................................................................................. |
534 |
25.2.3 Discover Printer ................................................................................................................. |
535 |
25.2.4 Edit Printer Manager (Discover Printer) .......................................................................... |
537 |
25.3 The Printout Configuration Screen ............................................................................................ |
538 |
25.4 Printer Reports Overview ........................................................................................................... |
539 |
25.4.1 Key Combinations ............................................................................................................. |
539 |
25.4.2 Daily Account Summary .................................................................................................. |
539 |
25.4.3 Monthly Account Summary ............................................................................................. |
540 |
25.4.4 Account Report Notes ..................................................................................................... |
540 |
25.4.5 System Status ..................................................................................................................... |
541 |
Chapter 26 |
|
Free Time........................................................................................................................................... |
543 |
26.1 Free Time Overview ................................................................................................................... |
543 |
26.1.1 What You Can Do in this Chapter ................................................................................... |
543 |
26.2 The Free Time Screen ................................................................................................................. |
543 |
Chapter 27 |
|
IPnP.................................................................................................................................................... |
548 |
27.1 IPnP Overview ............................................................................................................................ |
548 |
27.1.1 What You Can Do in this Chapter ................................................................................... |
549 |
27.1.2 IPnP Screen ........................................................................................................................ |
549 |
Chapter 28 |
|
Walled Garden................................................................................................................................. |
551 |
28.1 Walled Garden Overview ........................................................................................................ |
551 |
28.2 Walled Garden > General Screen ........................................................................................... |
551 |
28.3 Walled Garden > URL Base Screen .......................................................................................... |
552 |
28.3.1 Adding/Editing a Walled Garden URL ........................................................................... |
553 |
28.4 Walled Garden > Domain/IP Base Screen .............................................................................. |
554 |
28.4.1 Adding/Editing a Walled Garden Domain or IP ........................................................... |
555 |
28.4.2 Walled Garden Login Example ....................................................................................... |
555 |
Chapter 29 |
|
Advertisement Screen..................................................................................................................... |
557 |
29.1 Advertisement Overview ........................................................................................................... |
557 |
29.1.1 Adding/Editing an Advertisement URL .......................................................................... |
558 |
ZyWALL USG FLEX Series User’s Guide |
|
16
|
Table of Contents |
|
Chapter 30 |
|
|
Security Policy.................................................................................................................................. |
560 |
|
30.1 |
Overview ..................................................................................................................................... |
560 |
30.2 |
One Security ................................................................................................................................ |
561 |
30.3 What You Can Do in this Chapter ............................................................................................ |
564 |
|
30.3.1 What You Need to Know ................................................................................................. |
564 |
|
30.4 |
The Security Policy Screen ......................................................................................................... |
566 |
30.4.1 Configuring the Security Policy Control Screen ............................................................ |
567 |
|
30.4.2 The Security Policy Control Add/Edit Screen ................................................................. |
571 |
|
30.5 Anomaly Detection and Prevention Overview ...................................................................... |
572 |
|
30.5.1 The Anomaly Detection and Prevention General Screen ........................................... |
573 |
|
30.5.2 Creating New ADP Profiles .............................................................................................. |
574 |
|
30.5.3 Traffic Anomaly Profiles ................................................................................................... |
575 |
|
30.5.4 Protocol Anomaly Profiles ................................................................................................ |
578 |
|
30.6 |
The Session Control Screen ........................................................................................................ |
581 |
30.6.1 The Session Control Add/Edit Screen .............................................................................. |
582 |
|
30.7 |
Security Policy Example Applications ...................................................................................... |
583 |
Chapter 31 |
|
|
Application Patrol ............................................................................................................................ |
586 |
|
31.1 |
Overview ..................................................................................................................................... |
586 |
31.1.1 What You Can Do in this Chapter ................................................................................... |
586 |
|
31.1.2 What You Need to Know ................................................................................................ |
586 |
|
31.2 |
Application Patrol Profile ........................................................................................................... |
587 |
31.2.1 Profile Action: Apply to a Security Policy ....................................................................... |
588 |
|
31.2.2 Application Patrol Profile > Add/Edit - My Application ............................................... |
591 |
|
31.2.3 Application Patrol Profile > Add/Edit - Query Result ..................................................... |
592 |
|
Chapter 32 |
|
|
Content Filter .................................................................................................................................... |
595 |
|
32.1 |
Overview ..................................................................................................................................... |
595 |
32.1.1 What You Can Do in this Chapter ................................................................................... |
595 |
|
