How it Works
ZyXEL Communications
Loading...
USG20W-VPN
Users manual
139 pgs3.68 Mb0

ZyXEL Communications USG20W-VPN Users manual

USG Series
USG20-VPN / USG20W-VPN
VPN Firewalls
Version 4.16 Edition 1, 12/2015
Quick Start Guide
Default Login Details
LAN Port IP Address https://192.168.1.1 User Name admin Password 1234
www.zyxel.com
Copyright © 2015 ZyXEL Communications Corporation
Part I: User’s Guide .........................................................................................16
Chapter 1
Introduction.........................................................................................................................................18
1.1 Overview ...........................................................................................................................................18
1.1.1 Applications ............................................................................................................................. 18
1.2 Management Overview .....................................................................................................................20
1.3 Web Configurator ..............................................................................................................................22
1.3.1 Web Configurator Access ........................................................................................................22
1.3.2 Web Configurator Screens Overview ......................................................................................24
1.3.3 Navigation Panel .....................................................................................................................28
1.3.4 Tables and Lists .......................................................................................................................33
Chapter 2
Installation Setup Wizard...................................................................................................................36
2.1 Installation Setup Wizard Screens ...................................................................................................36
2.1.1 Internet Access Setup - WAN Interface ..................................................................................36
2.1.2 Internet Access: Ethernet .......................................................................................................37
2.1.3 Internet Access: PPPoE ..........................................................................................................38
2.1.4 Internet Access: PPTP ...........................................................................................................40
2.1.5 Internet Access Setup - Second WAN Interface ...................................................................... 41
2.1.6 Internet Access Succeed ........................................................................................................42
2.1.7 Wireless Settings: SSID & Security ........................................................................................42
2.1.8 Internet Access - Device Registration ....................................................................................43
Chapter 3
Hardware, Interfaces and Zones .......................................................................................................44
3.1 Hardware Overview ...........................................................................................................................44
3.1.1 Front Panels ............................................................................................................................44
3.1.2 Rear Panels .............................................................................................................................45
3.1.3 Wall-mounting ..........................................................................................................................46
3.2 Default Zones, Interfaces, and Ports .................................................................................................47
3.3 Stopping the USG ............................................................................................................................48
Chapter 4
Quick Setup Wizards..........................................................................................................................49
4.1 Quick Setup Overview .......................................................................................................................49
4.2 WAN Interface Quick Setup ..............................................................................................................50
4.2.1 Choose an Ethernet Interface ..................................................................................................50
4.2.2 Select WAN Type .....................................................................................................................51
4.2.3 Configure WAN IP Settings ..................................................................................................... 51
4.2.4 ISP and WAN and ISP Connection Settings ............................................................................ 52
4.2.5 Quick Setup Interface Wizard: Summary ................................................................................ 54
USG20(W)-VPN Series User’s Guide
2
4.3 VPN Setup Wizard ............................................................................................................................55
4.3.1 Welcome ..................................................................................................................................56
4.3.2 VPN Setup Wizard: Wizard Type .............................................................................................57
4.3.3 VPN Express Wizard - Scenario .............................................................................................57
4.3.4 VPN Express Wizard - Configuration ..................................................................................... 59
4.3.5 VPN Express Wizard - Summary ...........................................................................................59
4.3.6 VPN Express Wizard - Finish .................................................................................................60
4.3.7 VPN Advanced Wizard - Scenario .........................................................................................61
4.3.8 VPN Advanced Wizard - Phase 1 Settings .............................................................................62
4.3.9 VPN Advanced Wizard - Phase 2 ...........................................................................................64
4.3.10 VPN Advanced Wizard - Summary ......................................................................................65
4.3.11 VPN Advanced Wizard - Finish .............................................................................................65
4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ..................................................66
4.4.1 Configuration Provisioning Express Wizard - VPN Settings ................................................... 67
4.4.2 Configuration Provisioning VPN Express Wizard - Configuration .......................................... 68
4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary .............................69
4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ...................................70
4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ........................... 71
4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings ..............72
4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 ............................74
4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ..........................74
4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish .................................76
4.5 VPN Settings for L2TP VPN Settings Wizard ...................................................................................77
4.5.1 L2TP VPN Settings ..................................................................................................................78
4.5.2 L2TP VPN Settings ..................................................................................................................79
4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary ........................................................80
4.5.4 VPN Settings for L2TP VPN Setting Wizard Completed ........................................................81
Chapter 5
Dashboard...........................................................................................................................................82
5.1 Overview ...........................................................................................................................................82
5.1.1 What You Can Do in this Chapter ............................................................................................82
5.2 Main Dashboard Screen ................................................................................................................... 82
5.2.1 Device Information Screen ......................................................................................................84
5.2.2 System Status Screen ............................................................................................................. 85
5.2.3 VPN Status Screen ..................................................................................................................86
5.2.4 DHCP Table Screen ................................................................................................................87
5.2.5 Number of Login Users Screen ...............................................................................................88
5.2.6 System Resources Screen ......................................................................................................89
5.2.7 CPU Usage Screen .................................................................................................................90
5.2.8 Memory Usage Screen ............................................................................................................91
5.2.9 Active Session Screen .............................................................................................................92
5.2.10 Extension Slot Screen ...........................................................................................................93
USG20(W)-VPN Series User’s Guide
3
5.2.11 Interface Status Summary Screen .........................................................................................93
5.2.12 Secured Service Status Screen .............................................................................................94
5.2.13 Content Filter Statistics Screen .............................................................................................95
5.2.14 Top 5 IPv4/IPv6 Security Policy Rules that Blocked Traffic Screen ....................................... 96
5.2.15 The Latest Alert Logs Screen ................................................................................................96
Part II: Technical Reference............................................................................98
Chapter 6
Monitor...............................................................................................................................................100
6.1 Overview .........................................................................................................................................100
6.1.1 What You Can Do in this Chapter ..........................................................................................100
