ZyWALL USG 300
Unified Security Gateway
Default Login Details
LAN Port P1
IP Address https://192.168.1.1
User Name admin
Password 1234
www.zyxel.com
Version 2.20
Edition 1, 3/2010
www.zyxel.com
Copyright © 2010
ZyXEL Communications Corporation
About This User's Guide
About This User's Guide
Intended Audience
This manual is intended for people who want to want to configure the ZyWALL
using the Web Configurator.
How To Use This Guide
•Read Chapter 1 on page 33 chapter for an overview of features available on the
ZyWALL.
•Read Chapter 3 on page 47 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL Web Configurator.
•Read Chapter 4 on page 63 if you’re using the installation wizard for first time
setup and you want more detailed information than what the real time online
help provides.
•Read Chapter 5 on page 73 if you’re using the quick setup wizards and y ou want
more detailed information than what the real time online help provides.
• It is highly recommended you read Chapter 6 on page 91 for detailed
information on essential terms us ed in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.
• It is highly recommended you read Chapter 7 on page 115 for ZyWALL
application examples.
• Subsequent chapters are arranged by menu item as defined in the Web
Configurator. Read each chapter carefully for detailed information on that menu
item.
• To find specific information in this guide, use the Contents Overview, the
Table of Contents , the Index , or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.
Related Documentation
•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL
hardware connections and access the Web Configurator wizards. (See the
wizard real time help for information on configuring each screen.) It also
contains a connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)
to configure the ZyWALL.
Note: It is recommended you use the Web Configurator to configure the ZyWALL.
ZyWALL USG 300 User’s Guide
3
About This User's Guide
• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and
supplementary information.
Documentation Feedback
Send your comments, questions or suggestions to: techwriters@zyxel.com.tw
Thank you!
The Technical Writing Team, ZyXEL Communications Corp.,
6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.
Need More Help?
More help is available at www.zyx el.com.
• Download Library
Search for the latest product updates and documentation from this link. Read
the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.
• Knowledge Base
If you have a specific question about your product, the answer may be here.
This is a collection of answers to previously asked questions about ZyXEL
products.
•Forum
This contains discussions on ZyXEL prod ucts. Learn from others who use ZyXEL
products and share your experiences as well.
Customer Support
Should problems arise that cannot be solved by the methods listed above, you
should conta ct your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.
4
ZyWALL USG 300 User’s Guide
About This User's Guide
See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following informatio n ready when you contact an office.
• Product model and serial number.
•Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Disclaimer
Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software fo r y our dev ice. Ev ery effort has been made to ensur e that the
information in this manual is accurate.
ZyWALL USG 300 User’s Guide
5
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
Document Conventions
• A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “ret urn” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click
Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.
6
ZyWALL USG 300 User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
ZyWALL USG 300 User’s Guide
7
Safety Warnings
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power
source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
Safety Warnings
8
Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.
ZyWALL USG 300 User’s Guide
Contents Overview
Contents Overview
User’s Guide ........................................................................................................ ...................31
Introducing the ZyWALL ............................................................................................................ 33
Features and Applications ......................................................................................................... 39
Web Configurator ............................................. ... ... ... .... ............................................. ... ... .......... 47
Installation Setup Wizard .................................... ............................................................. ..........63
Quick Setup ............................................................................................................................... 73
Configuration Basics .............. ... ... .............................................................................................. 91
Tutorials ...................................................................................................................................115
L2TP VPN Example .................................................................................................................183
Technical Reference ............................................................................................................219
Dashboard .............................................................................................................................. 221
Monitor .................................................................................................................................... 235
Registration ............................................................................................................................. 277
Signature Update .....................................................................................................................283
Interfaces ..................................... ....................................................... ..................................... 289
Trunks ..................................................................................................................................... 363
Policy and Static Routes ..........................................................................................................373
Routing Protocols ....................................................................................................................389
Zones .................................. ................... ................... .................... ................... ........................ 403
DDNS ...................................................................................................................................... 407
NAT ................................. ............................. .............................. ............................. ................. 413
HTTP Redirect ........................................................................................................................ 423
ALG ......................................................................................................................................... 427
IP/MAC Binding ...................................................................................................................... 435
Authentication Policy .......... ... ................................................ .... ... ........................................... 441
Firewall .................................................................................................................................... 449
IPSec VPN ................... ... .............................................. ... ... ... .... ... ... ........................................ 467
SSL VPN ................................................................................................................................. 507
SSL User Screens ................................................................................................................... 519
SSL User Application Screens ................................................................................................ 529
SSL User File Sharing ............................................................................................................. 531
ZyWALL SecuExtender .. .... ... ... ...............................................................................................539
L2TP VPN ................................................................................................................................ 543
Application Patrol .....................................................................................................................547
Anti-Virus ................................................................................................................................. 573
IDP .......................................................................................................................................... 589
ADP ........................................................................................................................................ 623
ZyWALL USG 300 User’s Guide
9
Contents Overview
Content Filtering ..................................................................................................................... 643
Content Filter Reports ............................................................................................................. 667
Anti-Spam ................................................................................................................................ 675
Device HA ................................................................................................................................ 693
User/Group .............................................................................................................................. 715
Addresses ............................................................................................................................... 731
Services ................................. ....................................................... ........................................... 737
Schedules ................................. ................................................. .............................................. 743
AAA Server ............................................................................................................................. 749
Authentication Method ................................. ................................................. ... ... .... ................. 759
Certificates ................................... ....................... ....................... ...................... ........................ 765
ISP Accounts ......................................... ... ... .... ... ... ..................................................................787
SSL Application ....................................................................................................................... 791
Endpoint Security .................................................................................................................... 799
System ................................................................................................................................... 809
Log and Report ......................................................................................................................859
File Manager ........................................................................................................................... 873
Diagnostics ............................................................................................................................. 885
Reboot ..................................................................................................................................... 891
Shutdown ......................................... ............................. ............................. .............................. 893