32.1.2 What You Need to Know ................................................................................................. |
595 |
|
32.1.3 Before You Begin ............................................................................................................... |
597 |
|
32.2 |
Content Filter Profile Screen ...................................................................................................... |
597 |
32.2.1 Apply to a Security Policy ................................................................................................ |
598 |
|
32.2.2 Content Filter Add Profile Category Service .................................................................. |
601 |
|
32.2.3 Content Filter Add Filter Profile Custom Service ........................................................... |
614 |
|
32.3 |
Content Filter Trusted Web Sites Screen ................................................................................. |
616 |
32.4 |
Content Filter Forbidden Web Sites Screen ............................................................................ |
617 |
32.5 |
Content Filter Technical Reference ......................................................................................... |
618 |
ZyWALL USG FLEX Series User’s Guide
17
|
Table of Contents |
|
Chapter 33 |
|
|
Anti-Malware.................................................................................................................................... |
620 |
|
33.1 |
Overview ..................................................................................................................................... |
620 |
33.1.1 What You Can Do in this Chapter ................................................................................... |
624 |
|
33.2 |
Anti-Malware Screen ................................................................................................................. |
625 |
33.3 |
The White List Screen .................................................................................................................. |
628 |
33.4 |
The Black List Screen .................................................................................................................. |
630 |
33.5 |
Anti-Malware Signature Searching ........................................................................................... |
631 |
33.6 |
Anti-Malware Profile ................................................................................................................... |
632 |
33.6.1 Add or Edit an Anti-Malware Profile ............................................................................... |
633 |
|
33.6.2 Link a Profile ....................................................................................................................... |
634 |
|
33.6.3 Anti-Malware Advance Screen ...................................................................................... |
635 |
|
33.6.4 Remove Profiles ................................................................................................................. |
637 |
|
33.7 |
Anti-Malware Technical Reference ......................................................................................... |
638 |
Chapter 34 |
|
|
Reputation Filter ............................................................................................................................... |
640 |
|
34.1 |
Overview ..................................................................................................................................... |
640 |
34.1.1 What You Need to Know ................................................................................................. |
640 |
|
34.1.2 What You Can Do in this Chapter ................................................................................... |
640 |
|
34.2 |
URL Threat Filter Screen .............................................................................................................. |
640 |
34.2.1 URL Threat Filter White List Screen ................................................................................... |
642 |
|
34.2.2 URL Threat Filter Black List Screen .................................................................................... |
643 |
|
34.3 |
URL Threat Filter Profile ............................................................................................................... |
644 |
34.3.1 Add or Edit a URL Threat Filter Profile .............................................................................. |
645 |
|
34.3.2 Link a Profile ....................................................................................................................... |
647 |
|
34.3.3 URL Threat Filter Advance Screen ................................................................................... |
648 |
|
34.3.4 Remove Profiles ................................................................................................................. |
650 |
|
Chapter 35 |
|
|
IDP ..................................................................................................................................................... |
|
651 |
35.1 |
Overview ..................................................................................................................................... |
651 |
35.1.1 What You Can Do in this Chapter ................................................................................... |
651 |
|
35.1.2 What You Need To Know ................................................................................................. |
651 |
|
35.1.3 Before You Begin ............................................................................................................... |
651 |
|
35.2 |
The IDP Screen ............................................................................................................................ |
652 |
35.2.1 Query Example .................................................................................................................. |
656 |
|
35.3 |
IDP Custom Signatures .............................................................................................................. |
657 |
35.3.1 Add / Edit Custom Signatures ......................................................................................... |
658 |
|
35.3.2 Custom Signature Example ............................................................................................. |
662 |
|
35.3.3 Applying Custom Signatures ............................................................................................ |
664 |
|
35.3.4 Verifying Custom Signatures ............................................................................................ |
665 |
|
35.4 |
The White List Screen ................................................................................................................. |
665 |
|
ZyWALL USG FLEX Series User’s Guide |
|
18
|
Table of Contents |
|
35.5 |
IDP Profile ..................................................................................................................................... |
666 |
35.5.1 Add or Edit an IDP Profile ................................................................................................. |
667 |
|
35.5.2 Link a Profile ....................................................................................................................... |
669 |
|
35.5.3 The IDP Advance Screen ................................................................................................. |
670 |
|
35.5.4 Remove Profiles ................................................................................................................. |
672 |
|
35.6 |
IDP Technical Reference ........................................................................................................... |
673 |
Chapter 36 |
|
|
Email Security ................................................................................................................................... |
675 |
|
36.1 |