6.2 The Port Statistics Screen ..............................................................................................................101
6.2.1 The Port Statistics Graph Screen .........................................................................................102
6.3 Interface Status Screen ...................................................................................................................103
6.4 The Traffic Statistics Screen ............................................................................................................105
6.5 The Session Monitor Screen ..........................................................................................................108
6.6 IGMP Statistics ................................................................................................................................109
6.7 The DDNS Status Screen ............................................................................................................... 110
6.8 IP/MAC Binding ............................................................................................................................... 111
6.9 The Login Users Screen ................................................................................................................ 111
6.10 Cellular Status Screen ................................................................................................................... 112
6.11 The UPnP Port Status Screen ...................................................................................................... 114
6.12 USB Storage Screen ..................................................................................................................... 115
6.13 Ethernet Neighbor Screen ............................................................................................................ 116
6.14 Wireless ....................................................................................................................................... 117
6.14.1 Wireless AP Information: Radio List .................................................................................... 117
6.14.2 Radio List More Information ................................................................................................ 119
6.14.3 Wireless Station Info ............................................................................................................120
6.14.4 Detected Device .................................................................................................................121
6.15 The IPSec Monitor Screen ............................................................................................................122
6.15.1 Regular Expressions in Searching IPSec SAs ....................................................................123
6.16 The SSL Screen ............................................................................................................................ 123
6.17 The L2TP over IPSec Session Monitor Screen ............................................................................. 124
6.18 The Content Filter Screen .............................................................................................................125
6.19 The Anti-Spam Screens ................................................................................................................127
6.19.1 Anti-Spam Report ................................................................................................................127
6.19.2 The Anti-Spam Status Screen .............................................................................................129
6.20 Log Screens .................................................................................................................................. 130
6.20.1 View Log ..............................................................................................................................130
USG20(W)-VPN Series User’s Guide
4
Chapter 7
Licensing...........................................................................................................................................133
7.1 Registration Overview .....................................................................................................................133
7.1.1 What you Need to Know ........................................................................................................133
7.1.2 Registration Screen ...............................................................................................................134
7.1.3 Service Screen ......................................................................................................................134
Chapter 8
Wireless.............................................................................................................................................136
8.1 Overview .........................................................................................................................................136
8.1.1 What You Can Do in this Chapter ..........................................................................................136
8.1.2 What You Need to Know ........................................................................................................136
8.2 AP Management Screen ................................................................................................................137
8.3 DCS Screen ...................................................................................................................................138
8.4 Technical Reference ........................................................................................................................138
8.4.1 Dynamic Channel Selection ..................................................................................................138
Chapter 9
Interfaces...........................................................................................................................................140
9.1 Interface Overview ..........................................................................................................................140
9.1.1 What You Can Do in this Chapter ..........................................................................................140
9.1.2 What You Need to Know ........................................................................................................141
9.1.3 What You Need to Do First ....................................................................................................145
9.2 Port Role Screen .............................................................................................................................145
9.3 Ethernet Summary Screen ..............................................................................................................146
9.3.1 Ethernet Edit .........................................................................................................................148
9.3.2 Object References .................................................................................................................163
9.3.3 Add/Edit DHCPv6 Request/Release Options ........................................................................164
9.3.4 Add/Edit DHCP Extended Options ........................................................................................165
9.4 PPP Interfaces ................................................................................................................................166
9.4.1 PPP Interface Summary ........................................................................................................ 167
9.4.2 PPP Interface Add or Edit .....................................................................................................168
9.5 Cellular Configuration Screen .........................................................................................................173
9.5.1 Cellular Choose Slot .............................................................................................................176
9.5.2 Add / Edit Cellular Configuration ........................................................................................... 176
9.6 Tunnel Interfaces ............................................................................................................................182
9.6.1 Configuring a Tunnel .............................................................................................................184
9.6.2 Tunnel Add or Edit Screen .....................................................................................................185
9.7 VLAN Interfaces .............................................................................................................................188
9.7.1 VLAN Summary Screen ........................................................................................................190
9.7.2 VLAN Add/Edit ......................................................................................................................192
9.8 Bridge Interfaces ............................................................................................................................ 201
9.8.1 Bridge Summary ....................................................................................................................203
USG20(W)-VPN Series User’s Guide
5
9.8.2 Bridge Add/Edit .....................................................................................................................204
9.9 Virtual Interfaces ............................................................................................................................ 213
9.9.1 Virtual Interfaces Add/Edit .....................................................................................................213
9.10 Interface Technical Reference .......................................................................................................215
9.11 Trunk Overview ............................................................................................................................ 218
9.11.1 What You Need to Know ......................................................................................................218
9.12 The Trunk Summary Screen .........................................................................................................221
9.12.1 Configuring a User-Defined Trunk .......................................................................................222
9.12.2 Configuring the System Default Trunk ................................................................................224
Chapter 10
Routing ..............................................................................................................................................226
10.1 Policy and Static Routes Overview ...............................................................................................226
10.1.1 What You Can Do in this Chapter ........................................................................................226
10.1.2 What You Need to Know .....................................................................................................227
10.2 Policy Route Screen ......................................................................................................................228
10.2.1 Policy Route Edit Screen .....................................................................................................230
10.3 IP Static Route Screen ..................................................................................................................235
