ZyXEL Communications VGN-FE800, VGN-C User Manual

ZyWALL USG 100/200
Series

Unified Security Gateway

User’s Guide

Version 2.10
5/2008
Edition 1

DEFAULT LOGIN

LAN1 Port P4
IP Address http://192.168.1.1
User Name admin
Password 1234

www.zyxel.com

About This User's Guide

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL using the web
configurator.

How To Use This Guide

•Read Chapter 1 on page 53 chapter for an overview of features available on the ZyWALL.

•Read Chapter 3 on page 65 for web browser requirements and an introduction to the main
components, icons and menus in the ZyWALL web configurator.

•Read Chapter 4 on page 75 if you’re using the wizards for first time setup and you want
more detailed information than what the real time online help provides.

• It is highly recommended you read Chapter 5 on page 109 for detailed information on
essential terms used in the ZyWALL, what prerequisites are needed to configure a feature
and how to use that feature.

• It is highly recommended you read Chapter 6 on page 125 for ZyWALL application
examples.

• Subsequent chapters are arranged by menu item as defined in the web configurator. Read
each chapter carefully for detailed information on that menu item.

• To find specific information in this guide, use the Contents Overview, the Table of
Contents, the Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you
cannot find the information you require.

Related Documentation

• Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL hardware

connections, rack mounting and access the web configurator wizards. (See the wizard real
time help for information on configuring each screen.) It contains a connection diagram,
default settings, handy checklists and information on setting up your network and
configuring for Internet access.

• Configuration Reference Card
See this handy reference card to see what prerequisites are needed to configure a feature

and how to use this feature in the ZyWALL.

• CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to

configure the ZyWALL.

" It is recommended you use the web configurator to configure the ZyWALL.

• Web Configurator Online Help

ZyWALL USG 100/200 Series User’s Guide

3

About This User's Guide

Click the help icon in any screen for help in configuring that screen and supplementary
information.

• Supporting Disk
Refer to the included CD for support documents.

• ZyXEL Web Site
Please refer to www.zyxel.com

certifications.

User Guide Feedback

Help us help you. Send all User Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!

The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.

E-mail: techwriters@zyxel.com.tw

for additional support documentation and product

4

ZyWALL USG 100/200 Series User’s Guide

Document Conventions

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL USG 100 and ZyWALL USG 200 may be referred to as the “ZyWALL”,
the “device”, the “system” or the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key.
“Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example,
Maintenance > Log > Log Setting means you first click Maintenance in the navigation
panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

ZyWALL USG 100/200 Series User’s Guide

5

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an
exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

6

ZyWALL USG 100/200 Series User’s Guide

Safety Warnings

Safety Warnings

1 For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug
to the power adaptor first before connecting it to a power outlet.

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED
BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO
THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling
of electrical and electronic equipment. For detailed information about recycling of this
product, please contact your local city offi ce, your household waste disposal service or the
store where you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.

This product is recyclable. Dispose of it properly.

ZyWALL USG 100/200 Series User’s Guide

7

Safety Warnings

8

ZyWALL USG 100/200 Series User’s Guide

Contents Overview

Contents Overview

Getting Started .......................................................................................................................51

Introducing the ZyWALL ............................................................................................................ 53

Features and Applications ......................................................................................................... 57

Web Configurator ............................................. ... ... ... .... ............................................................. 65

Wizard Setup ............................................................................................................................. 75

Configuration Basics .............. ... ... .......................................................... .... ... ... ... .... ... ... ... ........109

Tutorials ...................................................................................................................................125

Status ...................................................................................................................................... 171

Registration ............................................................................................................................. 185

Signature Update ..................................................................................................................... 191

Network .................................................................................................................................197

Interface .................................... ....................... ...................... ....................... ........................... 199

Trunks .................................................... .......................................... ........................................ 269

Policy and Static Routes .......................................................................................................... 277

Routing Protocols .................................................................................................................... 287

Zones ...................................................................................................................................... 299

DDNS ...................................................................................................................................... 303

Virtual Servers .........................................................................................................................309

HTTP Redirect ........................................................................................................................321

ALG ......................................................................................................................................... 325

Firewall ..................................................................................................................................333

Firewall .................................................................................................................................. 335

VPN ........................................................................................................................................349

IPSec VPN ................... ... ........................................................... ... ... ... ... .................................. 351

SSL VPN .................................................................................................................................385

SSL User Screens ................................................................................................................... 395

SSL User Application Screens ................................................................................................ 401

SSL User File Sharing ............................................................................................................. 403

L2TP VPN ................................................................................................................................ 409

L2TP VPN Example ................................................................................................................. 415

Application Patrol ................................................................................................................441

Application Patrol ..................................................................................................................... 443

ZyWALL USG 100/200 Series User’s Guide

9

Contents Overview

Anti-X ....................................................................................................................................467

Anti-Virus ................................................................................................................................. 469

IDP ..........................................................................................................................................483

ADP ........................................................................................................................................ 513

Content Filtering .............................. ... ... ... ... .... ... ... .................................................................. 531

Content Filter Reports .... .... ..................................................................................................... 551

Anti-Spam ................................................................................................................................ 559

Device HA .............................................................................................................................573

Device HA ............................................................................................................................... 575

Objects ..................................................................................................................................591

User/Group .............................................................................................................................. 593

Addresses ............................................................................................................................... 607

Services ................................. ....................................................... ........................................... 613

Schedules ................................. ................................................. .............................................. 619

AAA Server ............................................................................................................................. 625

Authentication Method ........................................................................................................ ..... 635

Certificates ................................... ....................... ....................... ...................... ........................ 639

SSL Application ....................................................................................................................... 657

System ..................................................................................................................................663

System ................................................................................................................................... 665

Maintenance, Troubleshooting, & Specifications .............................................................703

File Manager ........................................................................................................................... 705

Logs ........................................................................................................................................ 715

Reports ................................................................................................................................... 727

Diagnostics .............................................................................................................................741

Reboot ..................................................................................................................................... 743

Troubleshooting ..................................................... .................................................................. 745

Product Specifications ............................................................................................................. 749

Appendices and Index .........................................................................................................757

10

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................5

Safety Warnings ........................................................................................................................7

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

List of Figures.........................................................................................................................29

List of Tables...........................................................................................................................43

Part I: Getting Started............................................................................ 51

Chapter 1

Introducing the ZyWALL ........................................................................................................53

1.1 Overview and Key Default Settings ..................................................................................... 53

1.2 Front Panel LEDs .................................. .... ... ... ... .... ... ... ... .................................................... 53

1.3 Management Overview .......... .... ... ... ............................................................. .... ... ................54

1.4 Starting and Stopping the ZyWALL ...................................................... ... ... ... .... ... ... ... ... .... ... 55

Chapter 2

Features and Applications.....................................................................................................57

2.1 Features ... ... .... .......................................................... ... ... .... ... ... .......................................... 57

2.2 Packet Flow ........... .......................................................... .... ... ... ... ... .................................... 59

2.2.1 Interface to Interface (Through ZyWALL) ................................................................... 59

2.2.2 Interface to Interface (To/From ZyWALL) ................... ................................................ 60

2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 60

2.2.4 Interface to Interface (To VPN Tunnel) ....................................................................... 60

2.3 Applications ............................... ... ... ... .......................................................... .... ... ... .............60

2.3.1 VPN Connectivity ................................... ... .... ... ... ....................................................... 60

2.3.2 SSL VPN Network Access .................................. ... .... ................................................ 61

2.3.3 User-Aware Access Control ....................................................................................... 62

2.3.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ....................................................... 62

2.3.5 Device HA ........................................... ... ... .... ... ... ....................................................... 63

Chapter 3

Web Configurator....................................................................................................................65

ZyWALL USG 100/200 Series User’s Guide

11

Table of Contents

3.1 Web Configurator Requirements ......................................................................................... 65

3.2 Web Configurator Access ....................................................................................................65

3.3 Web Configurator Main Screen ...........................................................................................67

3.3.1 Title Bar ............................................ ... ... ... .... ... ... ... .................................................... 67

3.3.2 Navigation Panel ....................... ... .... ..........................................................................68

3.3.3 Main Window .......................... ... .......................................................... .... ... ... ... ... .......72

3.3.4 Message Bar ................ .... ... .......................................................... ... ... .... ... ................72

Chapter 4

Wizard Setup...........................................................................................................................75

4.1 Wizard Setup Overview ....................................................................................................... 75

4.2 Installation Setup, One ISP .................................................................................................76

4.3 Step 1 Internet Access ........................................... ... .......................................................... 77

4.3.1 Ethernet: Auto IP Address Assignment ...................................................................... 77

4.3.2 Ethernet: Static IP Address Assignment ............................................. .... ... ... ... ... .... ... 78

4.3.3 Step 2 Internet Access Ethernet ................................................... ... ... .... ... ... ... ..........79

4.3.4 PPPoE: Auto IP Address Assignment ........................................................................ 81

4.3.5 PPPoE: Static IP Address Assignment ...................................................................... 82

4.3.6 Step 2 Internet Access PPPoE ..................................................................................84

4.3.7 PPTP: Auto IP Address Assignment .......................................................................... 85

4.3.8 PPTP: Static IP Address Assignment ......................................................................... 88

4.3.9 Step 2 Internet Access PPTP ................... .... ... ... ... .... ... ... ... ... .................................... 89

4.3.10 Step 4 Internet Access - Finish ............................................................................... 90

4.4 Device Registration ..........................................................................................................91

4.5 Installation Setup, Two Internet Service Providers .............................................................. 92

4.5.1 Internet Access Wizard Setup Complete ................................................................... 94

4.6 VPN Setup ....................................... ... ... .... ... .......................................................... .............94

4.7 VPN Wizards ...................................................................................................................... 95

4.7.1 VPN Express Wizard .................................................................................................. 95

4.8 VPN Express Wizard - Remote Gateway ........................................................................... 96

4.8.1 VPN Express Wizard - Policy Setting ........................................................................ 97

4.8.2 VPN Express Wizard - Summary .................................................... ... .... ... ................98

4.8.3 VPN Express Wizard - Finish ....................................................................................99

4.8.4 VPN Advanced Wizard ........................ ... ... .......................................................... .... . 100