Troubleshooting ..................................................... .................................................................. 895
Product Specifications ............................................................................................................. 915
10
ZyWALL USG 300 User’s Guide
Table of Contents
Table of Contents
About This User's Guide..........................................................................................................3
Document Conventions............................................................................................................6
Safety Warnings ........................................................................................................................8
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
Part I: User’s Guide................................................................................ 31
Chapter 1
Introducing the ZyWALL ........................................................................................................33
1.1 Overview and Key Default Settings .....................................................................................33
1.2 Rack-mounted Installation ................................................................................................... 33
1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34
1.3 Front Panel ......................................... ... .... ............................................. ... ... .... ... ... .............35
1.3.1 Front Panel LEDs .......................................... ............................................................. 35
1.4 Management Overview .......... .... ... ... ................................................ .... ... .............................35
1.5 Starting and Stopping the ZyWALL ............................ ... ... .... ................................................ 36
Chapter 2
Features and Applications.....................................................................................................39
2.1 Features ............................................. ... .... ... ............................................. ... .... ... ... .............39
2.2 Applications .................................................. ... ... .... ... ... ... .... ................................................ 41
2.2.1 VPN Connectivity ............. ............................................. ... ... ... .... ... ... .......................... 42
2.2.2 SSL VPN Network Access ........ ... .... ... ... ... .... ... ... ............................................. ... .... ... 42
2.2.3 User-Aware Access Control ....................................................................................... 44
2.2.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ....................................................... 44
2.2.5 Device HA .................... .... ............................................. ... ... ... .... ... ... ... ....................... 45
Chapter 3
Web Configurator....................................................................................................................47
3.1 Web Configurator Requirements ......................................................................................... 47
3.2 Web Configurator Access ....................................................................................................47
3.3 Web Configurator Screens Overview .................................................................................. 49
3.3.1 Title Bar .................................. ... ............................................. .... ... ... .......................... 50
ZyWALL USG 300 User’s Guide
11
Table of Contents
3.3.2 Navigation Panel .......... .... ... ... ... ................................................................................. 50
3.3.3 Main Window .......................... ... ............................................. .... ... ... ... .... ... ... .............57
3.3.4 Tables and Lists .. ... ... ... .... ... ... ............................................. ... .... ... ... ... .... ...................59
Chapter 4
Installation Setup Wizard.......................................................................................................63
4.1 Installation Setup Wizard Screens ...................................................................................... 63
4.1.1 Internet Access Setup - WAN Interface ..................................................................... 64
4.1.2 Internet Access: Ethernet .......................................................................................... 64
4.1.3 Internet Access: PPPoE ............................................................................................. 66
4.1.4 Internet Access: PPTP .............................................................................................. 67
4.1.5 ISP Parameters ................................... ... ... .... ... ... ............................................. ... .... ... 67
4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 69
4.1.7 Internet Access - Finish .............................................................................................69
4.2 Device Registration ........................................................................................................... 70
Chapter 5
Quick Setup.............................................................................................................................73
5.1 Quick Setup Overview ............................... ... ... ... .... ... ... ... .... ... ... .......................................... 73
5.2 WAN Interface Quick Setup .................................................................................................74
5.2.1 Choose an Ethernet Interface .................................................................... ... ... ... .... ... 74
5.2.2 Select WAN Type ............................. ... ... ... .... ............................................. ... ... ... .......74
5.2.3 Configure WAN Settings ............................................................................................ 75
5.2.4 WAN and ISP Connection Settings ............................................................................ 76
5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 78
5.3 VPN Quick Setup .......... ... ... ... .... ............................................. ... ... ... .... ... ............................. 79
5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 80
5.5 VPN Express Wizard - Scenario ......................................................................................... 81
5.5.1 VPN Express Wizard - Configuration ........................... ... ... ... .... ... ... ... ....................... 82
5.5.2 VPN Express Wizard - Summary ....................................................................... .... ... 83
5.5.3 VPN Express Wizard - Finish .................................................................................... 84
5.5.4 VPN Advanced Wizard - Scenario ............................................................................ 85
5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 86
5.5.6 VPN Advanced Wizard - Phase 2 ............................................................................. 88
5.5.7 VPN Advanced Wizard - Summary ........................................................................... 89
5.5.8 VPN Advanced Wizard - Finish ................................................................................. 90
Chapter 6
Configuration Basics..............................................................................................................91
12
6.1 Object-based Configuration .......................................................................... .... ... ... .............91
6.2 Zones, Interfaces, and Physical Ports ................................................................................. 92
6.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .......................... 93
6.2.2 Default Interface and Zone Configuration .................................................................. 94
ZyWALL USG 300 User’s Guide
Table of Contents
6.3 Terminology in the ZyWALL ................... .... ... ... ... .... ... ... ............................................. ... .... ... 95
6.4 Packet Flow ........................................ ............................................. .... ... ... ... .... ... ... .............96
6.4.1 ZLD 2.20 Packet Flow Enhancements ....................................................................... 96
6.4.2 Routing Table Checking Flow Enhancements ............................................................ 97
6.4.3 NAT Table Checking Flow ............................. ... ... ... .... ... ... ... ....................................... 98
6.5 Feature Configuration Overview ......................................................................................... 99
6.5.1 Feature ...................................... ... .... ... ... ... .... ... ............................................. ... ... ..... 100
6.5.2 Licensing Registration ............................ ... .... ... ... ... .... ... ... ........................................ 100
6.5.3 Licensing Update ................................................... .... ... ... ... ... .... ... ... ... ..................... 100
6.5.4 Interface .................... ... .............................................. ... ... ... ... .... ... ... ........................ 101
6.5.5 Trunks ............. .... ... ............................................. ... .... ... ... ........................................ 101
6.5.6 Policy Routes ................... ............................................. ... ... ... .... ... ... ... ..................... 101
6.5.7 Static Routes .................................... ... ... ... .............................................. ... ... ... ... .....103
6.5.8 Zones ............................................................ ... ... ... ............................................. ..... 103
6.5.9 DDNS ..... ............................................. ... ... .... ... ............................................. ... ... ..... 103
6.5.10 NAT ........................................................................................................................ 103
6.5.11 HTTP Redirect ........................................................................................................ 104
6.5.12 ALG ........................................................................................................................ 105
6.5.13 Auth. Policy ............................................................................................................105
6.5.14 Firewall ................................................................................................................... 105
6.5.15 IPSec VPN ............................................................................................................. 106
6.5.16 SSL VPN ................................................................................................................ 106
6.5.17 L2TP VPN .............................................................................................................. 107
6.5.18 Application Patrol ...................................................................................................107
6.5.19 Anti-Virus ................................................................................................................ 108
6.5.20 IDP ......................................................................................................................... 108
6.5.21 ADP ........................................................................................................................ 108
6.5.22 Content Filter ..........................................................................................................108
6.5.23 Anti-Spam ...............................................................................................................109