10.3.1 Static Route Add/Edit Screen ..............................................................................................235
10.4 Policy Routing Technical Reference ..............................................................................................237
10.5 Routing Protocols Overview .........................................................................................................238
10.5.1 What You Need to Know ......................................................................................................238
10.6 The RIP Screen .............................................................................................................................238
10.7 The OSPF Screen ......................................................................................................................... 240
10.7.1 Configuring the OSPF Screen .............................................................................................243
10.7.2 OSPF Area Add/Edit Screen ..............................................................................................244
10.7.3 Virtual Link Add/Edit Screen ...............................................................................................246
10.8 Routing Protocol Technical Reference .......................................................................................... 247
Chapter 11
DDNS................................................................................................................................................249
11.1 DDNS Overview ............................................................................................................................249
11.1.1 What You Can Do in this Chapter ........................................................................................249
11.1.2 What You Need to Know ......................................................................................................249
11.2 The DDNS Screen .........................................................................................................................250
11.2.1 The Dynamic DNS Add/Edit Screen .................................................................................... 251
Chapter 12
NAT.....................................................................................................................................................255
12.1 NAT Overview ...............................................................................................................................255
12.1.1 What You Can Do in this Chapter ........................................................................................255
12.1.2 What You Need to Know ......................................................................................................255
12.2 The NAT Screen ............................................................................................................................255
USG20(W)-VPN Series User’s Guide
6
12.2.1 The NAT Add/Edit Screen ....................................................................................................257
12.3 NAT Technical Reference ..............................................................................................................260
Chapter 13
HTTP Redirect...................................................................................................................................262
13.1 Overview .......................................................................................................................................262
13.1.1 What You Can Do in this Chapter ........................................................................................262
13.1.2 What You Need to Know ......................................................................................................262
13.2 The HTTP Redirect Screen ...........................................................................................................263
13.2.1 The HTTP Redirect Edit Screen ..........................................................................................264
Chapter 14
ALG ....................................................................................................................................................266
14.1 ALG Overview ............................................................................................................................... 266
14.1.1 What You Need to Know ......................................................................................................266
14.1.2 Before You Begin .................................................................................................................269
14.2 The ALG Screen ...........................................................................................................................269
14.3 ALG Technical Reference .............................................................................................................271
Chapter 15
UPnP ..................................................................................................................................................273
15.1 UPnP and NAT-PMP Overview .....................................................................................................273
15.2 What You Need to Know ...............................................................................................................273
15.2.1 NAT Traversal ......................................................................................................................273
15.2.2 Cautions with UPnP and NAT-PMP .....................................................................................274
15.3 UPnP Screen ................................................................................................................................274
15.4 Technical Reference ...................................................................................................................... 275
15.4.1 Turning on UPnP in Windows 7 Example ............................................................................275
15.4.2 Using UPnP in Windows XP Example .................................................................................277
15.4.3 Web Configurator Easy Access ...........................................................................................279
Chapter 16
IP/MAC Binding.................................................................................................................................282
16.1 IP/MAC Binding Overview .............................................................................................................282
16.1.1 What You Can Do in this Chapter ........................................................................................282
16.1.2 What You Need to Know ......................................................................................................282
16.2 IP/MAC Binding Summary ............................................................................................................283
16.2.1 IP/MAC Binding Edit ............................................................................................................283
16.2.2 Static DHCP Edit .................................................................................................................284
16.3 IP/MAC Binding Exempt List .........................................................................................................285
Chapter 17
Layer 2 Isolation ...............................................................................................................................287
USG20(W)-VPN Series User’s Guide
7
17.1 Overview .......................................................................................................................................287
17.1.1 What You Can Do in this Chapter ........................................................................................287
17.2 Layer-2 Isolation General Screen ................................................................................................288
17.3 White List Screen ..........................................................................................................................288
17.3.1 Add/Edit White List Rule .....................................................................................................289
Chapter 18
Inbound Load Balancing..................................................................................................................291
18.1 Inbound Load Balancing Overview ...............................................................................................291
18.1.1 What You Can Do in this Chapter ........................................................................................291
18.2 The Inbound LB Screen ................................................................................................................ 292
18.2.1 The Inbound LB Add/Edit Screen ........................................................................................293
18.2.2 The Inbound LB Member Add/Edit Screen ..........................................................................295
Chapter 19
Web Authentication .........................................................................................................................297
19.1 Web Auth Overview ...................................................................................................................... 297
19.1.1 What You Can Do in this Chapter ........................................................................................297
19.1.2 What You Need to Know ......................................................................................................298
19.2 Web Authentication Screen ...........................................................................................................298
19.2.1 Creating Exceptional Services .............................................................................................301
19.2.2 Creating/Editing an Authentication Policy ............................................................................301
19.3 SSO Overview ............................................................................................................................... 302
19.4 SSO - USG Configuration .............................................................................................................304
19.4.1 Configuration Overview .......................................................................................................304
19.4.2 Configure the USG to Communicate with SSO ...................................................................304
19.4.3 Enable Web Authentication .................................................................................................305
19.4.4 Create a Security Policy ......................................................................................................306
19.4.5 Configure User Information .................................................................................................307
19.4.6 Configure an Authentication Method ...................................................................................308
19.4.7 Configure Active Directory ...................................................................................................309
19.5 SSO Agent Configuration ..............................................................................................................310
Chapter 20