Overview ..................................................................................................................................... |
675 |
36.1.1 What You Can Do in this Chapter ................................................................................... |
675 |
|
36.1.2 What You Need to Know ................................................................................................. |
675 |
|
36.2 |
Before You Begin ........................................................................................................................ |
676 |
36.3 |
The Email Security Screen ......................................................................................................... |
677 |
36.4 |
The Black List / White List Screen ............................................................................................... |
679 |
36.4.1 The Black or White List Add/Edit Screen ......................................................................... |
680 |
|
36.4.2 Regular Expressions in Black or White List Entries ........................................................... |
682 |
|
36.5 |
Email Security Profile ................................................................................................................... |
682 |
36.5.1 Add or Edit Email Security Profile ..................................................................................... |
683 |
|
36.5.2 Link a Profile ....................................................................................................................... |
685 |
|
36.5.3 The Email Security Advance Screen .............................................................................. |
686 |
|
36.5.4 Remove Profiles ................................................................................................................. |
689 |
|
36.6 |
Email Security Technical Reference ......................................................................................... |
689 |
Chapter 37 |
|
|
SSL Inspection................................................................................................................................... |
693 |
|
37.1 |
Overview ..................................................................................................................................... |
693 |
37.1.1 What You Can Do in this Chapter ................................................................................... |
693 |
|
37.1.2 What You Need To Know ................................................................................................. |
694 |
|
37.1.3 What You Can Do in this Chapter ................................................................................... |
694 |
|
37.1.4 Before You Begin ............................................................................................................... |
694 |
|
37.2 |
The SSL Inspection Profile Screen .............................................................................................. |
694 |
37.2.1 Apply to a Security Policy ................................................................................................ |
697 |
|
37.2.2 Add / Edit SSL Inspection Profiles .................................................................................... |
700 |
|
37.3 |
Exclude List Screen .................................................................................................................... |
701 |
37.4 |
Certificate Update Screen ....................................................................................................... |
703 |
37.5 |
Install a CA Certificate in a Browser ......................................................................................... |
704 |
Chapter 38 |
|
|
IP Exception...................................................................................................................................... |
707 |
|
38.1 |
Overview ..................................................................................................................................... |
707 |
38.2 |
The IP Exception Screen ............................................................................................................. |
707 |
38.2.1 The IP Exception Add/Edit Screen ................................................................................. |
708 |
|
|
ZyWALL USG FLEX Series User’s Guide |
|
19
Table of Contents |
|
Chapter 39 |
|
Object ............................................................................................................................................... |
710 |
39.1 Zones Overview .......................................................................................................................... |
710 |
39.1.1 What You Need to Know ................................................................................................. |
710 |
39.1.2 The Zone Screen ................................................................................................................ |
711 |
39.2 User/Group Overview ................................................................................................................ |
713 |
39.2.1 What You Need To Know ................................................................................................. |
713 |
39.2.2 User/Group User Summary Screen .................................................................................. |
715 |
39.2.3 User Add/Edit General Screen ....................................................................................... |
716 |
39.2.4 User Add/Edit Two-factor Authentication Screen ........................................................ |
720 |
39.2.5 User/Group Group Summary Screen .............................................................................. |
722 |
39.2.6 User/Group Setting Screen ............................................................................................. |
724 |
39.2.7 User/Group MAC Address Summary Screen ................................................................ |
729 |
39.2.8 User /Group Technical Reference .................................................................................. |
731 |
39.3 AP Profile Overview .................................................................................................................... |
731 |
39.3.1 Radio Screen ..................................................................................................................... |
733 |
39.3.2 SSID Screen ....................................................................................................................... |
740 |
39.4 MON Profile ................................................................................................................................ |
757 |
39.4.1 Overview ............................................................................................................................ |
757 |
39.4.2 Configuring MON Profile ................................................................................................. |
758 |
39.4.3 Add/Edit MON Profile ....................................................................................................... |
759 |
39.4.4 Technical Reference ........................................................................................................ |
760 |
39.5 ZyMesh Overview ....................................................................................................................... |
761 |
39.5.1 ZyMesh Profile .................................................................................................................... |
763 |
39.5.2 Add/Edit ZyMesh Profile ................................................................................................... |
764 |
39.6 Address/Geo IP Overview ......................................................................................................... |
764 |
39.6.1 What You Need To Know ................................................................................................. |
765 |