6.5.24 Device HA .............................................................................................................. 109
6.6 Objects ............................................ ... ... .... ............................................. ... ... .... ... ...............110
6.6.1 User/Group ....................... ... ... ............................................. ... .... ... ... ... .... ..................110
6.7 System ............. ............................................. ... ... .... ... .........................................................111
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ............. .... ..111
6.7.2 Logs and Reports ......................................................................................................112
6.7.3 File Manager ....................... ... ... ... .............................................................................112
6.7.4 Diagnostics ................ ... .... ... ... ... ... .............................................. ... ... ... .... ..................112
6.7.5 Shutdown .................. ... .............................................. ... ... ... ... .... ... ... .........................112
Chapter 7
Tutorials................................................................................................................................115
7.1 How to Configure Interfaces, Port Grouping, and Zones . .... ... ............................................ 115
7.1.1 Configure a WAN Ethernet Interface ............................. ... ... ... .... ... ... ... .... ... ... ... ... .... ..116
ZyWALL USG 300 User’s Guide
13
Table of Contents
7.1.2 Configure Zones ........................... .... ... ... ... ................................................................116
7.1.3 Configure Port Grouping ...........................................................................................117
7.2 How to Configure a Cellular Interface . ... ................................................. ... ... ......................118
7.3 How to Configure Load Balancing ..................................................................................... 120
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 121
7.3.2 Configure the WAN Trunk ........................................................................................ 122
7.4 How to Set Up a Wireless LAN .......................................................................................... 123
7.4.1 Set Up User Accounts .............................................................................................. 123
7.4.2 Create the WLAN Interface ....... ... .... ... ... ................................................. ... ... ... ........124
7.4.3 Set Up the Wireless Clients to Use the WLAN Interface .......................................... 127
7.5 How to Set Up an IPSec VPN Tunnel ................................................................................ 139
7.5.1 Set Up the VPN Gateway ......................................................................................... 140
7.5.2 Set Up the VPN Connection ..................................................................................... 140
7.5.3 Configure Security Policies for the VPN Tunnel ...................................... ................. 142
7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 142
7.7 How to Configure User-aware Access Control .................................................................. 144
7.7.1 Set Up User Accounts .............................................................................................. 145
7.7.2 Set Up User Groups ................................................................................................. 146
7.7.3 Set Up User Authentication Using the RADIUS Server ............................. ... ... ... .....146
7.7.4 Web Surfing Policies With Bandwidth Restrictions .................................................. 148
7.7.5 Set Up MSN Policies ................................................................................................ 151
7.7.6 Set Up Firewall Rules ............................................................................................... 152
7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 153
7.9 How to Use Endpoint Security and Authentication Policies ............................................... 155
7.9.1 Configure the Endpoint Security Objects .................................................................155
7.9.2 Configure the Authentication Policy ......................................................................... 157
7.10 How to Configure Service Control ................................................................................... 158
7.10.1 Allow HTTPS Administrator Access Only From the LAN ....................................... 159
7.11 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................ 161
7.11.1 Turn On the ALG .................................................................................................... 162
7.11.2 Set Up a NAT Policy For H.323 .............................................................................. 162
7.11.3 Set Up a Firewall Rule For H.323 ........................................................................... 164
7.12 How to Allow Public Access to a Web Server ............................. ... ....... ...... ....... ...... ....... . 165
7.12.1 Create the Address Objects ...................................................................................166
7.12.2 Configure NAT ........................................................................................................ 166
7.12.3 Set Up a Firewall Rule ........................................................................................... 167
7.13 How to Use an IPPBX on the DMZ ............................................................................. .... . 168
7.13.1 Turn On the ALG .................................................................................................... 170
7.13.2 Create the Address Objects ...................................................................................170
7.13.3 Setup a NAT Policy for the IPPBX ......................................................................... 171
7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP .........................................................172
7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP ........................................................... 173
7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ............... 174
14
ZyWALL USG 300 User’s Guide
Table of Contents
7.14.1 Create the Public IP Address Range Object ............ .............................................. 174
7.14.2 Configure the Policy Route .................................................................................... 175
7.15 How to Use Active-Passive Device HA ........................................................................... 175
7.15.1 Before You Start ..................................................................................................... 176
7.15.2 Configure Device HA on the Master ZyWALL ........................................................177
7.15.3 Configure the Backup ZyWALL .............................................................................. 179
7.15.4 Deploy the Backup ZyWALL .................................................................................. 181
7.15.5 Check Your Device HA Setup ................................................................................ 181
Chapter 8
L2TP VPN Example...............................................................................................................183
8.1 L2TP VPN Example ...........................................................................................................183
8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 183
8.3 Configuring the Default L2TP VPN Connection Example .................................................. 185
8.4 Configuring the L2TP VPN Settings Example ...................................................................186
8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 ..................................................... 187
8.5.1 Configuring L2TP in Windows Vista ......................................................................... 187
8.5.2 Configuring L2TP in Windows XP ............................................................................197
8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 203
Part II: Technical Reference................................................................ 219
Chapter 9
Dashboard............................................................................................................................221
9.1 Overview ............. ............................................. ... .... ... ... ... .... .............................................. 221
9.1.1 What Yo u Can Do in this Chapter ............................................................................ 221
9.2 The Dashboard Screen ..................................................................................................... 221
9.2.1 The CPU Usage Screen ........................................................................................... 228
9.2.2 The Memory Usage Screen ................... ... .... ... ... ... .... .............................................. 229
9.2.3 The Session Usage Screen .......................................................... ........................... 230
9.2.4 The VPN Status Screen ...... ... ... ............................................................................... 231
9.2.5 The DHCP Table Screen ..........................................................................................231
9.2.6 The Number of Login Users Screen .............................. ... ... ..................................... 232
Chapter 10
Monitor..................................................................................................................................235
10.1 Overview .......................................................................................................................... 235
10.1.1 What You Can Do in this Chapter .......................................................................... 235
10.2 The Port Statistics Screen .............................................................................................. 236
10.2.1 The Port Statistics Graph Screen .......................................................................... 238
10.3 Interface Status Screen ...................................................................................................239
ZyWALL USG 300 User’s Guide
15
Table of Contents
10.4 The Traffic Statistics Screen ............................................................................................ 243
10.5 The Session Monitor Screen .......................................................................................... 246
10.6 The DDNS Status Screen ................................................................................................248
10.7 IP/MAC Binding Monitor .................................................................................................. 249
10.8 The Login Users Screen ...................................... ... ................................................ ... .... . 250
10.9 WLAN Interface Station Monitor Screen .......................................................................... 251
10.10 Cellular Status Screen ...................................................................................................252
10.11 Application Patrol Statistics .......................... ... .... ... ... ... .... ... ... ... .....................................254
10.11.1 Application Patrol Statistics: General Setup .................... ... .... ... ... ... .... ... ... ... ... .... . 254
10.11.2 Application Patrol Statistics: Bandwidth Statistics ..... ... ........................................ 255
10.11.3 Application Patrol Statistics: Protocol Statistics ...................................................256