Security Policy..................................................................................................................................314
20.1 Overview .......................................................................................................................................314
20.2 One Security .................................................................................................................................314
20.3 What You Can Do in this Chapter .................................................................................................318
20.3.1 What You Need to Know ......................................................................................................318
20.4 The Security Policy Screen ...........................................................................................................320
20.4.1 Configuring the Security Policy Control Screen ...................................................................321
20.4.2 The Security Policy Control Add/Edit Screen ......................................................................324
20.5 The Session Control Screen .........................................................................................................326
USG20(W)-VPN Series User’s Guide
8
20.5.1 The Session Control Add/Edit Screen .................................................................................328
20.6 Security Policy Example Applications ...........................................................................................329
Chapter 21
IPSec VPN..........................................................................................................................................332
21.1 Virtual Private Networks (VPN) Overview .....................................................................................332
21.1.1 What You Can Do in this Chapter ........................................................................................334
21.1.2 What You Need to Know ......................................................................................................335
21.1.3 Before You Begin .................................................................................................................336
21.2 The VPN Connection Screen ........................................................................................................337
21.2.1 The VPN Connection Add/Edit (IKE) Screen .......................................................................338
21.3 The VPN Gateway Screen ............................................................................................................344
21.3.1 The VPN Gateway Add/Edit Screen ....................................................................................346
21.4 VPN Concentrator ........................................................................................................................353
21.4.1 VPN Concentrator Requirements and Suggestions ............................................................353
21.4.2 VPN Concentrator Screen ...................................................................................................354
21.4.3 The VPN Concentrator Add/Edit Screen .............................................................................354
21.5 USG IPSec VPN Client Configuration Provisioning ......................................................................355
21.6 IPSec VPN Background Information .............................................................................................357
Chapter 22
SSL VPN ............................................................................................................................................367
22.1 Overview .......................................................................................................................................367
22.1.1 What You Can Do in this Chapter ........................................................................................367
22.1.2 What You Need to Know ......................................................................................................367
22.2 The SSL Access Privilege Screen ................................................................................................368
22.2.1 The SSL Access Privilege Policy Add/Edit Screen .............................................................369
22.3 The SSL Global Setting Screen ....................................................................................................372
22.3.1 How to Upload a Custom Logo ............................................................................................373
22.4 USG SecuExtender .......................................................................................................................374
22.4.1 Example: Configure USG for SecuExtender .......................................................................375
Chapter 23
SSL User Screens.............................................................................................................................378
23.1 Overview .......................................................................................................................................378
23.1.1 What You Need to Know ......................................................................................................378
23.2 Remote SSL User Login ...............................................................................................................379
23.3 The SSL VPN User Screens .........................................................................................................382
23.4 Bookmarking the USG ..................................................................................................................383
23.5 Logging Out of the SSL VPN User Screens .................................................................................. 384
23.6 SSL User Application Screen ........................................................................................................384
23.7 SSL User File Sharing ...................................................................................................................385
23.7.1 The Main File Sharing Screen ............................................................................................. 385
USG20(W)-VPN Series User’s Guide
9
23.7.2 Opening a File or Folder ......................................................................................................386
23.7.3 Downloading a File ..............................................................................................................387
23.7.4 Saving a File ........................................................................................................................387
23.7.5 Creating a New Folder .........................................................................................................388
23.7.6 Renaming a File or Folder ...................................................................................................388
23.7.7 Deleting a File or Folder ......................................................................................................389
23.7.8 Uploading a File ...................................................................................................................389
Chapter 24
USG SecuExtender (Windows)........................................................................................................391
24.1 The USG SecuExtender Icon ........................................................................................................391
24.2 Status ............................................................................................................................................ 391
24.3 View Log .......................................................................................................................................392
24.4 Suspend and Resume the Connection .........................................................................................393
24.5 Stop the Connection ......................................................................................................................393
24.6 Uninstalling the USG SecuExtender .............................................................................................393
Chapter 25
L2TP VPN...........................................................................................................................................395
25.1 Overview .......................................................................................................................................395
25.1.1 What You Can Do in this Chapter ........................................................................................395
25.1.2 What You Need to Know ......................................................................................................395
25.2 L2TP VPN Screen ......................................................................................................................... 396
25.2.1 Example: L2TP and USG Behind a NAT Router .................................................................398
Chapter 26
BWM (Bandwidth Management) ...................................................................................................400
26.1 Overview .......................................................................................................................................400
26.1.1 What You Can Do in this Chapter ........................................................................................400
26.1.2 What You Need to Know .....................................................................................................400
26.2 The Bandwidth Management Screen ............................................................................................404
26.2.1 The Bandwidth Management Add/Edit Screen ....................................................................406
Chapter 27
Content Filtering...............................................................................................................................415
27.1 Overview .......................................................................................................................................415
27.1.1 What You Can Do in this Chapter ........................................................................................415
27.1.2 What You Need to Know ......................................................................................................415
27.1.3 Before You Begin .................................................................................................................416
27.2 Content Filter Profile Screen .........................................................................................................417
27.3 Content Filter Profile Add or Edit Screen ......................................................................................419
27.3.1 Content Filter Add Profile Category Service ........................................................................420
27.3.2 Content Filter Add Filter Profile Custom Service ................................................................427
USG20(W)-VPN Series User’s Guide
10
27.4 Content Filter Trusted Web Sites Screen .....................................................................................430
27.5 Content Filter Forbidden Web Sites Screen .................................................................................431
27.6 Content Filter Technical Reference ...............................................................................................432