4.8.5 VPN Advanced Wizard - Remote Gateway ........... ............. ............. ............. .......... . 101

4.8.6 VPN Advanced Wizard - Phase 1 ........................................................................... 102

4.8.7 VPN Advanced Wizard - Phase 2 ........................................................................... 105

4.8.8 VPN Advanced Wizard - Summary .........................................................................106

4.8.9 VPN Advanced Wizard - Finish ............................................................................... 106

Chapter 5

Configuration Basics............................................................................................................109

5.1 Object-based Configuration ............................................................................................... 109

12

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

5.2 Zones, Interfaces, and Physical Ports ................................................................................110

5.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .........................110

5.2.2 Default Interface and Zone Configuration .................................................................111

5.3 Terminology in the ZyWALL ................................................................................................112

5.4 Feature Configuration Overview ........................................................................................113

5.4.1 Feature ................................................... ... .... ... ... ... ...................................................113

5.4.2 Interface ........................................... ... ... ... .... ... .........................................................114

5.4.3 Trunks .................................... ... ... .... ... ... ... .......................................................... ......114

5.4.4 IPSec VPN .......................................... ... .......................................................... ... .... ..114

5.4.5 SSL VPN ................... ... .......................................................... .... ... ............................115

5.4.6 L2TP VPN ........................................... ... ... .......................................................... .... ..115

5.4.7 Zones ........................................ ... ........................................................... ... ...............115

5.4.8 Device HA ........................................... ... ... .... ... .........................................................115

5.4.9 DDNS .............. .... ... ... ... .... ... ... .......................................................... ... ......................116

5.4.10 Policy Routes ..........................................................................................................116

5.4.11 Static Routes ...........................................................................................................117

5.4.12 Firewall ....................................................................................................................117

5.4.13 Application Patrol ....................................................................................................118

5.4.14 Anti-Virus .................................................................................................................118

5.4.15 IDP ..........................................................................................................................118

5.4.16 ADP .........................................................................................................................119

5.4.17 Content Filter ...........................................................................................................119

5.4.18 Anti-Spam ................................................................................................................119

5.4.19 Virtual Server (Port Forwarding) .......... ... .... ... ......................................................... 119

5.4.20 HTTP Redirect .......................................................................................................120

5.4.21 ALG ........................................................................................................................ 120

5.5 Objects .. ... ... .... .......................................................... ... ... .... ... ........................................... 121

5.5.1 User/Group ....................... ... ... .......................................................... ... .... ... ... ...........121

5.6 System Management and Maintenance ............................................................................122

5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .................. 122

5.6.2 File Manager ............................................. .... ... ... ... .... ... ... ... ... .... .............................. 122

5.6.3 Licensing Registration ......................................... ... .... ... ... ... ... .................................. 123

5.6.4 Licensing Update ......... .... ... ... ... ... .... ... .......................................................... ... ... .... . 123

5.6.5 Logs and Reports .....................................................................................................123

5.6.6 Diagnostics ................ ... .... ... ... ... ... ........................................................... ... ... ...........123

Chapter 6

Tutorials.................................................................................................................................125

6.1 How to Configure Ethernet Interfaces and Port Roles ....................................................... 125

6.1.1 How to Configure a WAN Ethernet Interface ............................................................ 125

6.1.2 How to Configure the OPT Interface for a Local Network ........................................ 126

6.1.3 How to Configure Port Roles ............................... ............. ............. ............. ............. . 128

6.2 How to Configure a Cellular Interface . ... .... ... ... ... .... ... ... ... .... .............................................. 129

ZyWALL USG 100/200 Series User’s Guide

13

Table of Contents

6.3 How to Set Up a WLAN Interface ...................................................................................... 131

6.3.1 How to Set Up User Accounts .................................................................................. 131

6.3.2 How to Create the WLAN Interface .......................................................................... 132

6.3.3 How to Set Up the Wireless Clients to Use the WLAN Interface .............................134

6.4 How to Set Up an IPSec VPN ...........................................................................................144

6.4.1 How to Set Up the VPN Gateway ............................................................................ 144

6.4.2 How to Set Up the VPN Connection ........................................................................145

6.4.3 How to Set Up the Policy Route for the VPN Tunnel .................... ... ........................146

6.4.4 How to Configure Security Policies for the VPN Tunnel ...........................................147

6.5 How to Configure User-aware Access Control .................................................................. 148

6.5.1 How to Set Up User Accounts .................................................................................. 148

6.5.2 How to Set Up User Groups .......................... ................... ................... ................ ..... 148

6.5.3 How to Set Up User Authentication Using the RADIUS Server ............................... 149

6.5.4 How to Set Up Web Surfing Policies With Bandwidth Restrictions .......................... 150

6.5.5 How to Set Up MSN Policies .................. ............. ............. ............. ............. ............. . 152

6.5.6 How to Set Up Firewall Rules .................................................................................. 153

6.6 How to Configure Load Balancing ..................................................................................... 154

6.6.1 How to Set Up Available Bandwidth on Ethernet Interfaces .................................... 155

6.6.2 How to Configure the Load Balancing in the WAN Trunk ........................................ 155

6.7 How to Configure Service Control .....................................................................................156

6.7.1 How to Allow HTTPS Administrator Access Only From the LAN ............................. 156

6.8 How to Allow Incoming H.323 Peer-to-peer Calls ........ ..................................................... 1 59

6.8.1 How to Turn On the ALG .......................................................................................... 160

6.8.2 How to Set Up a Virtual Server Policy For H.323 ..................................................... 160

6.8.3 How to Set Up a Firewall Rule For H.323 .............................. .... ... ... ... .... ... ... ... ........161

6.9 How to Use Device HA ...................................................................................................... 162

6.9.1 Before You Start ..... ... ... .... ... ... ... .......................................................... .... ... ... ... ... .....163

6.9.2 How to Configure Device HA on the Master ZyWALL .............................................. 163

6.9.3 How to Configure the Backup ZyWALL ....................................................................165

6.9.4 How to Deploy the Backup ZyWALL ........................................................................166

6.9.5 How to Check Your Device HA Setup .............................. ... ... .... .............................. 166

6.10 How to Allow Public Access to a Server ..........................................................................167

6.10.1 How to Create the Address Objects ....................................................................... 167

6.10.2 How to Configure a Virtual Server ..........................................................................168

Chapter 7

Status....................................................................................................................................171

7.1 Overview ............. .......................................................... ... .... ... ... ........................................ 171

7.1.1 What You Can Do in the Status Screens .................................................................. 171

7.2 The Status Screen .............................................................................................................171

7.2.1 The CPU Usage Screen ........................................................................................... 175

7.2.2 The Memory Usage Screen ............................................. ... ..................................... 176

7.2.3 The Session Usage Screen ............. ... ... ... .... ... ... ... .... .............................................. 177

14

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

7.2.4 The VPN Status Screen ................... ... .......................................................... ... ... .... . 178

7.2.5 The DHCP Table Screen ..........................................................................................179

7.2.6 The Port Statistics Screen ................ ... ... ... .... ... ... ... .... .............................................. 180

7.2.7 The Port Statistics Graph Screen .................. ... ... ... .................................................. 181

7.2.8 The Current Users Screen ............................................... ... ... .... ... ... ........................ 182

7.2.9 The Cellular Status Detail Screen ............................................................................183

Chapter 8

Registration...........................................................................................................................185

8.1 Overview ............. .......................................................... ... .... ... ... ........................................ 185

8.1.1 What You Can Do in the Registration Screens ........................................................185

8.1.2 What you Need to Know About Service Registration .............................. ................. 185

8.2 The Registration Screen ....................................................................................................186

8.3 The Service Screen ...... .......................................................... ... ... ... .... ... ...........................189

Chapter 9

Signature Update..................................................................................................................191

9.1 Overview ............. .......................................................... ... .... ... ... ........................................ 191

9.1.1 What You Can Do in the Update Screens .................................................. ..............191

9.1.2 What you Need to Know About Signature Updates ................................................. 191

9.2 The Antivirus Update Screen ............................................................................................. 191

9.3 The IDP/AppPatrol Update Screen ............................... ....................... ...................... ........ 193

9.4 The System Protect Update Screen .................................................................................194

Part II: Network..................................................................................... 197

Chapter 10

Interface.................................................................................................................................199

10.1 Interface Overview ........................................................................................................... 199

10.1.1 What You Can Do in the Interface Screens .................... ... ..................................... 199

10.1.2 What You Need to Know About Interfaces .............................................................200

10.2 The Interface Status Screen ............................................................................................ 202

10.3 The Port Role Screen ......................................................................................................205

10.4 The Ethernet Summary Screen ............... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ..............206

10.4.1 The Ethernet Edit Screen ..... ... ... .... ... ... ... .... ........................................................... 207

10.5 Interface Wizards ............................................................................................................. 214

10.5.1 Interface Wizard: OPT Interface First Screen ........................................................ 214

10.5.2 Interface Wizard: WAN Type ............. ................................................................ ..... 215

10.5.3 Interface Wizard: Non-WAN OPT Interface Setup ................................................. 215

10.5.4 Interface Wizard: WAN Zone and IP Address Assignment .................................... 216

10.5.5 Interface Wizard: WAN ISP Connection Settings ................................................... 217

ZyWALL USG 100/200 Series User’s Guide

15

Table of Contents

10.5.6 Interface Wizard: Summary (Non-WAN) ..................... ... ... ... .... ... ... ... .... .................219

10.5.7 Interface Wizard: Summary (WAN) ........................................................................ 219

10.6 The PPP Interfaces Screen .............................................................................................221

10.6.1 PPP Interface Edit Screen ..................................................................................... 222

10.7 Cellular Configuration Screen (3G) ................................................................................. 226

10.7.1 Cellular Add/Edit Screen ......................... ............................................................... 2 28

10.8 Cellular Status Screen .....................................................................................................231

10.9 WLAN Interface General Screen ..................................................................................... 233

10.9.1 WLAN Add/Edit Screen .. ... ... ... ... .... ........................................................................235

10.9.2 WLAN Add/Edit Screen: WEP Security .................................................................. 241

10.9.3 WLAN Add/Edit Screen: WPA-PSK/WPA2-PSK Security ...................................... 242

10.9.4 WLAN Add/Edit Screen: WPA/WPA2 Security ......................................... .............. 2 43

10.10 WLAN Interface MAC Filter Screen ............................................................................... 245

10.10.1 MAC Filter Add/Edit Screen ................................................................................. 245

10.11 WLAN Interface Station Monitor Screen ........................................................................246

10.12 VLAN Interface Screen .................................................................................................. 247