10.11.4 Application Patrol Statistics: Individual Protocol Statistics by Rule ...................... 257
10.12 The IPSec Monitor Screen ........................................................................................... 258
10.12.1 Regular Expressions in Searching IPSec SAs ..................................................... 260
10.13 The SSL Connection Monitor Screen ............................................................................ 261
10.14 L2TP over IPSec Session Monitor Screen .................................................................... 262
10.15 The Anti-Virus Statistics Screen .................................................................................... 263
10.16 The IDP Statistics Screen .............................................................................................. 265
10.17 The Content Filter Statistics Screen ..............................................................................267
10.18 Content Filter Cache Screen ......................................................................................... 268
10.19 The Anti-Spam Statistics Screen ................................................................................... 271
10.20 The Anti-Spam Status Screen ....................................................................................... 273
10.21 Log Screen ....................................................................................................................274
Chapter 11
Registration...........................................................................................................................277
11.1 Overview .......................................................................................................................... 277
11.1.1 What You Can Do in this Chapter ......................... .... ... ... ... ... .... ... ... ........................ 277
11.1.2 What you Need to Know ......................................................................................... 277
11.2 The Registration Screen .................................................................................................. 279
11.3 The Service Screen ......................................................................................................... 281
Chapter 12
Signature Update..................................................................................................................283
12.1 Overview .......................................................................................................................... 283
12.1.1 What You Can Do in this Chapter .......................................................................... 283
12.1.2 What you Need to Know ........................................................................................ 283
12.2 The Antivirus Update Screen ........................................................................................... 284
12.3 The IDP/AppPatrol Update Screen .................................................................................. 285
12.4 The System Protect Update Screen ............................................................................... 287
Chapter 13
Interfaces...............................................................................................................................289
16
ZyWALL USG 300 User’s Guide
Table of Contents
13.1 Interface Overview ........................................................................................................... 289
13.1.1 What You Can Do in this Chapter .......................................................................... 289
13.1.2 What You Need to Know ........................................................................................ 290
13.2 Port Grouping ................................................................................................................. 293
13.2.1 Port Grouping Overview .................... .......................................... ........................... 293
13.2.2 Port Grouping Screen ............................................................................................ 293
13.3 Ethernet Summary Screen .............................................................................................. 294
13.3.1 Ethernet Edit .........................................................................................................296
13.3.2 Object References ................................................................................................. 303
13.4 PPP Interfaces ................................................................................................................ 304
13.4.1 PPP Interface Summary ......................................................................................... 305
13.4.2 PPP Interface Add or Edit ..................................................................................... 307
13.5 Cellular Configuration Screen (3G) ..................................................................................311
13.5.1 Cellular Add/Edit Screen ......................... ............................................................... 313
13.6 WLAN Interface General Screen ..................................................................................... 320
13.6.1 WLAN Add/Edit Screen .. ... ... ... ... .... ... ... .................................................................. 323
13.6.2 WLAN Add/Edit: WEP Security ...................... ........................................................ 329
13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security ...................................................330
13.6.4 WLAN Add/Edit: WPA/WPA2 Security ...................................................................331
13.7 WLAN Interface MAC Filter ............................................................................................ 333
13.8 VLAN Interfaces ............................................................................................................. 335
13.8.1 VLAN Summary Screen ............. .... ... ..................................................................... 337
13.8.2 VLAN Add/Edit ...................................................................................................... 338
13.9 Bridge Interfaces ............................................................................................................ 345
13.9.1 Bridge Summary ....................................................................................................347
13.9.2 Bridge Add/Edit ..................................................................................................... 348
13.10 Auxiliary Interface ......................................................................................................... 354
13.10.1 Auxiliary Interface Overview ................................................................................. 354
13.10.2 Auxiliary ................................................................................................................ 354
13.11 Virtual Interfaces ............ ... .... ............................................. ... ... ... .... ... ... ........................ 356
13.11.1 Virtual Interfaces Add/Edit ..................... .... ... ... ... .... ... ... ... ... .... ... ........................... 357
13.12 Interface Technical Reference ....................................................................................... 358
Chapter 14
Trunks...................................................................................................................................363
14.1 Overview .......................................................................................................................... 363
14.1.1 What You Can Do in this Chapter .......................................................................... 363
14.1.2 What You Need to Know ........................................................................................ 364
14.2 The Trunk Summary Screen ................................................. ... ... ... .... ... ... ... .... ... ... ... ... .....368
14.3 Configuring a Trunk ........................................................................................................ 369
14.4 Trunk Technical Reference .............................................................................................. 371
Chapter 15
Policy and Static Routes......................................................................................................373
ZyWALL USG 300 User’s Guide
17
Table of Contents
15.1 Policy and Static Routes Overview .................................................................................. 373
15.1.1 What You Can Do in this Chapter .......................................................................... 373
15.1.2 What You Need to Know ....................................................................................... 374
15.2 Policy Route Screen ........................................................................................................ 376
15.2.1 Policy Route Edit Screen ....................................................................................... 379
15.3 IP Static Route Screen ....................................................................................................383
15.3.1 Static Route Add/Edit Screen ................................................................................. 384
15.4 Policy Routing Technical Reference ................................................................................ 385
Chapter 16
Routing Protocols .................................................................................................................389
16.1 Routing Protocols Overview ............................................................................................ 389
16.1.1 What You Can Do in this Chapter .......................................................................... 389
16.1.2 What You Need to Know ........................................................................................ 389
16.2 The RIP Screen ... ... .... ... ... ... .... ... ................................................ ... .... ... ........................... 390
16.3 The OSPF Screen ............... .... ... ... ................................................ .... ... ... ........................391
16.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 395
16.3.2 OSPF Area Add/Edit Screen .................................................................................398
16.3.3 Virtual Link Add/Edit Screen ................................................................................. 399
16.4 Routing Protocol Technical Reference ............................................................................ 400
Chapter 17
Zones .....................................................................................................................................403
17.1 Zones Overview ...............................................................................................................403
17.1.1 What You Can Do in this Chapter .......................................................................... 403
17.1.2 What You Need to Know ........................................................................................ 404
17.2 The Zone Screen ..................................... ... ................................................ .... ... ..............405
17.3 Zone Edit ........................................................................................................................ 406
Chapter 18
DDNS......................................................................................................................................407
18.1 DDNS Overview .............................................................................................................. 407
18.1.1 What You Can Do in this Chapter .......................................................................... 407