Chapter 28
Anti-Spam..........................................................................................................................................434
28.1 Overview .......................................................................................................................................434
28.1.1 What You Can Do in this Chapter ........................................................................................434
28.1.2 What You Need to Know ......................................................................................................434
28.2 Before You Begin ..........................................................................................................................435
28.3 The Anti-Spam Profile Screen .......................................................................................................436
28.3.1 The Anti-Spam Profile Add or Edit Screen ..........................................................................437
28.4 The Mail Scan Screen ...................................................................................................................439
28.5 The Anti-Spam Black List Screen ..................................................................................................441
28.5.1 The Anti-Spam Black or White List Add/Edit Screen ...........................................................443
28.5.2 Regular Expressions in Black or White List Entries .............................................................444
28.6 The Anti-Spam White List Screen .................................................................................................444
28.7 The DNSBL Screen .......................................................................................................................446
28.8 Anti-Spam Technical Reference ....................................................................................................448
Chapter 29
Object.................................................................................................................................................452
29.1 Zones Overview ............................................................................................................................452
29.1.1 What You Need to Know ......................................................................................................452
29.1.2 The Zone Screen .................................................................................................................453
29.2 User/Group Overview ....................................................................................................................454
29.2.1 What You Need To Know .....................................................................................................455
29.2.2 User/Group User Summary Screen .....................................................................................457
29.2.3 User/Group Group Summary Screen ..................................................................................460
29.2.4 User/Group Setting Screen ................................................................................................461
29.2.5 User/Group MAC Address Summary Screen .....................................................................466
29.2.6 User /Group Technical Reference .......................................................................................467
29.3 AP Profile Overview ......................................................................................................................468
29.3.1 Radio Screen .......................................................................................................................469
29.3.2 SSID Screen .......................................................................................................................475
29.4 MON Profile ..................................................................................................................................484
29.4.1 Overview .............................................................................................................................. 484
29.4.2 MON Profile .........................................................................................................................484
29.5 Address Overview ......................................................................................................................... 487
29.5.1 What You Need To Know .....................................................................................................487
29.5.2 Address Summary Screen ...................................................................................................487
29.6 Service Overview ..........................................................................................................................491
29.6.1 What You Need to Know ......................................................................................................492
USG20(W)-VPN Series User’s Guide
11
29.6.2 The Service Summary Screen .............................................................................................492
29.6.3 The Service Group Summary Screen .................................................................................494
29.7 Schedule Overview ......................................................................................................................496
29.7.1 What You Need to Know ......................................................................................................496
29.7.2 The Schedule Summary Screen ..........................................................................................497
29.7.3 The Schedule Group Screen ...............................................................................................500
29.8 AAA Server Overview .................................................................................................................501
29.8.1 Directory Service (AD/LDAP) ..............................................................................................502
29.8.2 RADIUS Server ...................................................................................................................502
29.8.3 ASAS ...................................................................................................................................502
29.8.4 What You Need To Know .....................................................................................................503
29.8.5 Active Directory or LDAP Server Summary ......................................................................... 504
29.8.6 RADIUS Server Summary ...................................................................................................508
29.9 Auth. Method Overview ...............................................................................................................510
29.9.1 Before You Begin .................................................................................................................510
29.9.2 Example: Selecting a VPN Authentication Method ..............................................................510
29.9.3 Authentication Method Objects ............................................................................................511
29.10 Certificate Overview ...................................................................................................................513
29.10.1 What You Need to Know ....................................................................................................513
29.10.2 Verifying a Certificate .........................................................................................................515
29.10.3 The My Certificates Screen ...............................................................................................516
29.10.4 The Trusted Certificates Screen .......................................................................................523
29.10.5 Certificates Technical Reference .......................................................................................528
29.11 ISP Account Overview ................................................................................................................528
29.11.1 ISP Account Summary .......................................................................................................528
29.12 SSL Application Overview .......................................................................................................... 531
29.12.1 What You Need to Know ....................................................................................................531
29.12.2 The SSL Application Screen ..............................................................................................533
Chapter 30
System...............................................................................................................................................537
30.1 Overview .......................................................................................................................................537
30.1.1 What You Can Do in this Chapter ........................................................................................537
30.2 Host Name ....................................................................................................................................538
30.3 USB Storage .................................................................................................................................538
30.4 Date and Time ...............................................................................................................................539
30.4.1 Pre-defined NTP Time Servers List .....................................................................................542
30.4.2 Time Server Synchronization ...............................................................................................542
30.5 Console Port Speed ......................................................................................................................543
30.6 DNS Overview ............................................................................................................................... 544
30.6.1 DNS Server Address Assignment .......................................................................................544
30.6.2 Configuring the DNS Screen ...............................................................................................544
30.6.3 Address Record ..................................................................................................................547
USG20(W)-VPN Series User’s Guide
12
30.6.4 PTR Record .........................................................................................................................548
30.6.5 Adding an Address/PTR Record ......................................................................................... 548
30.6.6 CNAME Record ...................................................................................................................548
30.6.7 Adding a CNAME Record ....................................................................................................549
30.6.8 Domain Zone Forwarder .....................................................................................................549
30.6.9 Adding a Domain Zone Forwarder ......................................................................................549
30.6.10 MX Record ........................................................................................................................550