39.6.2 Address Summary Screen ................................................................................................ |
765 |
39.6.3 Address Group Summary Screen .................................................................................... |
769 |
39.6.4 Geo IP Summary Screen .................................................................................................. |
771 |
39.7 Service Overview ........................................................................................................................ |
774 |
39.7.1 What You Need to Know ................................................................................................. |
774 |
39.7.2 The Service Summary Screen .......................................................................................... |
775 |
39.7.3 The Service Group Summary Screen ............................................................................. |
777 |
39.8 Schedule Overview ................................................................................................................... |
779 |
39.8.1 What You Need to Know ................................................................................................. |
779 |
39.8.2 The Schedule Screen ........................................................................................................ |
780 |
39.8.3 The Schedule Group Screen ............................................................................................ |
783 |
39.9 AAA Server Overview ............................................................................................................... |
784 |
39.9.1 Directory Service (AD/LDAP) ........................................................................................... |
785 |
39.9.2 RADIUS Server .................................................................................................................... |
785 |
39.9.3 ASAS .................................................................................................................................... |
785 |
39.9.4 What You Need To Know ................................................................................................. |
786 |
ZyWALL USG FLEX Series User’s Guide |
|
20
Table of Contents |
|
39.9.5 Active Directory or LDAP Server Summary ..................................................................... |
787 |
39.9.6 RADIUS Server Summary ................................................................................................... |
791 |
39.10 Auth. Method Overview ......................................................................................................... |
794 |
39.10.1 Before You Begin ............................................................................................................. |
794 |
39.10.2 Example: Selecting a VPN Authentication Method ................................................... |
794 |
39.10.3 Authentication Method Objects ................................................................................... |
795 |
39.10.4 Two-Factor Authentication ............................................................................................ |
797 |
39.10.5 Two-Factor Authentication VPN Access ...................................................................... |
799 |
39.10.6 Two-Factor Authentication Admin Access .................................................................. |
801 |
39.11 Certificate Overview ................................................................................................................ |
802 |
39.11.1 What You Need to Know ............................................................................................... |
803 |
39.11.2 Verifying a Certificate .................................................................................................... |
804 |
39.11.3 The My Certificates Screen ............................................................................................ |
805 |
39.11.4 The Trusted Certificates Screen .................................................................................... |
814 |
39.11.5 Certificates Technical Reference ................................................................................. |
819 |
39.12 ISP Account Overview ............................................................................................................ |
819 |
39.12.1 ISP Account Summary .................................................................................................... |
819 |
39.13 DHCPv6 Overview .................................................................................................................... |
822 |
39.13.1 The DHCPv6 Request Screen ......................................................................................... |
822 |
39.13.2 The DHCPv6 Lease Screen ............................................................................................. |
824 |
Chapter 40 |
|
Device HA......................................................................................................................................... |
826 |
40.1 Device HA Overview .................................................................................................................. |
826 |
40.1.1 What You Can Do in These Screens ................................................................................ |
826 |
40.2 Device HA Status ........................................................................................................................ |
826 |
40.3 Device HA Pro ............................................................................................................................. |
828 |
40.3.1 Deploying Device HA Pro ................................................................................................ |
829 |
40.3.2 Configuring Device HA Pro .............................................................................................. |
829 |
40.4 View Log ...................................................................................................................................... |
831 |
Chapter 41 |
|
Cloud CNM...................................................................................................................................... |
833 |
41.1 Cloud CNM Overview ................................................................................................................ |
833 |
41.1.1 What You Can Do in this Chapter ................................................................................... |
833 |
41.2 Cloud CNM SecuManager ....................................................................................................... |
833 |
41.3 Cloud CNM SecuReporter ......................................................................................................... |
836 |
Chapter 42 |
|
System............................................................................................................................................... |
841 |
42.1 Overview ..................................................................................................................................... |
841 |
42.1.1 What You Can Do in this Chapter ................................................................................... |
841 |
42.2 Host Name ................................................................................................................................... |
842 |
ZyWALL USG FLEX Series User’s Guide |
|
21
Table of Contents |
|
42.3 USB Storage ................................................................................................................................. |
842 |
42.4 Date and Time ............................................................................................................................ |
843 |
42.4.1 Pre-defined NTP Time Servers List ..................................................................................... |
846 |