18.1.2 What You Need to Know ........................................................................................ 407
18.2 The DDNS Screen ...........................................................................................................408
18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 410
Chapter 19
NAT.........................................................................................................................................413
19.1 NAT Overview .................................................................................................................. 413
19.1.1 What You Can Do in this Chapter .......................................................................... 413
19.1.2 What You Need to Know ........................................................................................ 414
19.2 The NAT Screen .................................. .... ... ... ... .... ................................................ ... ... ..... 414
18
ZyWALL USG 300 User’s Guide
Table of Contents
19.2.1 The NAT Add/Edit Screen . ... ... ... .... ........................................................................ 416
19.3 NAT Technical Reference ................................................................................................419
Chapter 20
HTTP Redirect......................................................................................................................423
20.1 Overview .......................................................................................................................... 423
20.1.1 What You Can Do in this Chapter .......................................................................... 423
20.1.2 What You Need to Know ........................................................................................ 424
20.2 The HTTP Redirect Screen ............................................................................................. 425
20.2.1 The HTTP Redirect Edit Screen ............................................................................. 426
Chapter 21
ALG ........................................................................................................................................427
21.1 ALG Overview ................................................................................................................. 427
21.1.1 What You Can Do in this Chapter .......................................................................... 427
21.1.2 What You Need to Know ........................................................................................ 428
21.1.3 Before You Begin ...................................................................................................431
21.2 The ALG Screen .............................................................................................................. 431
21.3 ALG Technical Reference ................................................................................................ 433
Chapter 22
IP/MAC Binding....................................................................................................................435
22.1 IP/MAC Binding Overview ............................................................................................... 435
22.1.1 What You Can Do in this Chapter .......................................................................... 435
22.1.2 What You Need to Know ........................................................................................ 436
22.2 IP/MAC Binding Summary ............................................................................................... 436
22.2.1 IP/MAC Binding Edit ............................................................................................... 437
22.2.2 Static DHCP Edit .................................................................................................... 438
22.3 IP/MAC Binding Exempt List ........................................................................................... 439
Chapter 23
Authentication Policy...........................................................................................................441
23.1 Overview .......................................................................................................................... 441
23.1.1 What You Can Do in this Chapter .......................................................................... 441
23.1.2 What You Need to Know ........................................................................................ 442
23.2 Authentication Policy Screen ........................................................................................... 442
23.2.1 Creating/Editing an Authentication Policy .............................................................. 445
Chapter 24
Firewall...................................................................................................................................449
24.1 Overview .......................................................................................................................... 449
24.1.1 What You Can Do in this Chapter .......................................................................... 449
24.1.2 What You Need to Know ........................................................................................ 450
ZyWALL USG 300 User’s Guide
19
Table of Contents
24.1.3 Firewall Rule Example Applications ....................................................................... 452
24.1.4 Firewall Rule Configuration Example ..................................................................... 455
24.2 The Firewall Screen ................. ... ... ... ... ................................................. ... ... .... ................. 457
24.2.1 Configuring the Firewall Screen ............................... .............................................. 458
24.2.2 The Firewall Add/Edit Screen ................................................................................. 461
24.3 The Session Limit Screen ................................................................................................462
24.3.1 The Session Limit Add/Edit Screen ........................................................................ 464
Chapter 25
IPSec VPN..............................................................................................................................467
25.1 IPSec VPN Overview .......................................................................................................467
25.1.1 What You Can Do in this Chapter .......................................................................... 467
25.1.2 What You Need to Know ........................................................................................ 468
25.1.3 Before You Begin ...................................................................................................470
25.2 The VPN Connection Screen .......................................................................................... 470
25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 472
25.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 479
25.3 The VPN Gateway Screen .............................................................................................. 482
25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 483
25.4 VPN Concentrator ..........................................................................................................491
25.4.1 IPSec VPN Concentrator Example ........................................................................ 491
25.4.2 VPN Concentrator Screen ...................................................................................... 494
25.4.3 The VPN Concentrator Add/Edit Screen .............................. .... ... ... ... .... ... ... ... ........494
25.5 IPSec VPN Background Information ............................................................................... 495
Chapter 26
SSL VPN.................................................................................................................................507
26.1 Overview .......................................................................................................................... 507
26.1.1 What You Can Do in this Chapter .......................................................................... 507
26.1.2 What You Need to Know ........................................................................................ 507
26.2 The SSL Access Privilege Screen ................................................................................... 510
26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 512
26.3 The SSL Global Setting Screen .................. ... ... .... ................................................ ... ... .... . 514
26.3.1 How to Upload a Custom Logo .............................................................................. 516
26.4 Establishing an SSL VPN Connection ............................................................................. 517
Chapter 27
SSL User Screens.................................................................................................................519
27.1 Overview .......................................................................................................................... 519
27.1.1 What You Need to Know ........................................................................................ 519
27.2 Remote User Login ..........................................................................................................520
27.3 The SSL VPN User Screens ................................................ ... ... ... .... ... ... ... .... ... ... ... ........525
27.4 Bookmarking the ZyWALL ............................................................................................... 526
20
ZyWALL USG 300 User’s Guide
Table of Contents
27.5 Logging Out of the SSL VPN User Screens ....................................................................526
Chapter 28
SSL User Application Screens ............................................................................................529
28.1 SSL User Application Screens Overview ........................................................................ 529
28.2 The Application Screen ...................................................................................................529
Chapter 29
SSL User File Sharing ..........................................................................................................531
29.1 Overview .......................................................................................................................... 531
29.1.1 What You Need to Know ........................................................................................ 531
29.2 The Main File Sharing Screen ......................................................................................... 532
29.3 Opening a File or Folder ................................... ....................................................... ........532
29.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 534
29.3.2 Saving a File ..........................................................................................................535
29.4 Creating a New Folder ......................... ....................... ....................... ...................... ........535
29.5 Renaming a File or Folder ............................................................................................... 536
29.6 Deleting a File or Folder ..................................................................................................536
29.7 Uploading a File ............................. ....................... ...................... ....................... .............. 537
Chapter 30
ZyWALL SecuExtender.........................................................................................................539
30.1 The ZyWALL SecuExtender Icon .................................................................................... 539
30.2 Statistics .......................................................................................................................... 540