30.6.11 Adding a MX Record ..........................................................................................................551
30.6.12 Security Option Control .....................................................................................................551
30.6.13 Editing a Security Option Control ......................................................................................551
30.6.14 Adding a DNS Service Control Rule ..................................................................................552
30.7 WWW Overview ............................................................................................................................ 553
30.7.1 Service Access Limitations ..................................................................................................553
30.7.2 System Timeout ...................................................................................................................554
30.7.3 HTTPS .................................................................................................................................554
30.7.4 Configuring WWW Service Control .....................................................................................555
30.7.5 Service Control Rules ..........................................................................................................558
30.7.6 Customizing the WWW Login Page .................................................................................... 559
30.7.7 HTTPS Example ..................................................................................................................562
30.8 SSH ............................................................................................................................................569
30.8.1 How SSH Works ..................................................................................................................570
30.8.2 SSH Implementation on the USG ........................................................................................ 571
30.8.3 Requirements for Using SSH ...............................................................................................571
30.8.4 Configuring SSH ..................................................................................................................571
30.8.5 Secure Telnet Using SSH Examples ...................................................................................572
30.9 Telnet ............................................................................................................................................573
30.9.1 Configuring Telnet ................................................................................................................573
30.10 FTP ............................................................................................................................................575
30.10.1 Configuring FTP ................................................................................................................575
1 SNMP ......................................................................................................................................... 576
30.1
30.11.1 SNMPv3 and Security ........................................................................................................577
30.11.2 Supported MIBs .................................................................................................................577
30.11.3 SNMP Traps ......................................................................................................................577
30.11.4 Configuring SNMP .............................................................................................................578
30.12 Authentication Server ..................................................................................................................580
30.12.1 Add/Edit Trusted RADIUS Client ......................................................................................581
30.13 CloudCNM Screen ......................................................................................................................582
30.14 Language Screen ........................................................................................................................ 585
30.15 IPv6 Screen .................................................................................................................................585
30.16 ZyXEL One Network (ZON) Utility ..............................................................................................586
30.16.1 ZyXEL One Network (ZON) System Screen .....................................................................587
Chapter 31
Log and Report .................................................................................................................................589
USG20(W)-VPN Series User’s Guide
13
31.1 Overview .......................................................................................................................................589
31.1.1 What You Can Do In this Chapter ........................................................................................589
31.2 Email Daily Report ........................................................................................................................ 589
31.3 Log Setting Screens .....................................................................................................................591
31.3.1 Log Settings .........................................................................................................................592
31.3.2 Edit System Log Settings ...................................................................................................593
31.3.3 Edit Log on USB Storage Setting .......................................................................................596
31.3.4 Edit Remote Server Log Settings .......................................................................................598
31.3.5 Log Category Settings Screen .............................................................................................600
Chapter 32
File Manager......................................................................................................................................604
32.1 Overview .......................................................................................................................................604
32.1.1 What You Can Do in this Chapter ........................................................................................604
32.1.2 What you Need to Know ......................................................................................................604
32.2 The Configuration File Screen ......................................................................................................606
32.3 The Firmware Package Screen ....................................................................................................610
32.4 The Shell Script Screen ............................................................................................................... 612
Chapter 33
Diagnostics ......................................................................................................................................615
33.1 Overview .......................................................................................................................................615
33.1.1 What You Can Do in this Chapter ........................................................................................615
33.2 The Diagnostic Screen .................................................................................................................. 615
33.2.1 The Diagnostics Files Screen ..............................................................................................616
33.3 The Packet Capture Screen ..........................................................................................................617
33.3.1 The Packet Capture Files Screen ........................................................................................620
33.4 The Core Dump Screen ................................................................................................................620
33.4.1 The Core Dump Files Screen .............................................................................................621
33.5 The System Log Screen ................................................................................................................622
33.6 The Network Tool Screen ..............................................................................................................622
33.7 The Wireless Frame Capture Screen ...........................................................................................623
33.7.1 The Wireless Frame Capture Files Screen ........................................................................625
Chapter 34
Packet Flow Explore ........................................................................................................................627
34.1 Overview .......................................................................................................................................627
34.1.1 What You Can Do in this Chapter ........................................................................................627
34.2 The Routing Status Screen ...........................................................................................................627
34.3 The SNAT Status Screen ..............................................................................................................632
Chapter 35
Shutdown...........................................................................................................................................635
USG20(W)-VPN Series User’s Guide
14
35.1 Overview .......................................................................................................................................635
35.1.1 What You Need To Know .....................................................................................................635
35.2 The Shutdown Screen ...................................................................................................................635
Chapter 36
Troubleshooting................................................................................................................................636
36.1 Resetting the USG ........................................................................................................................644
36.2 Getting More Troubleshooting Help ..............................................................................................645
Appendix A Customer Support ........................................................................................................646
Appendix B Legal Information..........................................................................................................652
Appendix C Product Features..........................................................................................................661
Index ..................................................................................................................................................665
USG20(W)-VPN Series User’s Guide
15
PART I
User’s Guide
16
17
1.1 Overview
“USG” in this User’s Guide refers to all USG models in the series. Table 1 USG Models
USG20-VPN USG20W-VPN
USG20W-VPN has built-in Wi-Fi functionality
•See Table 12 on page 47 for default port / interface name mapping. See Table 13 on page 48 for default interface / zone mapping.