42.4.2 Time Server Synchronization ............................................................................................ |
846 |
42.5 Console Port Speed ................................................................................................................... |
847 |
42.6 DNS Overview ............................................................................................................................. |
848 |
42.6.1 DNS Server Address Assignment ...................................................................................... |
848 |
42.6.2 Configuring the DNS Screen ............................................................................................ |
848 |
42.6.3 (IPv6) Address Record ...................................................................................................... |
852 |
42.6.4 PTR Record ......................................................................................................................... |
852 |
42.6.5 Adding an (IPv6) Address/PTR Record .......................................................................... |
852 |
42.6.6 CNAME Record ................................................................................................................. |
853 |
42.6.7 Adding a CNAME Record ................................................................................................ |
853 |
42.6.8 Domain Zone Forwarder ................................................................................................. |
854 |
42.6.9 Adding a Domain Zone Forwarder ................................................................................. |
854 |
42.6.10 MX Record ...................................................................................................................... |
855 |
42.6.11 Adding a MX Record ...................................................................................................... |
855 |
42.6.12 Security Option Control .................................................................................................. |
856 |
42.6.13 Editing a Security Option Control .................................................................................. |
856 |
42.6.14 Adding a DNS Service Control Rule .............................................................................. |
857 |
42.7 WWW Overview .......................................................................................................................... |
858 |
42.7.1 Service Access Limitations ............................................................................................... |
858 |
42.7.2 System Timeout .................................................................................................................. |
858 |
42.7.3 HTTPS ................................................................................................................................... |
858 |
42.7.4 Configuring WWW Service Control ................................................................................. |
859 |
42.7.5 Service Control Rules ........................................................................................................ |
862 |
42.7.6 Customizing the WWW Login Page ................................................................................ |
863 |
42.7.7 HTTPS Example ................................................................................................................... |
868 |
42.8 SSH ............................................................................................................................................. |
875 |
42.8.1 SSH Implementation on the Zyxel Device ...................................................................... |
876 |
42.8.2 Requirements for Using SSH .............................................................................................. |
876 |
42.8.3 Configuring SSH ................................................................................................................. |
876 |
42.8.4 Service Control Rules ........................................................................................................ |
877 |
42.8.5 SSH Example ...................................................................................................................... |
878 |
42.9 Telnet ........................................................................................................................................... |
879 |
42.9.1 Configuring Telnet ............................................................................................................. |
879 |
42.9.2 Service Control Rules ........................................................................................................ |
881 |
42.10 FTP .............................................................................................................................................. |
881 |
42.10.1 Configuring FTP ................................................................................................................ |
881 |
42.10.2 Service Control Rules ...................................................................................................... |
883 |
42.11 SNMP ......................................................................................................................................... |
883 |
42.11.1 SNMPv3 and Security ...................................................................................................... |
884 |
42.11.2 Supported MIBs ............................................................................................................... |
885 |
ZyWALL USG FLEX Series User’s Guide |
|
22
Table of Contents |
|
42.11.3 SNMP Traps ....................................................................................................................... |
885 |
42.11.4 Configuring SNMP ........................................................................................................... |
885 |
42.11.5 Add SNMPv3 User ............................................................................................................ |
887 |
42.11.6 Service Control Rules ...................................................................................................... |
888 |
42.12 Authentication Server .............................................................................................................. |
889 |
42.12.1 Add/Edit Trusted RADIUS Client .................................................................................... |
890 |
42.13 Notification > Mail Server ......................................................................................................... |
891 |
42.14 Notification > SMS ..................................................................................................................... |
892 |
42.15 Notification > Response Message ......................................................................................... |
894 |
42.16 Language Screen ..................................................................................................................... |
895 |
42.17 IPv6 Screen ................................................................................................................................ |
896 |
42.18 Zyxel One Network (ZON) Utility ............................................................................................. |
896 |
42.18.1 Requirements ................................................................................................................... |
896 |
42.18.2 Run the ZON Utility ........................................................................................................... |
897 |
42.18.3 Zyxel One Network (ZON) System Screen .................................................................... |
901 |
Chapter 43 |
|
Log and Report................................................................................................................................. |
902 |