30.3 View Log ..........................................................................................................................541
30.4 Suspend and Resume the Connection ....................... ..................................................... 541
30.5 Stop the Connection ........................................................................................................ 542
30.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 542
Chapter 31
L2TP VPN...............................................................................................................................543
31.1 Overview .......................................................................................................................... 543
31.1.1 What You Can Do in this Chapter .......................................................................... 543
31.1.2 What You Need to Know ........................................................................................ 543
31.2 L2TP VPN Screen ............... .... ... ... ................................................ .... ... ... ........................545
Chapter 32
Application Patrol.................................................................................................................547
32.1 Overview .......................................................................................................................... 547
32.1.1 What You Can Do in this Chapter .......................................................................... 547
32.1.2 What You Need to Know ....................................................................................... 548
32.1.3 Application Patrol Bandwidth Management Examples ........................................... 553
32.2 Application Patrol General Screen ..................................................................................557
ZyWALL USG 300 User’s Guide
21
Table of Contents
32.3 Application Patrol Applications ........................................................................................ 558
32.3.1 The Application Patrol Edit Screen ........................................................................ 559
32.3.2 The Application Patrol Policy Edit Screen ............................................................. 563
32.4 The Other Applications Screen ........................................................................................ 566
32.4.1 The Other Applications Add/Edit Screen ................................................................ 569
Chapter 33
Anti-Virus...............................................................................................................................573
33.1 Overview .......................................................................................................................... 573
33.1.1 What You Can Do in this Chapter .......................................................................... 573
33.1.2 What You Need to Know ........................................................................................ 574
33.1.3 Before You Begin ...................................................................................................576
33.2 Anti-Virus Summary Screen ............. ................................................. ... ... ... .... ... ... ... ... .... . 576
33.2.1 Anti-Virus Policy Add or Edit Screen ......................................................................579
33.3 Anti-Virus Black List .........................................................................................................581
33.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 582
33.5 Anti-Virus White List ...... ... ... .... ... ... ... ... .... ... ... ... ................................................. ... ... ... ..... 583
33.6 Signature Searching ........................................................................................................ 584
33.7 Anti-Virus Technical Reference ........................................................................................ 587
Chapter 34
IDP.........................................................................................................................................589
34.1 Overview .......................................................................................................................... 589
34.1.1 What You Can Do in this Chapter .......................................................................... 589
34.1.2 What You Need To Know ....................................................................................... 589
34.1.3 Before You Begin ...................................................................................................590
34.2 The IDP General Screen ................................................................................................. 591
34.3 Introducing IDP Profiles ................................................................................................. 593
34.3.1 Base Profiles ..........................................................................................................594
34.4 The Profile Summary Screen .......................................................................................... 595
34.5 Creating New Profiles ...................................................................................................... 596
34.5.1 Procedure To Create a New Profile ........................................................................ 596
34.6 Profiles: Packet Inspection ............................................................................................. 597
34.6.1 Profile > Group View Screen .................................................................................. 597
34.6.2 Policy Types ........................................................................................................... 600
34.6.3 IDP Service Groups ...............................................................................................601
34.6.4 Profile > Query View Screen .................................................................................. 602
34.6.5 Query Example ...................................................................................................... 605
34.7 Introducing IDP Custom Signatures ............................................................................... 607
34.7.1 IP Packet Header ...................................................................................................607
34.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 608
34.8.1 Creating or Editing a Custom Signature ................................................................ 610
34.8.2 Custom Signature Example ........................................... ... ..................................... 616
22
ZyWALL USG 300 User’s Guide
Table of Contents
34.8.3 Applying Custom Signatures ..................................................................................618
34.8.4 Verifying Custom Signatures .................................................................................. 619
34.9 IDP Technical Reference .................................................................................................620
Chapter 35
ADP .......................................................................................................................................623
35.1 Overview .......................................................................................................................... 623
35.1.1 ADP and IDP Comparison ..................................................................................... 623
35.1.2 What You Can Do in this Chapter ......................................................................... 623
35.1.3 What You Need To Know ....................................................................................... 623
35.1.4 Before You Begin ...................................................................................................624
35.2 The ADP General Screen ........................ ................................................... ..................... 6 25
35.3 The Profile Summary Screen .......................................................................................... 626
35.3.1 Base Profiles ..........................................................................................................627
35.3.2 Configuring The ADP Profile Summary Screen .....................................................627
35.3.3 Creating New ADP Profiles ............................ ........................................................ 628
35.3.4 Traffic Anomaly Profiles ........................................................................................ 628
35.3.5 Protocol Anomaly Profiles ................................... .... ... ... ... ..................................... 631
35.3.6 Protocol Anomaly Configuration ............................................................................. 631
35.4 ADP Technical Reference ................................................................................................ 635
Chapter 36
Content Filtering..................................................................................................................643
36.1 Overview .......................................................................................................................... 643
36.1.1 What You Can Do in this Chapter .......................................................................... 643
36.1.2 What You Need to Know ........................................................................................ 643
36.1.3 Before You Begin ...................................................................................................645
36.2 Content Filter General Screen .................... ....................................................... ..............645
36.3 Content Filter Policy Add or Edit Screen ......................................................................... 648
36.4 Content Filter Profile Screen ..........................................................................................650
36.5 Content Filter Categories Screen ................................................................................... 650
36.5.1 Content Filter Blocked and Warning Messages ..................................................... 662
36.6 Content Filter Customization Screen .............................................................................. 663
36.7 Content Filter Technical Reference ................................................................................. 665
Chapter 37
Content Filter Reports..........................................................................................................667
37.1 Overview .......................................................................................................................... 667
37.2 Viewing Content Filter Reports ............................................. ........................................... 667
Chapter 38
Anti-Spam..............................................................................................................................675
38.1 Overview .......................................................................................................................... 675
ZyWALL USG 300 User’s Guide
23
Table of Contents
38.1.1 What You Can Do in this Chapter .......................................................................... 675
38.1.2 What You Need to Know ........................................................................................ 675
38.2 Before You Begin ............................................................................................................. 677
38.3 The Anti-Spam General Screen ....................................................................................... 677
38.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 679
38.4 The Anti-Spam Black List Screen .................................................................................... 681
38.4.1 The Anti-Spam Black or White List Add/Edit Screen ...................................... ... .... . 683