See the product’s datasheet for detailed information on a specific model.
CHAPTER 1
Introduction
1.1.1 Applications
These are some USG application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall, Content Filtering (CF) and Anti-Spam (AS).
Figure 1 Applications: Security RouterApplications: Security Router
USG20(W)-VPN Series User’s Guide
18
Chapter 1 Introduction
OTP PIN
SafeWord 2008 Authentication Server
File
Email
Web-based
Server
Server
Application
*****
IPv6 Routing
The USG supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The USG can also route IPv6 packets through IPv4 networks using different tunneling methods.
Figure 2 Applications: IPv6 Routing
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also purchase the USG OTPv2 One-Time Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins.
Figure 3 Applications: VPN Connectivity
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the USG’s web address and enters his user name and password to securely connect to the USG’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
USG20(W)-VPN Series User’s Guide
19
Chapter 1 Introduction
Web Mail File Share
Web-based Application
https://
Application Server
Non-Web
LAN (192.168.1.X)
A
B
C
Figure 4 SSL VPN With Full Tunnel Mode
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet. User C is not even logged in, so and cannot access either the Internet or the file server.
Figure 5 Applications: User-Aware Access Control
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Figure 6 Applications: Multiple WAN Interfaces
1.2 Management Overview
You can manage the USG in the following ways.
USG20(W)-VPN Series User’s Guide
20
Chapter 1 Introduction
Web Configurator
The Web Configurator allows easy USG setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator.
Figure 7 Managing the USG: Web Configurator
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the USG. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
T
able 2 Console Port Default Settings
SETTING VALUE
Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off
FTP
Use File Transfer Protocol for firmware upgrades and configuration backup/restore.
SNMP
The device can be monitored and/or managed by an SNMP manager. See Section 30.11 on page
576.
USG20(W)-VPN Series User’s Guide
21
Cloud CNM
Use the CloudCNM screen (see Section 30.13 on page 582) to enable and configure management of the USG by a Central Network Management system.
1.3 Web Configurator
In order to use the Web Configurator, you must:
• Use one of the following web browser versions or later: Internet Explorer 7, Firefox 3.5, Chrome
9.0
• Allow pop-up windows (blocked by default in Windows XP Service Pack 2)
• Enable JavaScripts, Java permissions, and cookies
The recommended screen resolution is 1024 x 768 pixels.
1.3.1 Web Configurator Access
Chapter 1 Introduction
1 Make sure your USG hardware is properly connected. See the Quick Start Guide.
2 In your browser go to http://192.168.1.1. By default, the USG automatically routes this request to
its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
3 Type the user name (default: “admin”) and password (default: “1234”).
If you have a OTP (One-Time Password) token generate a number and enter it in the One-Time Password field. The number is only good for one login. You must use the token to generate a new number the next time you log in.
4 Click Login. If you logged in using the default user name and password, the Update Admin Info
screen appears. Otherwise, the dashboard appears.
USG20(W)-VPN Series User’s Guide
22
Chapter 1 Introduction
5 The Network Risk Warning screen displays any unregistered or disabled security services. Select
how often to display the screen and click OK.
If you select Never and you later want to bring this screen back, use these commands (note the space before the underscore).
Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after-30-days every-time never Router(config)# service-register _setremind every-time Router(config)#
See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands.
USG20(W)-VPN Series User’s Guide
23
Chapter 1 Introduction
A
C
B
6 Follow the directions in the Update Admin Info screen. If you change the default password, the
Login screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the USG is using its default configuration; otherwise the dashboard appears.
1.3.2 Web Configurator Screens Overview
The Web Configurator screen is divided into these parts (as illustrated on page 24):
A - title bar
B - navigation panel
C - main window
Title Bar
Figure 8 Title Bar
USG20(W)-VPN Series User’s Guide
24
Chapter 1 Introduction
The title bar icons in the upper right corner provide the following functions.
Table 3 Title Bar: Web Configurator Icons
LABEL DESCRIPTION
Logout Click this to log out of the Web Configurator. Help Click this to open the help page for the current screen. About Click this to display basic information about the USG. Site Map Click this to see an overview of links to the Web Configurator screens. Object Reference Click this to check which configuration items reference an object. Console Click this to open a Java-based console window from which you can run command line
CLI Click this to open a popup window that displays the CLI commands sent by the Web
interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.
Configurator to the USG.
About
Click About to display basic information about the USG.
Figure 9 About
Table 4 About
LABEL DESCRIPTION
Current Version This shows the firmware version of the USG. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. OK Click this to close the screen.
Site Map
Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen.
USG20(W)-VPN Series User’s Guide
25
Figure 10 Site Map
Object Reference
Chapter 1 Introduction
Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
Figure 11 Object Reference
The fields vary with the type of object. This table describes labels that can appear in this screen.
Table 5 Object References
LABEL DESCRIPTION
Object Name This identifies the object for which the configuration settings that use it are displayed. Click the
# This field is a sequential value, and it is not associated with any entry. Service This is the type of setting that references the selected object. Click a service’s name to display
object’s name to display the object’s configuration screen in the main window.
the service’s configuration screen in the main window.