10.12.1 Configuring the VLAN Summary Screen ................... ............. ............. ............ ..... 2 49

10.12.2 Configuring the VLAN Add/Edit Screen ............................................................... 250

10.13 Bridge Interface Screen .................................................................................................255

10.13.1 Configuring the Bridge Summary Screen ............................................................. 256

10.13.2 Configuring the Bridge Add/Edit Screen ..............................................................257

10.14 Auxiliary Interface Screen ............................... ....................... ....................... ................. 261

10.15 Virtual Interface Screen .................................................................................................263

10.16 Interface Technical Reference ....................................................................................... 265

Chapter 11

Trunks ....................................................................................................................................269

11.1 Overview ..........................................................................................................................269

11.1.1 What You Can Do in the Trunk Screens ................................................................ . 269

11.1.2 What you Need to Know About Trunks ..................................................................269

11.2 The Trunk Summary Screen ............................................................................................272

11.2.1 The Trunk Edit Screen ........................................................................................... 273

11.3 Trunk Technical Reference .............................................................................................. 275

Chapter 12

Policy and Static Routes......................................................................................................277

12.1 Policy and Static Routes Overview .................................................................................. 277

12.1.1 What You Can Do in the Policy and Static Route Screens ..................................... 278

12.1.2 What You Need to Know About Policy and Static Routing ..................................... 278

12.2 Policy Route Screen ........................................................................................................ 279

12.2.1 Policy Route Edit Screen ....................................................................................... 281

12.3 IP Static Route Screen ....................................................................................................283

12.3.1 Static Route Add/Edit Screen .................................................................................284

16

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

12.4 Policy Routing Technical Reference ................................................................................ 285

Chapter 13

Routing Protocols .................................................................................................................287

13.1 Routing Protocols Overview ............................................................................................287

13.1.1 What You Can Do in the RIP and OSPF Screens ....................................... ... ... .... . 287

13.1.2 What You Need to Know About Routing Protocols ................................................287

13.2 The RIP Screen ................ ... .... ... ... ... ... .... ... ... ............................................................. ..... 288

13.3 The OSPF Screen ................................................................................................... ... .....289

13.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 292

13.3.2 OSPF Area Add/Edit Screen ................................................................................. 293

13.4 Routing Protocol Technical Reference ............................................................................295

Chapter 14

Zones ....................................................................................................................................299

14.1 Zones Overview ............................................................................................................... 299

14.1.1 What You Can Do in the Zones Screens ................................................................ 299

14.1.2 What You Need to Know About Zones ................................................................... 300

14.2 The Zone Screen .................................................. ........................................................... 300

14.2.1 The Zone Edit Screen ....................................................... ... .... ... ... ... .... ... ... ... ... .....301

Chapter 15

DDNS......................................................................................................................................303

15.1 DDNS Overview ..............................................................................................................303

15.1.1 What You Can Do in the DDNS Screens ............................................................... 303

15.1.2 What You Need to Know About DDNS ...................................................................303

15.2 The DDNS Screen ...........................................................................................................304

15.2.1 The Dynamic DNS Add/Edit Screen ......................................................................305

15.3 The DDNS Status Screen ................................................................................................ 307

Chapter 16

Virtual Servers.......................................................................................................................309

16.1 Virtual Servers Overview ................................................................................................. 309

16.1.1 What You Can Do in the Virtual Server Screens .................................................... 309

16.1.2 What You Need to Know About Virtual Servers ..................................................... 309

16.2 The Virtual Server Screen ............................................................................................... 310

16.2.1 The Virtual Server Add/Edit Screen ........................................................................311

16.3 NAT 1:1 and NAT Loopback Examples ........................................................................... 313

Chapter 17

HTTP Redirect......................................................................................................................321

17.1 Overview .......................................................................................................................... 321

17.1.1 What You Can Do in the HTTP Redirect Screens .................................................. 321

ZyWALL USG 100/200 Series User’s Guide

17

Table of Contents

17.1.2 What You Need to Know About HTTP Redirect ..................................................... 322

17.2 The HTTP Redirect Screen ............................................................................................. 322

17.2.1 The HTTP Redirect Edit Screen .............................................................................323

Chapter 18

ALG ........................................................................................................................................325

18.1 ALG Overview .................................................................................................................325

18.1.1 What You Can Do in the ALG Screen .................................................................... 325

18.1.2 What You Need to Know About ALG ..................................................................... 326

18.1.3 Before You Begin ...................................................................................................328

18.2 The ALG Screen ..............................................................................................................328

18.3 ALG Technical Reference ................................................................................................330

Part III: Firewall .................................................................................... 333

Chapter 19

Firewall.................................................................................................................................335

19.1 Overview .......................................................................................................................... 335

19.1.1 What You Can Do in the Firewall Screens ............................................................. 335

19.1.2 What You Need to Know About the Firewall ..........................................................336

19.1.3 Firewall Rule Example Applications ....................................................................... 338

19.1.4 Firewall Rule Configuration Example ..................................................................... 340

19.2 The Firewall Screen ................. ... ... ... ... .............................................................. ... ... ........343

19.2.1 Configuring the Firewall Screen ............................... .............................................. 343

19.2.2 The Firewall Edit Screen ....................................................................................... . 346

Part IV: VPN .......................................................................................... 349

Chapter 20

IPSec VPN..............................................................................................................................351

20.1 IPSec VPN Overview ....................................................................................................... 351

20.1.1 What You Can Do in the IPSec VPN Screens ........................................................ 351

20.1.2 What You Need to Know About IPSec VPN ........................................................... 352

20.1.3 Before You Begin ...................................................................................................352

20.2 The VPN Connection Screen ..........................................................................................353

20.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 355

20.2.2 The VPN Connection Add/Edit Manual Key Screen ..............................................360

20.3 The VPN Gateway Screen ..............................................................................................363

20.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 364

20.4 The VPN Concentrator Screen ........................................................................................369

18

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

20.4.1 The VPN Concentrator Add/Edit Screen ........................................... .... ... ... ... ... .... . 370

20.5 The SA Monitor Screen ..................................................................................................371

20.6 IPSec VPN Background Information ............................................................................... 373

Chapter 21

SSL VPN.................................................................................................................................385

21.1 Overview .......................................................................................................................... 385

21.1.1 What You Can Do in the SSL VPN Screens ..........................................................385

21.1.2 What You Need to Know About SSL VPN ..............................................................385

21.2 The SSL Access Privilege Screen ................................................................................... 387

21.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 387

21.3 The SSL Connection Monitor Screen ..............................................................................389

21.4 The SSL Global Setting Screen .................. ... ... .... ........................................................... 390

21.4.1 How to Upload a Custom Logo .............................................................................. 392

21.5 Establishing an SSL VPN Connection ............................................................................. 392

Chapter 22

SSL User Screens.................................................................................................................395

22.1 Overview .......................................................................................................................... 395

22.1.1 What You Need to Know About the SSL User Screens .........................................395

22.2 Remote User Login .......................................................................................................... 396

22.3 The SSL VPN User Screens ...... ... ... ... .... ............................................................. ... ........398

22.4 Bookmarking the ZyWALL ...............................................................................................399

22.5 Logging Out of the SSL VPN User Screens .................................................................... 399

Chapter 23

SSL User Application Screens ............................................................................................401

23.1 SSL User Application Screens Overview ........................................................................401

23.2 The Application Screen ....... .... ... ... ... ... ............................................................................401

Chapter 24

SSL User File Sharing ..........................................................................................................403

24.1 Overview .......................................................................................................................... 403

24.1.1 What You Need to Know About the SSL VPN File Sharing ................................... 403

24.2 The Main File Sharing Screen ......................................................................................... 403

24.3 Opening a File or Folder ................................... ....................................................... ........404

24.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 405

24.3.2 Saving a File .......................................................................................................... 405

24.4 Creating a New Folder ......................... ....................... ....................... ...................... ........406

24.5 Renaming a File or Folder ............................................................................................... 406

24.6 Deleting a File or Folder ..................................................................................................407

24.7 Uploading a File ............................. ....................... ...................... ....................... .............. 408

ZyWALL USG 100/200 Series User’s Guide

19

Table of Contents

Chapter 25

L2TP VPN...............................................................................................................................409

25.1 Overview .......................................................................................................................... 409

25.1.1 What You Can Do in the L2TP VPN Screens ......................................................... 409

25.1.2 What You Need to Know About L2TP VPN ................................................. ........... 409

25.2 L2TP VPN Screen ................................................................................................... ... ......411

25.3 L2TP VPN Session Monitor Screen ................................................................................ 412

Chapter 26

L2TP VPN Example...............................................................................................................415

26.1 L2TP VPN Example ....................... ... ... .... ... ... ... .... ... ... ..................................................... 415

26.2 Configuring the Default L2TP VPN Gateway Example .................................................... 415

26.3 Configuring the Default L2TP VPN Connection Example ................................................ 416

26.4 Configuring the L2TP VPN Settings Example ................................................................. 418

26.5 Configuring the Policy Route for L2TP Example ............................................................. 418

26.6 Configuring L2TP VPN in Windows XP and 2000 ...........................................................419

26.6.1 Configuring L2TP in Windows XP .......................................................................... 419

26.6.2 Configuring L2TP in Windows 2000 ............................................... ... .... ... ... ... ... .... . 425

Part V: Application Patrol.................................................................... 441

Chapter 27

Application Patrol.................................................................................................................443

27.1 Overview .......................................................................................................................... 443

27.1.1 What You Can Do in the Application Patrol Screens .............................................. 443

27.1.2 What You Need to Know About Application Patrol ................................................ 444

27.1.3 Application Patrol Bandwidth Management Examples ........................................... 448

27.2 Application Patrol General Screen .................................................................................. 451

27.3 Application Patrol Applications ........................................................................................ 453

27.3.1 The Application Patrol Edit Screen ........................................................................454

27.3.2 The Application Patrol Policy Edit Screen .............................................................456

27.4 The Other Applications Screen ........................................................................................458

27.4.1 The Other Applications Add/Edit Screen ................................................................ 460

27.5 Application Patrol Statistics .............................................................................................462

27.5.1 Application Patrol Statistics: General Setup ................... ... ... .... ... ... ... .... ... ... ...........462