38.4.2 Regular Expressions in Black or White List Entries ............................................... 684
38.5 The Anti-Spam White List Screen ....................................................................................685
38.6 The DNSBL Screen ......................................................................................................... 686
38.7 Anti-Spam Technical Reference ...................................................................................... 688
Chapter 39
Device HA..............................................................................................................................693
39.1 Overview .......................................................................................................................... 693
39.1.1 What You Can Do in this Chapter .......................................................................... 693
39.1.2 What You Need to Know ........................................................................................ 693
39.1.3 Before You Begin ...................................................................................................694
39.2 Device HA General ..........................................................................................................695
39.3 The Active-Passive Mode Screen ................................................................................... 696
39.3.1 Configuring Active-Passive Mode Device HA ........................................................698
39.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 701
39.5 The Legacy Mode Screen ............................................................................................... 703
39.6 Configuring the Legacy Mode Screen ........ ... ... .... ... ............................................. ... ... .... . 704
39.7 Device HA Technical Reference ...................................................................................... 708
Chapter 40
User/Group............................................................................................................................715
40.1 Overview .......................................................................................................................... 715
40.1.1 What You Can Do in this Chapter .......................................................................... 715
40.1.2 What You Need To Know ....................................................................................... 715
40.2 User Summary Screen .................................................................................................... 718
40.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 718
40.3 User Group Summary Screen ......................................................................................... 721
40.3.1 Group Add/Edit Screen .......................................................................................... 722
40.4 Setting Screen ................................................................................................................ 723
40.4.1 Default User Authentication Timeout Settings Edit Screens ..................................726
40.4.2 User Aware Login Example ............... ... ... .... ... ........................................................ 728
40.5 User /Group Technical Reference ................................................................................... 729
Chapter 41
Addresses.............................................................................................................................731
41.1 Overview .......................................................................................................................... 731
24
ZyWALL USG 300 User’s Guide
Table of Contents
41.1.1 What You Can Do in this Chapter .......................................................................... 731
41.1.2 What You Need To Know ....................................................................................... 731
41.2 Address Summary Screen ....................... ........................................................................ 731
41.2.1 Address Add/Edit Screen ....................................................................................... 733
41.3 Address Group Summary Screen ............................... ....................... ......................... ..... 734
41.3.1 Address Group Add/Edit Screen ............................................................................ 735
Chapter 42
Services.................................................................................................................................737
42.1 Overview .......................................................................................................................... 737
42.1.1 What You Can Do in this Chapter .......................................................................... 737
42.1.2 What You Need to Know ........................................................................................ 737
42.2 The Service Summary Screen ....................... .......................... .......................... .............. 738
42.2.1 The Service Add/Edit Screen ............................ ..................................................... 740
42.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... ................. 7 40
42.3.1 The Service Group Add/Edit Screen ...................................................................... 742
Chapter 43
Schedules..............................................................................................................................743
43.1 Overview .......................................................................................................................... 743
43.1.1 What You Can Do in this Chapter .......................................................................... 743
43.1.2 What You Need to Know ........................................................................................ 743
43.2 The Schedule Summary Screen ...................................................................................... 744
43.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 745
43.2.2 The Recurring Schedule Add/Edit Screen ............................................... ... ... ... .... . 746
Chapter 44
AAA Server...........................................................................................................................749
44.1 Overview .......................................................................................................................... 749
44.1.1 Directory Service (AD/LDAP) ................................................................ ................. 749
44.1.2 RADIUS Server ...................................................................................................... 750
44.1.3 ASAS ...................................................................................................................... 750
44.1.4 What You Can Do in this Chapter .......................................................................... 750
44.1.5 What You Need To Know ....................................................................................... 751
44.2 Active Directory or LDAP Server Summary ..................................................................... 753
44.2.1 Adding an Active Directory or LDAP Server ............. ............ ............. ............. ........ 753
44.3 RADIUS Server Summary ............................................................................................... 755
44.3.1 Adding a RADIUS Server ...................................................................................... 757
Chapter 45
Authentication Method.........................................................................................................759
45.1 Overview .......................................................................................................................... 759
45.1.1 What You Can Do in this Chapter .......................................................................... 759
ZyWALL USG 300 User’s Guide
25
Table of Contents
45.1.2 Before You Begin ...................................................................................................759
45.1.3 Example: Selecting a VPN Authentication Method ................................................ 759
45.2 Authentication Method Objects ...................................... .................................... .............. 760
45.2.1 Creating an Authentication Method Object ........................................... ... ... ... ... .... . 761
Chapter 46
Certificates ............................................................................................................................765
46.1 Overview .......................................................................................................................... 765
46.1.1 What You Can Do in this Chapter .......................................................................... 765
46.1.2 What You Need to Know ........................................................................................ 765
46.1.3 Verifying a Certificate .............................................................................................767
46.2 The My Certificates Screen ............................................................................................. 769
46.2.1 The My Certificates Add Screen ............................................................................ 770
46.2.2 The My Certificates Edit Screen ........... ............................................. .... ... ... ... ... .... . 775
46.2.3 The My Certificates Import Screen ........................................................................ 778
46.3 The Trusted Certificates Screen ..................................................................................... 779
46.3.1 The Trusted Certificates Edit Screen .................................................................... 780
46.3.2 The Trusted Certificates Import Screen ................................................................784
46.4 Certificates Technical Reference ..................................................................................... 785
Chapter 47
ISP Accounts.........................................................................................................................787
47.1 Overview .......................................................................................................................... 787
47.1.1 What You Can Do in this Chapter .......................................................................... 787
47.2 ISP Account Summary .................................................................................................... 787
47.2.1 ISP Account Edit ................................................................................................... 788
Chapter 48
SSL Application ....................................................................................................................791
48.1 Overview .......................................................................................................................... 791
48.1.1 What You Can Do in this Chapter .......................................................................... 791
48.1.2 What You Need to Know ........................................................................................ 791
48.1.3 Example: Specifying a Web Site for Access .......................................................... 792
48.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 793
48.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 794
48.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 796
Chapter 49
Endpoint Security.................................................................................................................799
26
49.1 Overview .......................................................................................................................... 799
49.1.1 What You Can Do in this Chapter .......................................................................... 800