USG20(W)-VPN Series User’s Guide
26
Chapter 1 Introduction
Table 5 Object References (continued)
LABEL DESCRIPTION
Priority If it is applicable, this field lists the referencing configuration item’s position in its list,
Name This field identifies the configuration item that references the object. Description If the referencing configuration item has a description configured, it displays here. Refresh Click this to update the information in this screen. Cancel Click Cancel to close the screen.
otherwise N/A displays.
Console
Click Console to open a Java-based console window from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.
Figure 12 Console Window
CLI Messages
Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the web configurator to display the corresponding commands.
USG20(W)-VPN Series User’s Guide
27
Figure 13 CLI Messages
1.3.3 Navigation Panel
Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the USG’s navigation panel menus and their screens.
Figure 14 Navigation Panel
Chapter 1 Introduction
Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See the Web Help for details on the dashboard.
USG20(W)-VPN Series User’s Guide
28
Chapter 1 Introduction
Monitor Menu
The monitor menu screens display status and statistics information.
Table 6 Monitor Menu Screens Summary
FOLDER OR LINK TAB FUNCTION
System Status
Port Statistics Port
Interface Status
Traffic Statistics
Session Monitor
IGMP Statistics IGMP
DDNS Status DDNS
IP/MAC Binding IP/MAC
Login Users Login Users Lists the users currently logged into the USG. Cellular Status Cellular
UPnP Port Status
USB Storage Storage
Ethernet Neighbor
Wireless
AP Information WLAN
DCS Configure dynamic wireless channel selection.
VPN Monitor
IPSec IPSec Displays and manages the active IPSec SAs. SSL SSL Lists users currently logged into the VPN SSL client portal. You can also
L2TP over IPSec
UTM Statistics
Content Filter Report Collect and display content filter statistics Anti-Spam Report Collect and display spam statistics.
Log View Log Lists log entries.
Statistics Interface
Summary Tra ffic
Statistics Session
Monitor
Statistics
Status
Binding
Status Port
Statistics
Information Ethernet
Neighbor
Setting
Session Monitor
Status Displays how many mail sessions the USG is currently checking and
View AP Log Lists AP log entries.
Displays packet statistics for each physical port.
Displays general interface information and packet statistics.
Collect and display traffic statistics.
Displays the status of all current sessions.
Collect and display IGMP statistics.
Displays the status of the USG’s DDNS domain names.
Lists the devices that have received an IP address from USG interfaces using IP/MAC binding.
Displays details about the USG’s mobile broadband connection status.
Displays details about UPnP connections going through the USG.
Displays details about USB device connected to the USG.
View and manage the USG’s neighboring devices via Smart Connect (Layer Link Discovery Protocol (LLDP)). Use the ZyXEL One Network (ZON) utility to view and manage the USG’s neighboring devices via the ZyXEL Discovery Protocol (ZDP).
Edit wireless AP information, remove APs, and reboot them.
log out individual users and delete related session information. Displays details about current L2TP sessions.
DNSBL (Domain Name Service-based spam Black List) statistics.
USG20(W)-VPN Series User’s Guide
29
Chapter 1 Introduction
Configuration Menu
Use the configuration menu screens to configure the USG’s features.
Table 7 Configuration Menu Screens Summary
FOLDER OR LINK TAB FUNCTION
Quick Setup Quickly configure WAN interfaces or VPN connections. Licensing
Registration Registration Register the device and activate trial services.
Service View the licensed service status and upgrade licensed services. Wireless AP Management WLAN Setting Configuration the USG’s general wireless settings.
DCS Configure dynamic wireless channel selection.
Network
Interface Port Role Use this screen to set the USG’s flexible ports such as LAN, OPT,
Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces.
PPP Create and manage PPPoE and PPTP interfaces.
Cellular Configure a cellular Internet connection for an installed mobile
Tunnel Configure tunneling between IPv4 and IPv6 networks.
VLAN Create and manage VLAN interfaces and virtual VLAN interfaces.
Bridge Create and manage bridges and virtual bridge interfaces.
Trun k Create and manage trunks (groups of interfaces) for load
Routing Policy Route Create and manage routing policies.
Static Route Create and manage IP static routing information.
RIP Configure device-level RIP settings.
OSPF Configure device-level OSPF settings, including areas and virtual
DDNS DDNS Define and manage the USG’s DDNS domain names. NAT NAT Set up and manage port forwarding rules. HTTP Redirect HTTP Redirect Set up and manage HTTP redirection rules. ALG ALG Configure SIP, H.323, and FTP pass-through settings. UPnP UPnP Configure interfaces that allow UPnP and NAT-PMP connections. IP/MAC
Binding
Layer 2 Isolation
DNS Inbound LBDNS Load
Web Authentication
Security Policy
Summary Configure IP to MAC address bindings for devices connected to
Exempt List Configure ranges of IP addresses to which the USG does not apply
General Enable layer-2 isolation on the USG and the internal interface(s).
White List Enable and configure the white list.
Balancing
Web Authentication Define a web portal and exempt services from authentication.
SSO Configure the USG to work with a Single Sign On agent.
WLAN, or DMZ.
broadband card.
balancing.
links.
each supported interface.
IP/MAC binding.
Configure DNS Load Balancing.
USG20(W)-VPN Series User’s Guide
30
Loading...
+ 109 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use