27.5.2 Application Patrol Statistics: Bandwidth Statistics .......................................... ... .... . 463

27.5.3 Application Patrol Statistics: Protocol Statistics .....................................................464

Part VI: Anti-X....................................................................................... 467

20

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Chapter 28

Anti-Virus...............................................................................................................................469

28.1 Overview .......................................................................................................................... 469

28.1.1 What You Can Do in the Anti-Virus Screens ..........................................................469

28.1.2 What You Need to Know About Anti-Virus ............................................................. 470

28.1.3 Before You Begin ...................................................................................................471

28.2 Anti-Virus Summary Screen ............................................................................................ 4 71

28.2.1 Anti-Virus Policy Add or Edit Screen ...................................................................... 473

28.3 Anti-Virus Black List ......................................................................................................... 475

28.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 476

28.5 Anti-Virus White List ................................ ... ... ... .... ... ... ... .................................................. 477

28.6 Signature Searching ........................................................................................................ 478

28.7 Anti-Virus Technical Reference ........................................................................................480

Chapter 29

IDP.........................................................................................................................................483

29.1 Overview .......................................................................................................................... 483

29.1.1 What You Can Do Using the IDP Screens ........................... .... ... ... ... .... ... ..............483

29.1.2 What You Need To Know About IDP ......................................................................483

29.1.3 Before You Begin ...................................................................................................484

29.2 The IDP General Screen .................................................................................................484

29.2.1 Configuring IDP Policies ........................................................................................ 486

29.3 Introducing IDP Profiles .................................................................................................487

29.3.1 Base Profiles .......................................................................................................... 487

29.4 The Profile Summary Screen .......................................................................................... 488

29.5 Creating New Profiles ......................................................................................................489

29.5.1 Procedure To Create a New Profile ........................................................................489

29.6 Profiles: Packet Inspection .............................................................................................490

29.6.1 Profile > Group View Screen .................................................................................. 490

29.6.2 Policy Types ...........................................................................................................493

29.6.3 IDP Service Groups ............................................................................................... 494

29.6.4 Profile > Query View Screen ..................................................................................495

29.6.5 Query Example ...................................................................................................... 497

29.7 Introducing IDP Custom Signatures ...............................................................................498

29.7.1 IP Packet Header ................................................................................................... 498

29.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 500

29.8.1 Creating or Editing a Custom Signature ................................................................ 501

29.8.2 Custom Signature Example ........................................... ... ..................................... 505

29.8.3 Applying Custom Signatures .................................................................................. 508

29.8.4 Verifying Custom Signatures ..................................................................................508

29.9 IDP Technical Reference .................................................................................................509

ZyWALL USG 100/200 Series User’s Guide

21

Table of Contents

Chapter 30

ADP .......................................................................................................................................513

30.1 Overview .......................................................................................................................... 513

30.1.1 ADP and IDP Comparison .....................................................................................513

30.1.2 What You Can Do Using the ADP Screens ........................................................... 513

30.1.3 What You Need To Know About ADP .....................................................................513

30.1.4 Before You Begin ...................................................................................................514

30.2 The ADP General Screen ........................ ................................................... ..................... 514

30.2.1 Configuring ADP Policies ............................... ........................................................ 515

30.3 The Profile Summary Screen .......................................................................................... 516

30.3.1 Base Profiles .......................................................................................................... 516

30.3.2 Configuring The ADP Profile Summary Screen ..................................................... 517

30.3.3 Creating New ADP Profiles ............................ ........................................................ 517

30.3.4 Traffic Anomaly Profiles ........................................................................................ 518

30.3.5 Protocol Anomaly Profiles ...... ... .... ... ... ... .......................................................... .... . 520

30.3.6 Protocol Anomaly Configuration .............................................................................521

30.4 Technical Reference ........................................................................................................523

Chapter 31

Content Filtering...................................................................................................................531

31.1 Overview .......................................................................................................................... 531

31.1.1 What You Can Do in the Content Filter Screens ............ ... ... .... ... ... ........................ 531

31.1.2 What You Need to Know About Content Filtering ..................................................531

31.1.3 Before You Begin ...................................................................................................532

31.2 Content Filter General Screen .................... ....................................................... ..............533

31.3 Content Filter Policy Add or Edit Screen .........................................................................535

31.4 Content Filter Profile Screen .......................................................................................... 536

31.5 Content Filter Categories Screen ...................................................................................536

31.6 Content Filter Customization Screen ..............................................................................543

31.7 Content Filter Cache Screen ...........................................................................................546

31.8 Content Filter Technical Reference ................................................................................. 548

Chapter 32

Content Filter Reports..........................................................................................................551

32.1 Overview .......................................................................................................................... 551

32.2 Viewing Content Filter Reports ............................................. ........................................... 551

32.3 Web Site Submission .......................................................................................................556

Chapter 33

Anti-Spam..............................................................................................................................559

33.1 Overview .......................................................................................................................... 559

33.1.1 What You Can Do in the Anti-Spam Screens .............................................. ........... 559

33.1.2 What You Need to Know About Anti-Spam ............................................................559

22

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

33.2 Before You Begin ............................................................................................................. 561

33.3 The Anti-Spam General Screen ....................................................................................... 561

33.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 563

33.4 The Anti-Spam Black List Screen ....................................................................................564

33.4.1 The Anti-Spam Black or White List Add/Edit Screen .............................................. 565

33.4.2 Regular Expressions in Black or White List Entries ............................................... 567

33.5 The Anti-Spam White List Screen .................................................................................... 567

33.6 The DNSBL Screen ......................................................................................................... 568

33.6.1 The DNSBL Add/Edit Screen ............................ ..................................................... 570

33.7 The Anti-Spam Status Screen .........................................................................................571

Part VII: Device HA............................................................................... 573

Chapter 34

Device HA.............................................................................................................................575

34.1 Overview .......................................................................................................................... 575

34.1.1 What You Can Do in the Device HA Screens .........................................................575

34.1.2 What You Need to Know About Device HA ............................................................ 575

34.1.3 Before You Begin ...................................................................................................576

34.2 Device HA General ..........................................................................................................576

34.3 The Active-Passive Mode Screen ...................................................................................578

34.3.1 Configuring Active-Passive Mode Device HA ........................................................ 579

34.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 582

34.5 The Legacy Mode Screen ............................................................................................... 583

34.6 Configuring the Legacy Mode Screen ............................... ... ... ... ... .... ... ... ... .....................583

34.7 The Legacy Mode Add/Edit Screen ................................................................................. 585

34.8 Device HA Technical Reference ...................................................................................... 587

Part VIII: Objects.................................................................................. 591

Chapter 35

User/Group............................................................................................................................593

35.1 Overview .......................................................................................................................... 593

35.1.1 What You Can Do Using The User/Group Screens ...............................................593

35.1.2 What You Need To Know About User/Groups ........................................................ 593

35.2 User Summary Screen .................................................................................................... 595

35.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 596

35.3 User Group Summary Screen .........................................................................................598

35.3.1 Group Add/Edit Screen .......................................................................................... 598

35.4 Setting Screen ................................................................................................................ 599

ZyWALL USG 100/200 Series User’s Guide

23

Table of Contents

35.4.1 Force User Authentication Policy Add/Edit Screen ................................................ 602

35.4.2 User Aware Login Example ............... ... ... .... ... ........................................................ 603

35.5 User /Group Technical Reference ...................................................................................604

Chapter 36

Addresses.............................................................................................................................607

36.1 Overview .......................................................................................................................... 607

36.1.1 What You Can Do Using The Addresses Screens ... .............................................. 607

36.1.2 What You Need To Know About Addresses /Groups ............................................. 607

36.2 Address Summary Screen ....................... ........................................................................607

36.2.1 Address Add/Edit Screen .......................................................................................608

36.3 Address Group Summary Screen ............................... ....................... ......................... ..... 609

36.3.1 Address Group Add/Edit Screen ............................................................................610

Chapter 37

Services.................................................................................................................................613

37.1 Overview .......................................................................................................................... 613

37.1.1 What You Can Do in the Services Screens .......... .................................... .............. 613

37.1.2 What You Need to Know About Protocols ... ................................ ........................... 613

37.2 The Service Summary Screen ....................... .......................... .......................... .............. 614

37.2.1 The Service Add/Edit Screen ............................ ..................................................... 615

37.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... .................616

37.3.1 The Service Group Add/Edit Screen ......................................................................617

Chapter 38

Schedules..............................................................................................................................619

38.1 Overview .......................................................................................................................... 619

38.1.1 What You Can Do in the Schedule Screens ...........................................................619

38.1.2 What You Need to Know About Schedules ....................................................... ..... 619

38.2 The Schedule Summary Screen ...................................................................................... 620

38.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 621

38.2.2 The Recurring Schedule Add/Edit Screen ..... ... ..................................................... 6 22

Chapter 39

AAA Server...........................................................................................................................625

39.1 Overview .......................................................................................................................... 625

39.1.1 Directory Service (AD/LDAP) Overview ...................................................... ... ........625

39.1.2 RADIUS Server Overview ...................................................................................... 625

39.1.3 ASAS ...................................................................................................................... 626

39.1.4 What You Can Do Using The AAA Screens ........................................................... 626

39.1.5 What You Need To Know About AAA Servers .......................................................626

39.2 Active Directory or LDAP Default Server Screen ....................... ... .... ... ... ... .... ... ... ... ... .... . 627

39.2.1 Configuring Active Directory or LDAP Default Server Settings ................... ... ... .... . 628

24

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

39.3 Active Directory or LDAP Group Summary Screen .........................................................629

39.3.1 Creating an Active Directory or LDAP Group ......................................................... 629

39.4 Configuring a Default RADIUS Server .............................................................................631

39.5 Configuring a Group of RADIUS Servers .......................................................................632

39.5.1 Adding a RADIUS Server Member .........................................................................632

Chapter 40

Authentication Method.........................................................................................................635

40.1 Overview .......................................................................................................................... 635

40.1.1 What You Can Do Using The Auth. Method Screens .. ... ........................................ 635

40.1.2 Before You Begin ...................................................................................................635

40.1.3 Example: Selecting a VPN Authentication Method ................................................635

40.2 Viewing Authentication Method Objects .......................................................................... 636

40.3 Creating an Authentication Method Object ...................................................................... 637

Chapter 41

Certificates ............................................................................................................................639

41.1 Overview .......................................................................................................................... 639