49.1.2 What You Need to Know ........................................................................................ 800
49.2 Endpoint Security Screen ........ ................................................ ... ... .... ... ... ... .... ... ... ... ... .... . 801
ZyWALL USG 300 User’s Guide
Table of Contents
49.3 Endpoint Security Add/Edit .............................................................................................. 803
Chapter 50
System.................................................................................................................................809
50.1 Overview .......................................................................................................................... 809
50.1.1 What You Can Do in this Chapter .......................................................................... 809
50.2 Host Name ....................................................................................................................... 810
50.3 Date and Time .................................................................................................................811
50.3.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 813
50.3.2 Time Server Synchronization ................................................................................. 814
50.4 Console Port Speed ......................................................................................................... 815
50.5 DNS Overview ................................................................................................................. 815
50.5.1 DNS Server Address Assignment .......................................................................... 816
50.5.2 Configuring the DNS Screen ................................ .......................................... ........ 816
50.5.3 Address Record .................................................................................................... 819
50.5.4 PTR Record ........................................................................................................... 819
50.5.5 Adding an Address/PTR Record ............................................................................ 819
50.5.6 Domain Zone Forwarder ............... ............................................. ... ... .... ................. 820
50.5.7 Adding a Domain Zone Forwarder ................................. ........................................ 8 20
50.5.8 MX Record ............................................................................................................821
50.5.9 Adding a MX Record ..............................................................................................822
50.5.10 Adding a DNS Service Control Rule ................................................................... . 822
50.6 WWW Overview ..............................................................................................................823
50.6.1 Service Access Limitations .................................................................................... 824
50.6.2 System Timeout ..................................................................................................... 824
50.6.3 HTTPS ...................................................................................................................824
50.6.4 Configuring WWW Service Control ........................................................................ 825
50.6.5 Service Control Rules ............................................................................................ 829
50.6.6 Customizing the WWW Login Page ....................................................................... 829
50.6.7 HTTPS Example ....................................................................................................833
50.7 SSH .............................................................................................................................. 840
50.7.1 How SSH Works ......................................................... ... ... ... .... ... ... ........................ 841
50.7.2 SSH Implementation on the ZyWALL ..................................................................... 842
50.7.3 Requirements for Using SSH ................................................................................. 842
50.7.4 Configuring SSH ....................................................................................................842
50.7.5 Secure Telnet Using SSH Examples ...................................................................... 844
50.8 Telnet .............................................................................................................................. 845
50.8.1 Configuring Telnet .................................................................................................. 846
50.9 FTP ................................................................................................................................. 847
50.9.1 Configuring FTP .....................................................................................................847
50.10 SNMP ........................................................................................................................... 849
50.10.1 Supported MIBs ................................................................................................... 851
50.10.2 SNMP Traps ......................................................................................................... 851
ZyWALL USG 300 User’s Guide
27
Table of Contents
50.10.3 Configuring SNMP ............................................................................................... 851
50.11 Dial-in Management ..... ... ... .... ... ... ... ... ................................................. ... ... .....................853
50.11.1 Configuring Dial-in Mgmt ........................... ... ... ... .... ... ........................................... 854
50.12 Vantage CNM ...............................................................................................................855
50.12.1 Configuring Vantage CNM ................................................................................... 856
50.13 Language Screen .........................................................................................................858
Chapter 51
Log and Report ...................................................................................................................859
51.1 Overview .......................................................................................................................... 859
51.1.1 What You Can Do In this Chapter .......................................................................... 859
51.2 Email Daily Report ..........................................................................................................859
51.3 Log Setting Screens ....................................................................................................... 861
51.3.1 Log Setting Summary ............................................................................................. 862
51.3.2 Edit System Log Settings ......................................................................................863
51.3.3 Edit Remote Server Log Settings .......................................................................... 868
51.3.4 Active Log Summary Screen ................................ ............. .......... ............. ............. . 870
Chapter 52
File Manager.........................................................................................................................873
52.1 Overview .......................................................................................................................... 873
52.1.1 What You Can Do in this Chapter .......................................................................... 873
52.1.2 What you Need to Know ........................................................................................ 873
52.2 The Configuration File Screen .............................. ...................................................... .....876
52.3 The Firmware Package Screen ...................................................................................... 880
52.4 The Shell Script Screen .......................... ....................................................... .................882
Chapter 53
Diagnostics...........................................................................................................................885
53.1 Overview .......................................................................................................................... 885
53.1.1 What You Can Do in this Chapter .......................................................................... 885
53.2 The Diagnostic Screen ....................................................................................................885
53.3 The Packet Capture Screen ............................................................................................886
53.3.1 The Packet Capture Files Screen .......................................................................... 888
53.3.2 Example of Viewing a Packet Capture File .............................. ... ... ... .... ... ... ... ... .....889
Chapter 54
Reboot....................................................................................................................................891
54.1 Overview .......................................................................................................................... 891
54.1.1 What You Need To Know ....................................................................................... 891
54.2 The Reboot Screen .........................................................................................................891
Chapter 55
Shutdown...............................................................................................................................893
28
ZyWALL USG 300 User’s Guide
Table of Contents
55.1 Overview .......................................................................................................................... 893
55.1.1 What You Need To Know ....................................................................................... 893
55.2 The Shutdown Screen ..................................................................................................... 893
Chapter 56
Troubleshooting....................................................................................................................895
56.1 Resetting the ZyWALL .....................................................................................................912
56.2 Getting More Troubleshooting Help ................................................................................. 913
Chapter 57
Product Specifications.........................................................................................................915
57.1 3G PCMCIA Card Installation .................................. ........................................................ 921
Appendix A Log Descriptions...............................................................................................923
Appendix B Common Services.............................................................................................983
Appendix C Displaying Anti-Virus Alert Messages in Windows............................................987
Appendix D Importing Certificates........................................................................................993
Appendix E Wireless LANs ................................................................................................1019
Appendix F Open Software Announcements.....................................................................1035
Appendix G Legal Information............................................................................................1091
Index.....................................................................................................................................1095
ZyWALL USG 300 User’s Guide
29
Table of Contents
30
ZyWALL USG 300 User’s Guide