43.1 Overview ..................................................................................................................................... |
902 |
43.1.1 What You Can Do In this Chapter .................................................................................. |
902 |
43.2 Email Daily Report ....................................................................................................................... |
902 |
43.3 Log Setting Screens ................................................................................................................... |
904 |
43.3.1 Log Setting Summary ........................................................................................................ |
904 |
43.3.2 Edit System Log Settings .................................................................................................. |
905 |
43.3.3 Edit Log on USB Storage Setting ..................................................................................... |
909 |
43.3.4 Edit Remote Server Log Settings ..................................................................................... |
910 |
43.3.5 Log Category Settings Screen ......................................................................................... |
912 |
Chapter 44 |
|
File Manager .................................................................................................................................... |
915 |
44.1 Overview ..................................................................................................................................... |
915 |
44.1.1 What You Can Do in this Chapter ................................................................................... |
915 |
44.1.2 What you Need to Know .................................................................................................. |
915 |
44.2 The Configuration Screen .......................................................................................................... |
917 |
44.2.1 The Configuration Schedule Backup Screen ................................................................ |
921 |
44.3 Firmware Management ........................................................................................................... |
922 |
44.3.1 Cloud Helper ..................................................................................................................... |
923 |
44.3.2 The Firmware Management Screen ............................................................................... |
925 |
44.3.3 Firmware Upgrade via USB Stick ...................................................................................... |
928 |
44.4 The Shell Script Screen .............................................................................................................. |
928 |
Chapter 45 |
|
Diagnostics ...................................................................................................................................... |
931 |
ZyWALL USG FLEX Series User’s Guide |
|
23
|
Table of Contents |
|
45.1 |
Overview ..................................................................................................................................... |
931 |
45.1.1 What You Can Do in this Chapter ................................................................................... |
931 |
|
45.2 |
The Diagnostics Screens ............................................................................................................ |
931 |
45.2.1 Scripts ................................................................................................................................. |
931 |
|
45.2.2 The Diagnostics Controller Screen .................................................................................. |
932 |
|
45.2.3 The Diagnostics AP Screen ............................................................................................... |
934 |
|
45.2.4 The Diagnostics Files Screen ............................................................................................ |
936 |
|
45.3 |
The Packet Capture Screen ...................................................................................................... |
937 |
45.3.1 The Packet Capture on AP Screen ................................................................................. |
940 |
|
45.3.2 The Packet Capture Files Screen .................................................................................... |
943 |
|
45.4 The CPU / Memory Status Screen ............................................................................................. |
944 |
|
45.5 |
The System Log Screen .............................................................................................................. |
946 |
45.6 |
The Network Tool Screen ........................................................................................................... |
946 |
45.7 |
The Routing Traces Screen ........................................................................................................ |
949 |
45.8 |
The Wireless Frame Capture Screen ........................................................................................ |
950 |
45.8.1 The Wireless Frame Capture Files Screen ...................................................................... |
951 |
|
Chapter 46 |
|
|
Packet Flow Explore ........................................................................................................................ |
952 |
|
46.1 |
Overview ..................................................................................................................................... |
952 |
46.1.1 What You Can Do in this Chapter ................................................................................... |
952 |
|
46.2 |
Routing Status ............................................................................................................................ |
952 |
46.3 |
The SNAT Status Screen .............................................................................................................. |
956 |
Chapter 47 |
|
|
Shutdown .......................................................................................................................................... |
|
959 |
47.1 |
Overview ..................................................................................................................................... |
959 |
47.1.1 What You Need To Know ................................................................................................. |
959 |
|
47.2 The Shutdown / Reboot Screen ................................................................................................ |
959 |
|
Part III: Appendices and Troubleshooting.................................................. |
962 |
|
Chapter 48 |
|
|
Troubleshooting................................................................................................................................ |
963 |
|
48.1 |
Resetting the Zyxel Device ........................................................................................................ |
976 |
48.2 |
Getting More Troubleshooting Help ......................................................................................... |
976 |
Appendix A Customer Support ..................................................................................................... |
977 |
|
Appendix B Product Features ........................................................................................................ |
983 |
|
Appendix C Legal Information ...................................................................................................... |
986 |
|
|
ZyWALL USG FLEX Series User’s Guide |
|
24
Table of Contents
Index ................................................................................................................................................. |
996 |
ZyWALL USG FLEX Series User’s Guide
25
PART I
User’s Guide
26
CHAPTER 1
Introduction
1.1 Overview
Zyxel Device refers to these models as outlined below.