41.1.1 What You Can Do in the Certificate Screens ......................................................... 639

41.1.2 What You Need to Know About Certificates ........................................................... 639

41.1.3 Verifying a Certificate ............................................................................................. 641

41.2 The My Certificates Screen ............................................................................................. 642

41.2.1 The My Certificates Add Screen ............................................................................643

41.2.2 The My Certificates Edit Screen ........... .......................................................... ... .... . 646

41.2.3 The My Certificates Import Screen ........................................................................649

41.3 The Trusted Certificates Screen .....................................................................................650

41.3.1 The Trusted Certificates Edit Screen .................................................................... 651

41.3.2 The Trusted Certificates Import Screen ................................................................ 654

41.4 Certificates Technical Reference ..................................................................................... 655

Chapter 42

SSL Application ....................................................................................................................657

42.1 Overview .......................................................................................................................... 657

42.1.1 What You Can Do in the SSL Application Screens ........................ ... .... ... ... ... ... .... . 657

42.1.2 What You Need to Know About SSL Application Objects ...................................... 657

42.1.3 Example: Specifying a Web Site for Access .......................................................... 657

42.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 658

42.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 659

42.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 660

Part IX: System..................................................................................... 663

ZyWALL USG 100/200 Series User’s Guide

25

Table of Contents

Chapter 43

System.................................................................................................................................665

43.1 Overview .......................................................................................................................... 665

43.1.1 What You Can Do In The System Screens ............................................................ 665

43.2 Host Name ....................................................................................................................... 666

43.3 Date and Time ................................................................................................................ 666

43.3.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 668

43.3.2 Time Server Synchronization ................................................................................. 669

43.4 Console Port Speed .........................................................................................................670

43.5 DNS Overview .................................................................................................................670

43.5.1 DNS Server Address Assignment ..........................................................................670

43.5.2 Configuring the DNS Screen ................................ .......................................... ........ 671

43.5.3 Address Record ..................... ... .... ........................................................................673

43.5.4 PTR Record ........................................................................................................... 673

43.5.5 Adding an Address/PTR Record ............................................................................673

43.5.6 Domain Zone Forwarder ..................................... .... ... ........................................... 674

43.5.7 Adding a Domain Zone Forwarder ................................. ........................................ 674

43.5.8 MX Record ............................................................................................................675

43.5.9 Adding a MX Record .............................................................................................. 675

43.5.10 Adding a DNS Service Control Rule ...................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 676

43.6 WWW Overview ..............................................................................................................676

43.6.1 Service Access Limitations .................................................................................... 677

43.6.2 System Timeout .....................................................................................................677

43.6.3 HTTPS ...................................................................................................................678

43.6.4 Configuring WWW ..................................................................................................679

43.6.5 Service Control Rules ............................................................................................ 681

43.6.6 HTTPS Example .................................................................................................... 682

43.7 SSH .............................................................................................................................. 689

43.7.1 How SSH Works ............... ... ... ... ........................................................... ... ... ... ... .... . 690

43.7.2 SSH Implementation on the ZyWALL ..................................................................... 691

43.7.3 Requirements for Using SSH .................................................................................691

43.7.4 Configuring SSH .................................................................................................... 691

43.7.5 Secure Telnet Using SSH Examples ...................................................................... 692

43.8 Telnet ..............................................................................................................................693

43.8.1 Configuring Telnet ..................................................................................................693

43.9 FTP .................................................................................................................................694

43.9.1 Configuring FTP ..................................................................................................... 695

43.10 SNMP ........................................................................................................................... 696

43.10.1 Supported MIBs ................................................................................................... 697

43.10.2 SNMP Traps ......................................................................................................... 697

43.10.3 Configuring SNMP ............................................................................................... 698

43.11 Dial-in Management ............................... ... ... ... .... ... ... ... .... ... ... ... ... .... ..............................699

43.11. 1 Configuring Dial-in Mgmt .......... .... ... ... ... .... ... ... ..................................................... 6 99

26

ZyWALL USG 100/200 Series User’s Guide

Table of Contents

43.12 Vantage CNM ...............................................................................................................700

43.12.1 Configuring Vantage CNM ...................................................................................700

43.13 Language Screen .........................................................................................................702

Part X: Maintenance, Troubleshooting, & Specifications................. 703

Chapter 44

File Manager.........................................................................................................................705

44.1 Overview .......................................................................................................................... 705

44.1.1 What You Can Do in the File Manager Screens ..................................................... 705

44.1.2 What you Need to Know About the File Manager .................................................. 705

44.2 The Configuration File Screen .............................. ...................................................... .....707

44.3 The Firmware Package Screen ...................................................................................... 710

44.4 The Shell Script Screen .......................... ....................................................... .................712

Chapter 45

Logs ......................................................................................................................................715

45.1 Overview .......................................................................................................................... 715

45.2 What You Can Do In The Log Screens ............................................................................ 715

45.3 View Log Screen ................................................... ........................................................... 715

45.4 Log Setting Screens .......................................................................................................717

45.4.1 Log Setting Summary .............................................................................................718

45.4.2 Edit System Log Settings ...................................................................................... 719

45.4.3 Edit Remote Server Log Settings .......................................................................... 722

45.4.4 Active Log Summary Screen ................................ ............. .......... ............. ............. . 724

Chapter 46

Reports .................................................................................................................................727

46.1 Overview .......................................................................................................................... 727

46.1.1 What You Can Do in the Report Screens ............. ................................. ................. 727

46.2 The Traffic Statistics Screen ............................................................................................ 727

46.3 The Session Screen .......................................................................................................730

46.4 The Anti-Virus Report Screen .......................................................................................... 732

46.5 The IDP Report Screen ................................................................................................... 733

46.6 The Anti-Spam Report Screen .........................................................................................735

46.7 The Email Daily Report Screen ....................................................................................... 737

Chapter 47

Diagnostics...........................................................................................................................741

47.1 The Diagnostics Screen ..................................................................................................741

ZyWALL USG 100/200 Series User’s Guide

27

Table of Contents

Chapter 48

Reboot....................................................................................................................................743

48.1 Overview .......................................................................................................................... 743

48.1.1 What You Need To Know About Reboot ................................................................ 743

48.2 The Reboot Screen .........................................................................................................743

Chapter 49

Troubleshooting....................................................................................................................745

49.1 Resetting the ZyWALL ..................................................................................................... 748

49.2 Getting More Troubleshooting Help ................................................................................. 748

Chapter 50

Product Specifications.........................................................................................................749

50.1 General Specifications ..................................................................................................... 749

50.2 3G or WLAN PCMCIA Card Installation .......................................................................... 754

50.3 Power Adaptor Specifications .......................................................................................... 754

Part XI: Appendices and Index ........................................................... 757

Appendix A Log Descriptions ...............................................................................................759

Appendix B Common Services.............................................................................................815

Appendix C Displaying Anti-Virus Alert Messages in Windows............................................819

Appendix D Importing Certificates........................................................................................825

Appendix E Wireless LANs ..................................................................................................831

Appendix F Open Software Announcements .......................................................................845

Appendix G Legal Information..............................................................................................873

Appendix H Customer Support.............................................................................................877

Index.......................................................................................................................................883

28

ZyWALL USG 100/200 Series User’s Guide

List of Figures

List of Figures

Figure 1 ZyWALL USG 200 Front Panel ................................................................................................53

Figure 2 ZyWALL USG 100 Front Panel ................................................................................................54

Figure 3 Managing the ZyWALL: Web Configurator ............................................................................... 55

Figure 4 Applications: VPN Connectivity ................................................................................................ 61

Figure 5 Network Access Mode: Reverse Proxy ...................................................................................61

Figure 6 Network Access Mode: Full Tunnel Mode ............................... ................................................ 62

Figure 7 Applications: User-Aware Access Control ................................................................................ 62

Figure 8 Applications: Multiple WAN Interfaces ...................................... ... ............................................. 63

Figure 9 Applications: Device HA ........................................................................................................... 63

Figure 10 Login Screen .................................................. ... ....................................................................66

Figure 11 Update Admin Info Screen ..................................................................................................... 66

Figure 12 Main Screen .......................................................................................................................... 67

Figure 13 Message Bar .......................................................................................................................... 72

Figure 14 Warning Messages ................................................................................................................ 73

Figure 15 CLI Messages ........................................................................................................................ 73

Figure 16 Wizard Setup Welcome ......................................................................................................76

Figure 17 Internet Access: Step 1 ......................................................................................................... 76

Figure 18 Ethernet Encapsulation: Auto: Finish ..................................................................................... 78

Figure 19 Ethernet Encapsulation: Static ........ ... ... ... .... ... ... ... .... ... ... ... .................................................... 79

Figure 20 Ethernet Encapsulation: Static: Finish .................................................................................80

Figure 21 PPPoE Encapsulation: Auto ................................................................................................... 81

Figure 22 PPPoE Encapsulation: Auto: Finish ....................................................................................... 82

Figure 23 PPPoE Encapsulation: Static .................................................................................................83

Figure 24 PPPoE Encapsulation: Static: Finish ...................................................................................... 85

Figure 25 PPTP Encapsulation: Auto ..................................................................................................... 86

Figure 26 PPTP Encapsulation: Auto: Finish .......................................................................................... 87

Figure 27 PPTP Encapsulation: S tatic ....................................................................................................88

Figure 28 PPTP Encapsulation: Static: Finish ....................................................................................... 90

Figure 29 Registration ............................................................................................................................ 91

Figure 30 Registration: Registered Device ............................................................................................. 92

Figure 31 Internet Access: Step 1: First WAN Interface ..................................... ....................................93

Figure 32 Internet Access: Step 3: Second WAN Interface .......................................................... .......... 93

Figure 33 Internet Access: Finish .......................................................................................................... 94

Figure 34 VPN Wizard: Wizard Type .................................................. .................................................... 95

Figure 35 VPN Express Wizard: Step 2 ................................................................................................. 96

Figure 36 VPN Express Wizard: Step 3 .................................................................................................. 97

Figure 37 VPN Express Wizard: Step 4 ................................................................................................. 98

Figure 38 VPN Express Wizard: Step 6 ................................................................................................. 99

ZyWALL USG 100/200 Series User’s Guide

29

List of Figures

Figure 39 VPN Advanced Wizard: Step 2 ............................................................................................ 100

Figure 40 VPN Advanced Wizard: Step 3 ............................................................................................. 101

Figure 41 VPN Advanced Wizard: Step 4 ............................................................................................ 103

Figure 42 VPN Advanced Wizard: Step 5 ............................................................................................. 105

Figure 43 VPN Wizard: Step 6: Advanced ............................................................................................107

Figure 44 Zones, Interfaces, and Physical Ethernet Ports ..................................................................110

Figure 45 Default Network Topology .....................................................................................................111

Figure 46 Port Role and Ethernet Interface Configuration Example .................................................... 125

Figure 47 Network > Interface > Ethernet > Edit wan1 ........................................................................ 126

Figure 48 Network > Interface > Ethernet > Edit opt ...........................................................................127

Figure 49 Network > Interface > Ethernet > Edit opt > More Settings ................................................. 128

Figure 50 Network > Interface > Port Roles (Configured) .................... ... ... ... ..................................... 128

Figure 51 Network > Interface > Cellular ............................................................................................. 129

Figure 52 Network > Interface > Cellular > Edit ...................................................................................130

Figure 53 Status .................................................................................................................................. 131

Figure 54 Object > User/Group > User > Add ...................................................................................... 132

Figure 55 Network > Interface > WLAN > Add (WPA/WPA2 Security) ................................................ 133

Figure 56 Network > Interface > WLAN ............................................................................................... 133

Figure 57 ZyXEL Wireless Client .......................................................................................................... 134

Figure 58 ZyXEL Wireless Client > Profile ........................................................................................... 135

Figure 59 ZyXEL Wireless Client > Profile: Security Type .................................................................... 135

Figure 60 ZyXEL Wireless Client > Profile: Security Settings .............................................................. 136

Figure 61 ZyXEL Wireless Client > Profile: Save ................................................................................. 136

Figure 62 ZyXEL Wireless Client > Profile: Activate .............................................................................136

Figure 63 ZyXEL Wireless Client > Profile: Activate .............................................................................137

Figure 64 Odyssey Access Client Manager > Profiles ......................................................................... 137

Figure 65 Odyssey Access Client Manager > Profiles > User Info ......................................................138

Figure 66 Odyssey Access Client Manager > Profiles > Authentication ............................................. 138

Figure 67 Odyssey Access Client Manager > Profiles > Authentication ............................................. 139

Figure 68 Odyssey Access Client Manager > Networks ..................................................................... 139

Figure 69 Odyssey Access Client Manager > Networks > Add ........................................................... 140

Figure 70 Internet Explorer: Tools > Internet Options > Content ......................................................... 140

Figure 71 Internet Explorer: Tools > Internet Options > Content > Certificates .................................... 141

Figure 72 Internet Explorer Certificate Import Wizard File Open Screen ............................................. 141

Figure 73 Internet Explorer Certificate Import Wizard Certificate Store Screen ...................................142

Figure 74 Internet Explorer Certificate Import Wizard Security Warning Screen ..................................142

Figure 75 Internet Explorer: Trusted Root Certification Authorities .............................................. ... .... . 143

Figure 76 Object > Certificate > My Certificates ................................................................................ 143

Figure 77 Funk Odyssey Access Wireless Client Login Example .................. ... .... ... ... ... .... ... ... ... ... .....144

Figure 78 VPN Example ........................ ... .... ... ... ... ... .... ... ... ... .... ........................................................... 144

Figure 79 VPN > IPSec VPN > VPN Gateway > Add ........................................................................... 145

Figure 80 Object > Address > Address > Add ......................................................................................145

Figure 81 VPN > IPSec VPN > VPN Connection > Add ....................................................................... 146

30

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 82 Network > Routing > Policy Route ....................................................................................... 146

Figure 83 Network > Routing > Policy Route > Add .............................................................................147

Figure 84 Object > User/Group > User > Add ...................................................................................... 148

Figure 85 Object > User/Group > Group > Add ....................................................................................149

Figure 86 Object > AAA Server > RADIUS > Default ................................................ ...........................149

Figure 87 Object > Auth. method > Add ............................................................................................... 150

Figure 88 System > WWW (Authentication) ............. .................................................................... ........150

Figure 89 Object > User/Group > Setting > Add (Force User Authentication Policy) ........................... 150

Figure 90 AppPatrol > General .............. ... .... ... ... ... ... .... ... ... ... .... ... ... ..................................................... 151

Figure 91 AppPatrol > Common ............................................ .... ... ... ... .... ... ... ... ... .... ... ... ........................151

Figure 92 AppPatrol > Common > http ................................................................................................. 151

Figure 93 AppPatrol > Common > http > Edit Default .......................................................................... 152

Figure 94 AppPatrol > Common> http > Edit Default .......................................................................... 152

Figure 95 Object > Schedule > Add (Recurring) ..................................................................................153

Figure 96 Firewall > LAN1 to DMZ > Edit .................................. ... ... ... .... ... ... ........................................ 153

Figure 97 Firewall > LAN1 to DMZ > Edit .................................. ... ... ... .... ... ... ........................................ 154

Figure 98 Firewall > Add ....................................................................................................................... 154

Figure 99 Trunk Example ............................................. ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .....................154

Figure 100 Network > Interface > Ethernet > Edit (wan1) .................................................................... 155

Figure 101 Network > Interface > Trunk > WAN_TRUNK > Edit ..........................................................156

Figure 102 System > WWW ................................................................................................................. 157

Figure 103 System > WWW > Service Control Rule Edit ................................................................... 157

Figure 104 System > WWW (First Example Admin Service Rule Configured) ..................................... 158

Figure 105 System > WWW > Service Control Rule Edit ................................................................... 158

Figure 106 System > WWW (Second Example Admin Service Rule Configured) .......... .....................159

Figure 107 WAN to LAN1 H.323 Peer-to-peer Calls Example ............................................................. 159

Figure 108 Network > ALG .................................................................................................................. 160

Figure 109 Create Address Objects .....................................................................................................160

Figure 110 Network > Virtual Server > Add ..........................................................................................161

Figure 111 Firewall: WAN to LAN 1 ......................................................................................................161

Figure 112 Firewall > Add .................................................................................................................... 162

Figure 113 Object > Address > Add .....................................................................................................162

Figure 114 Firewall > WAN to LAN > Add ............................................................................................162

Figure 115 Device HA: Master Fails and Backup Takes Over ... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .....163

Figure 116 Device HA: Management IP Addresses ............................................................................ 163

Figure 117 Device HA > Active-Passive Mode > Edit: Master ZyWALL Example ................................ 164

Figure 118 Device HA > Active-Passive Mode: Master ZyWALL Example .......................................... 164

Figure 119 Device HA > General: Master ZyWALL Example ............................................................... 165

Figure 120 Device HA > Active-Passive Mode > Edit: Backup ZyWALL Example ............................... 165

Figure 121 Device HA > Active-Passive Mode: Backup ZyWALL Example ....... .... ... ... ... .... ... ... ... ... .... . 166

Figure 122 Device HA > General: Master ZyWALL Example ............................. .................................. 166

Figure 123 Public Server Example Network Topology ................. ........................................................ 167

Figure 124 Creating the Address Object for the HTTP Server’s Private IP Address ............................ 167

ZyWALL USG 100/200 Series User’s Guide

31

List of Figures

Figure 125 Creating the Address Object for the wan2 Public IP Address ............................................ 168

Figure 126 Creating the Virtual Server ................................................................................................. 168

Figure 127 Status ................................................................................................................................ 172

Figure 128 Status > CPU Usage .......................................................................................................... 176

Figure 129 Status > Memory Usage ..................................................................................................... 177

Figure 130 Status > Session Usage .....................................................................................................178

Figure 131 Status > VPN Status ........................................................................................................... 179

Figure 132 Status > DHCP Table .......................................................................................................... 179

Figure 133 Status > Port Statistics ...................................................................................................... 180

Figure 134 Status > Port Statistics > Switch to Graphic View ............................................................. 182

Figure 135 Status > Current Users ....................................................................................................... 183

Figure 136 Status > Cellular Detail ..................................................................................................... 183

Figure 137 Licensing > Registration .....................................................................................................187

Figure 138 Licensing > Registration: Registered Device ...................................................................... 188

Figure 139 Licensing > Registration > Service ..................................................................................... 189

Figure 140 Licensing > Update >Anti-Virus ......................................................................................... 192

Figure 141 Licensing > Update > IDP/AppPatrol .................................................................................193

Figure 142 Downloading IDP Signatures .............................................................................................194

Figure 143 Successful IDP Signature Download ..................................................................................194

Figure 144 Licensing > Update > System Protect ............................................................................... 195

Figure 145 Downloading System Protect Signatures ........................................................................... 196

Figure 146 Successful System Protect Signature Download ............................................................... 196

Figure 147 Network > Interface > Status .............................................................................................203

Figure 148 Network > Interface > Port Role ........................................................................................ 205

Figure 149 Network > Interface > Ethernet ..........................................................................................207

Figure 150 Network > Interface > Ethernet > Edit (Opt) ......................................................................209

Figure 151 Network > Interface > Ethernet > Edit > Edit static DHCP table ......................................... 214

Figure 152 Interface Wizard: OPT Interface First Screen ................................................................... 215

Figure 153 Interface Wizard: WAN Type .............................................................................................215

Figure 154 Interface Wizard: Non-WAN OPT Interface Setup ............................................................ 216

Figure 155 Interface Wizard: WAN Interface Zone and IP Address Setup ........................................... 217

Figure 156 Interface Wizard: WAN ISP Connection Settings (PPTP, Static IP Shown) .......................217

Figure 157 Interface Wizard: Summary (Non-WAN) ............................................................................ 219

Figure 158 Interface Wizard: Summary WAN (PPTP Shown) ............................................................. 220

Figure 159 Example: PPPoE/PPTP Interfaces ..................................................................................... 221

Figure 160 Network > Interface > PPP .................................................................................................221

Figure 161 Network > Interface > PPP > Edit > Configuration ............................................................. 223

Figure 162 Network > Interface > Cellular .........................................................................................227

Figure 163 Interface > Cellular > Add ................................................................................................ 228

Figure 164 Interface > Cellular > Status ............................................................................................ 231

Figure 165 Example of a Wireless Network .........................................................................................233

Figure 166 Network > Interface > WLAN . .... ... ... ... ... .... ... .......................................................... ... ........ 234

Figure 167 Network > Interface > WLAN > Add (No Security) ............................................................ 237

32

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 168 Network > Interface > Ethernet > Edit > Edit static DHCP table ......................................... 240