•USG FLEX 100
•USG FLEX 100W
•USG FLEX 200
•USG FLEX 500
•USG FLEX 700
1.1.1Model Feature Differences
Note the following differences between the USG FLEX models:
Table 1 USG FLEX Model Feature Comparison
FEATURE/MODEL |
USG FLEX |
USG FLEX |
USG FLEX |
USG FLEX |
USG FLEX |
|
100 |
100W |
200 |
500 |
700 |
||
|
||||||
Microsoft Azure |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Amazon VPC |
CLI only |
CLI only |
CLI only |
CLI only |
CLI only |
|
|
|
|
|
|
|
|
Anomaly Detection & Prevention |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Email Security (Anti-Spam) |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
IDP |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Anti-Malware |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
App Patrol |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Web Filtering (Content Filtering) |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
SecuReporter |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Reputation Filter (IP and DNS) |
NO |
NO |
NO |
NO |
NO |
|
|
|
|
|
|
|
|
URL Threat Filter |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Sandboxing |
NO |
NO |
NO |
NO |
NO |
|
|
|
|
|
|
|
|
IP Exception |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
AP Controller |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Device HA Pro |
NO |
NO |
NO |
YES |
YES |
|
|
|
|
|
|
|
|
Hotspot Management |
NO |
NO |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
LAG |
NO |
NO |
NO |
YES |
YES |
|
|
|
|
|
|
|
|
Port Group |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Port Role |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
SD-WAN Mode |
NO |
NO |
NO |
NO |
NO |
|
|
|
|
|
|
|
ZyWALL USG FLEX Series User’s Guide
27
Chapter 1 Introduction
Table 1 USG FLEX Model Feature Comparison (continued)
FEATURE/MODEL |
USG FLEX |
USG FLEX |
USG FLEX |
USG FLEX |
USG FLEX |
|
100 |
100W |
200 |
500 |
700 |
||
|
||||||
SSL Application |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
SSL encrypted traffic inspection |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Bundled UTM Feature License |
1 year |
1 year |
1 year |
1 year |
1 year |
|
Validity |
|
|
|
|
|
|
Virtual Server Load Balancing |
YES |
YES |
YES |
YES |
YES |
|
|
|
|
|
|
|
|
Built-in WiFi |
NO |
YES |
NO |
NO |
NO |
|
|
|
|
|
|
|
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see Section 3.3 on page 77.
See the product’s datasheet for detailed information on a specific model.
1.2 Registration at myZyxel
myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
•For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
•For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can register your device and activate the services at myZyxel.
You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
ZyWALL USG FLEX Series User’s Guide
28
Chapter 1 Introduction
Figure 1 myZyxel Login
1.2.1 Grace Period
SecuReporter and service licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your licenses. New licenses are valid for 1 year from the date of purchase.
1.2.2 Applications
These are some Zyxel Device application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
Figure 2 Applications: Security Router Applications: Security Router
ZyWALL USG FLEX Series User’s Guide
29
Chapter 1 Introduction
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
Figure 3 Applications: IPv6 Routing
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
Figure 4 Applications: VPN Connectivity
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
ZyWALL USG FLEX Series User’s Guide
30
Loading...