Figure 169 Network > Interface > WLAN > Add (WEP Security) .... ... .................................................. 2 42

Figure 170 Network > Interface > WLAN > Add (WPA-PSK/WPA2-PSK Security) .............................242

Figure 171 Network > Interface > WLAN > Add (WPA/WPA2 Security) .............................................. 243

Figure 172 Network > Interface > WLAN > MAC Filter .........................................................................245

Figure 173 Network > Interface > WLAN > MAC Filter > Add .............................................................. 246

Figure 174 Network > Interface > WLAN > Station Monitor .................................................... ......... ..... 246

Figure 175 Example: Before VLAN ......................................................................................................247

Figure 176 Example: After VLAN .........................................................................................................248

Figure 177 Network > Interface > VLAN ............................................................................................... 249

Figure 178 Network > Interface > VLAN > Edit ........ ........................................................... ... ... ... ... ..... 251

Figure 179 Network > Interface > Ethernet > Edit > Edit static DHCP table ......................................... 254

Figure 180 Bridge Example .................................................................................................................. 255

Figure 181 Network > Interface > Bridge .............................................................................................. 256

Figure 182 Network > Interface > Bridge > Add .................................................................................. 258

Figure 183 Network > Interface > Edit > Edit static DHCP table .......................................................... 261

Figure 184 Network > Interface > Auxiliary ..........................................................................................262

Figure 185 Network > Interface > Bridge > Add ................................................................................... 264

Figure 186 Example: Entry in the Routing Table Derived from Interfaces ............................................ 265

Figure 187 Link Sticking .......................................................................................................................270

Figure 188 Least Load First Example ...................................................................................................271

Figure 189 Weighted Round Robin Algorithm Example ....................................................................... 272

Figure 190 Spillover Algorithm Example .......................................................... ................ ..................... 272

Figure 191 Network > Interface > Trunk ..............................................................................................273

Figure 192 Network > Interface > Trunk > Edit .....................................................................................274

Figure 193 Example of Policy Routing Topology ..................................................................................277

Figure 194 Network > Routing > Policy Route ..................................................................................... 279

Figure 195 Network > Routing > Policy Route > Edit ........................................................................... 281

Figure 196 Network > Routing > Static Route ...................................................................................... 284

Figure 197 Network > Routing > Static Route > Edit ....................................................... ..................... 284

Figure 198 Trigger Port Forwarding Example ....................................................................................... 286

Figure 199 Network > Routing > RIP .................................................................................................... 288

Figure 200 OSPF: Types of Areas ........................................................................................................290

Figure 201 OSPF: Types of Routers ....................................................................................................291

Figure 202 OSPF: Virtual Link ..............................................................................................................292

Figure 203 Network > Routing > OSPF ................................................................................................292

Figure 204 Network > Routing > OSPF > Edit ......................................................................................294

Figure 205 Example: Zones ................................................................................................................. 299

Figure 206 Network > Zone .............................................................................................................. 301

Figure 207 Network > Zone > Edit ..................................................................................................... 301

Figure 208 Network > DDNS ................................................................................................................ 304

Figure 209 Network > DDNS > Add .....................................................................................................305

Figure 210 Network > DDNS > Status ................................................................................................ 308

ZyWALL USG 100/200 Series User’s Guide

33

List of Figures

Figure 211 Multiple Servers Behind NAT Example ............................................................................... 309

Figure 212 Network > Virtual Server .................................................................................................... 310

Figure 213 Network > Virtual Server > Edit ...........................................................................................311

Figure 214 NAT 1:1 Example Network Topology .................................................................................. 313

Figure 215 Create Address Objects .....................................................................................................314

Figure 216 Address Objects ................................................................................................................. 314

Figure 217 NAT 1:1 Example Virtual Server .........................................................................................315

Figure 218 Create a Virtual Server .......................................................................................................315

Figure 219 NAT 1:1 Example Policy Route .......................................................................................... 316

Figure 220 Create a Policy Route ........................................................................................................ 316

Figure 221 Create a Firewall Rule ................................................ ... ... .... ... ... ........................................ 317

Figure 222 LAN1 Computer Queries the DNS Server .......................................................................... 317

Figure 223 NAT Loopback Virtual Server .............................................................................................318

Figure 224 Create a Virtual Server .......................................................................................................318

Figure 225 Triangle Route ...................................................................................................................319

Figure 226 NAT Loopback Policy Route .............................................................................................319

Figure 227 Create a Policy Route ........................................................................................................ 320

Figure 228 NAT Loopback Successful ............................................................................................... 320

Figure 229 HTTP Redirect Example ..................................................................................................... 321

Figure 230 Network > HTTP Redirect .................................................................................................. 323

Figure 231 Network > HTTP Redirect > Edit ........................................................................................ 323

Figure 232 SIP ALG Example ............................................................................................................. 325

Figure 233 H.323 ALG Example ..........................................................................................................326

Figure 234 VoIP Calls from the WAN with Multiple Outgoing Calls ...................................................... 327

Figure 235 VoIP with Multiple WAN IP Addresses ............................................................................... 328

Figure 236 Network > ALG .................................................................................................................. 329

Figure 237 Default Firewall Action ....................................................................................................... 335

Figure 238 Blocking All LAN to WAN IRC Traffic Example ..................................................................338

Figure 239 Limited LAN to WAN IRC Traffic Example .......................................................................... 339

Figure 240 Firewall Example: Select the Traveling Direction of Traffic ........................ ... .... ... ... ... ... .... . 341

Figure 241 Firewall Example: Edit a Firewall Rule 1 ............................................................................341

Figure 242 Firewall Example: Create an Address Object .....................................................................341

Figure 243 Firewall Example: Create a Service Object ........................................................................ 342

Figure 244 Firewall Example: Edit a Firewall Rule ............................................................................... 342

Figure 245 Firewall Example: MyService Example Rule in Summary ..................................................342

Figure 246 Using Virtual Interfaces to Avoid Asymmetrical Routes ..................................................... 343

Figure 247 Firewall ............................................................................................................................... 344

Figure 248 Firewall > Edit ..................................................................................................................... 346

Figure 249 IPSec VPN Example .......................................................................................................... 351

Figure 250 VPN: IKE SA and IPSec SA .............................................................................................. 352

Figure 251 VPN > IPSec VPN > VPN Connection ...............................................................................353

Figure 252 VPN > IPSec VPN > VPN Connection > Edit (IKE) ................................... ........................ 356

Figure 253 VPN > IPSec VPN > VPN Connection > Manual Key > Edit ................... ... ... .....................361

34

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 254 VPN > IPSec VPN > VPN Gateway ...................................................................................363

Figure 255 VPN > IPSec VPN > VPN Gateway > Edit .........................................................................365

Figure 256 VPN Topologies (Fully Meshed and Hub and Spoke) ........................................................ 369

Figure 257 VPN > IPSec VPN > Concentrator ..................................................................................... 370

Figure 258 VPN > IPSec VPN > Concentrator > Edit ........................................................................... 370

Figure 259 Network > IPSec VPN > Concentrator > Edit > Member ....................................................371

Figure 260 VPN > IPSec VPN > SA Monitor ........................................................................................372

Figure 261 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ....................................... 373

Figure 262 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange .................................... 374

Figure 263 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ........................................... 375

Figure 264 VPN/NAT Example .............................................................................................................377

Figure 265 VPN: Transport and Tunnel Mode Encapsulation .............................................................. 380

Figure 266 VPN Example: NAT for Inbound and Outbound Traffic ...................................................... 382

Figure 267 Network Access Mode: Reverse Proxy ............................................................................. 385

Figure 268 Network Access Mode: Full Tunnel Mode ......................................................................... 386

Figure 269 VPN > SSL VPN > Access Privilege ................................................................................. 387

Figure 270 VPN > SSL VPN > Access Privilege > Add/Edit ................................................................388

Figure 271 VPN > SSL VPN > Connection Monitor ............................................................................ 390

Figure 272 VPN > SSL VPN > Global Setting .....................................................................................391

Figure 273 Example Logo Graphic Display ......................................................................................... 392

Figure 274 SSL VPN Client Portal Screen Example ........................................................................... 393

Figure 275 Network Example ..............................................................................................................395

Figure 276 Enter the Address in a Web Browser ...............................................................................396

Figure 277 Login Security Screen .....................................................................................................397

Figure 278 Login Screen ....................................................................................................................397

Figure 279 Java Needed Message ..................................................................................................... 397

Figure 280 SecuExtender Progress .................................................................................................. 398

Figure 281 Remote User Screen .......................................................................................................... 398

Figure 282 Add Favorite ...................................................................................................................... 399

Figure 283 Logout: Prompt ..................................................................................................................399

Figure 284 Logout: Connection Termination Progress ........................................................................400

Figure 285 Application .........................................................................................................................401

Figure 286 File Sharing .......................................................................................................................404

Figure 287 File Sharing: Enter Access User Name and Password ....................................................404

Figure 288 File Sharing: Open a Word File ............ .... ... ... ... ............................................................... 405

Figure 289 File Sharing: Save a Word File ......................................................................................... 406

Figure 290 File Sharing: Save a Word File ......................................................................................... 406

Figure 291 File Sharing: Rename ...................... ... ... .... ... .......................................................... ...........407

Figure 292 File Sharing: Rename ...................... ... ... .... ... .......................................................... ...........407

Figure 293 File Sharing: Delete Prompt ..............................................................................................407

Figure 294 File Sharing: File Upload ................................................................................................... 408

Figure 295 L2TP VPN Overview ..........................................................................................................409

Figure 296 Policy Route for L2TP VPN ............................................................................................... 410

ZyWALL USG 100/200 Series User’s Guide

35

List of Figures

Figure 297 VPN > L2TP VPN ................................................................................................................411

Figure 298 VPN > L2TP VPN > Session Monitor ................................................................................. 412

Figure 299 L2TP VPN Example ........................................................................................................... 415

Figure 300 VPN > IPSec VPN > VPN Gateway > Edit ................ ........................................................ 4 16

Figure 301 VPN > IPSec VPN > VPN Gateway (Enable) ....................................................................416

Figure 302 VPN > IPSec VPN > VPN Connection > Edit ........... ... ... .... .............................................. 417

Figure 303 VPN > IPSec VPN > VPN Connection (Enable) ................................................................417

Figure 304 VPN > L2TP VPN Example ................................................................................................418

Figure 305 Routing > Add: L2TP VPN Example ................................................................................... 419

Figure 306 New Connection Wizard: Network Connection Type ............................ ... ... ... .... ... ... ... ... .... . 420

Figure 307 New Connection Wizard: Network Connection ............................. ... .... ... ... ... .... ... ..............420

Figure 308 New Connection Wizard: Connection Name ...................................................................... 421

Figure 309 New Connection Wizard: Public Network ........................................................................... 421

Figure 310 New Connection Wizard: VPN Server Selection ................................................................422

Figure 311 Connect L2TP to ZyWALL .................................................................................................. 422

Figure 312 Connect L2TP to ZyWALL: Security ................................................................................... 423

Figure 313 Connect ZyWALL L2TP: Security > Advanced ........................................ ...................... ..... 423

Figure 314 L2TP to ZyWALL Properties > Security .............................................................................. 424

Figure 315 L2TP to ZyWALL Properties > Security > IPSec Settings ................................................. 424

Figure 316 L2TP to ZyWALL Properties: Networking ...........................................................................424

Figure 317 Connect L2TP to ZyWALL .................................................................................................. 425

Figure 318 ZyWALL-L2TP System Tray Icon ....................................................................................... 425

Figure 319 ZyWALL-L2TP Status: Details ............................................................................................ 425

Figure 320 Starting the Registry Editor ................................................................................................. 426

Figure 321 Registry Key ....................................................................................................................... 426

Figure 322 New DWORD Value ........................................................................................................... 426

Figure 323 ProhibitIpSec DWORD Value ............................................................................................. 427

Figure 324 Run mmc ............................................................................................................................ 427

Figure 325 Console > Add/Remove Snap-in ........................................................................................427

Figure 326 Add > IP Security Policy Management > Finish ................................................................. 428

Figure 327 Create IP Security Policy .................................................................................................... 428

Figure 328 IP Security Policy: Name ............................ ................................................ ........................ 429

Figure 329 IP Security Policy: Request for Secure Communication .................................................... 429

Figure 330 IP Security Policy: Completing the IP Security Policy Wizard ............................................ 429

Figure 331 IP Security Policy Properties > Add ....................................................................................430

Figure 332 IP Security Policy Properties: Tunnel Endpoint .................................................................. 430

Figure 333 IP Security Policy Properties: Network Type ......................................................................431

Figure 334 IP Security Policy Properties: Authentication Method ........................................................ 431

Figure 335 IP Security Policy Properties: IP Filter List . ... ... ... .... ... ... ..................................................... 432

Figure 336 IP Security Policy Properties: IP Filter List > Add .............................................................. 432

Figure 337 Filter Properties: Addressing ..............................................................................................433

Figure 338 Filter Properties: Protocol ................................. ............................................. ..................... 433

Figure 339 IP Security Policy Properties: IP Filter List . ... ... ... .... ... ... ..................................................... 434

36

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 340 IP Security Policy Properties: IP Filter List . ... ... ... .... ... ... ..................................................... 434

Figure 341 Console: L2TP to ZyWALL Assign ..................................................................................... 434

Figure 342 Start New Connection Wizard ............................................................................................ 435

Figure 343 New Connection Wizard: Network Connection Type ............................ ... ... ... .... ... ... ... ... .... . 435

Figure 344 New Connection Wizard: Destination Address .... .... ... ... ... .... ... ... ... ... .... .............................. 436

Figure 345 New Connection Wizard: Connection Availability ............................. ................................. . 436

Figure 346 New Connection Wizard: Naming the Connection ........................ ... .... .............................. 436

Figure 347 Connect L2TP to ZyWALL .................................................................................................. 437

Figure 348 Connect L2TP to ZyWALL: Security ................................................................................... 437

Figure 349 Connect L2TP to ZyWALL: Security > Advanced ............................................................... 438

Figure 350 Connect L2TP to ZyWALL: Networking .............................................................................. 438

Figure 351 Connect L2TP to ZyWALL .................................................................................................. 439

Figure 352 ZyWALL-L2TP System Tray Icon ....................................................................................... 439

Figure 353 L2TP to ZyWALL Status: Details .......................................................................................439

Figure 354 LAN1 to WAN Connection and Packet Directions ................................... ...........................445

Figure 355 LAN 1to WAN, Outbound 200 kbps, Inbound 500 kbps .................................................... 446

Figure 356 Bandwidth Management Behavior ............. ... ... ... .... ... ... ... .... ... ... ........................................ 447

Figure 357 Application Patrol Bandwidth Management Example .............. ... ... ... .... ... ... ... .... ... ... ... ... .... . 449

Figure 358 SIP Any to WAN Bandwidth Management Example .......................................................... 450

Figure 359 HTTP Any to WAN Bandwidth Management Example ....................................................... 450

Figure 360 FTP WAN to DMZ Bandwidth Management Example ............. ... ... ... .... ... ... ... .... ... ... ... ........451

Figure 361 FTP LAN to DMZ Bandwidth Management Example ......................................................... 4 51

Figure 362 AppPatrol > General ........................................................................................................... 452

Figure 363 AppPatrol > Common .........................................................................................................453

Figure 364 Application Edit ................................................................................................................... 454

Figure 365 Application Policy Edit ........................................................................................................ 456

Figure 366 AppPatrol > Other ............................................................................................................... 459

Figure 367 AppPatrol > Other > Edit ....................................................................................................461

Figure 368 AppPatrol > Statistics: General Setup ........................... ... .... .............................................. 463

Figure 369 AppPatrol > Statistics: Bandwidth Statistics ....................................................................... 463

Figure 370 AppPatrol > Statistics: Protocol Statistics ........................................................................... 464

Figure 371 ZyWALL Anti-Virus Example ........................................................................................... 469

Figure 372 Anti-X > Anti-Virus > General ............................................................................................ 472

Figure 373 Anti-X > Anti-Virus > General > Add ..................................................................................474

Figure 374 Anti-X > Anti-Virus > Black/White List > Black List ............................................................. 476

Figure 375 Anti-X > Anti-Virus > Black/White List > Black List (or White List) > Add .................. ... .... . 477

Figure 376 Anti-X > Anti-Virus > Black/White List > White List ................................ ... ... .... ... ... ... ... .....478

Figure 377 Anti-X > Anti-Virus > Signature: Search by Severity .......................................................... 479

Figure 378 Anti-X > IDP > General ....................................................................................................... 485

Figure 379 Anti-X > IDP > General > Add ............................................................................................ 487

Figure 380 Base Profiles ......................................................................................................................488

Figure 381 Anti-X > IDP > Profile .........................................................................................................489

Figure 382 Anti-X > IDP > Profile > Edit : Group View ........................................................................ 491

ZyWALL USG 100/200 Series User’s Guide

37

List of Figures

Figure 383 Anti-X > IDP > Profile > Edit > IDP Service Group ............................................................. 495

Figure 384 Anti-X > IDP > Profile: Query View .....................................................................................496

Figure 385 Query Example Search Criteria .......................................................................................... 497

Figure 386 Query Example Search Results .........................................................................................498

Figure 387 IP v4 Packet Headers ......................................................................................................... 499

Figure 388 Anti-X > IDP > Custom Signatures ..................................................................................... 500

Figure 389 Anti-X > IDP > Custom Signatures > Add/Edit ................................................................... 502

Figure 390 Custom Signature Example Pattern 1 ...............................................................................506

Figure 391 Custom Signature Example Pattern 2 ...............................................................................506

Figure 392 Custom Signature Example Patterns 3 and 4 .................................................................... 506

Figure 393 Example Custom Signature ................................................................................................507

Figure 394 Example: Custom Signature in IDP Profile .........................................................................508

Figure 395 Custom Signature Log ........................................................................................................509

Figure 396 Anti-X > ADP > General .....................................................................................................514

Figure 397 Anti-X > ADP > General > Add ........................................................................................... 515

Figure 398 Base Profiles ......................................................................................................................516

Figure 399 Anti-X > ADP > Profile ........................................................................................................517

Figure 400 Profiles: Traffic Anomaly ..................................................................................................... 519

Figure 401 Profiles: Protocol Anomaly .................................................................................................522

Figure 402 Smurf Attack ......................................................................................................................525

Figure 403 TCP Three-Way Handshake ..............................................................................................526

Figure 404 SYN Flood .......................................................................................................................... 526

Figure 405 Anti-X > Content Filter > General ...................................................................................... 533

Figure 406 Anti-X > Content Filter > General > Add l ...........................................................................535

Figure 407 Anti-X > Content Filter > Filter Profile ................................................................................ 536

Figure 408 Anti-X > Content Filter > Filter Profile > Add .....................................................................537

Figure 409 Anti-X > Content Filter > Filter Profile > Customization ..................................................... 544

Figure 410 Anti-X > Content Filter > Cache ........................................................................................ 547

Figure 411 Content Filter Lookup Procedure ........................................................................................ 548

Figure 412 myZyXEL.com: Login .........................................................................................................551

Figure 413 myZyXEL.com: Welcome ................................................................................................... 552

Figure 414 myZyXEL.com: Service Management ................................................................................ 552

Figure 415 Blue Coat: Login ................................................................................................................. 553

Figure 416 Blue Coat Content Filter Reports Main Screen .................................................................. 553

Figure 417 Blue Coat: Report Home ....................................................................................................554

Figure 418 Global Report Screen Example .......................................................................................... 555

Figure 419 Requested URLs Example ................................................................................................. 556

Figure 420 Web Page Review Process Screen ................................................................................... 557

Figure 421 DNSBL Example ................................................................................................................ 561

Figure 422 Anti-X > Anti-Spam > General ............................................................................................ 562

Figure 423 Anti-X > Anti-Spam > General > Add .................................................................................563

Figure 424 Anti-X > Anti-Spam > Black/White List > Black List ............................................................ 565

Figure 425 Anti-X > Anti-Spam > Black/White List > Black List (or White List) > Add ......................... 566

38

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 426 Anti-X > Anti-Spam > Black/White List > White List ........................................................... 567

Figure 427 Anti-X > Anti-Spam > DNSBL ............................................................................................. 569

Figure 428 Anti-X > Anti-Spam > DNSBL > Add .................................................................................. 570

Figure 429 Anti-X > Anti-Spam > Status ...............................................................................................571

Figure 430 Device HA Backup Taking Over for the Master .................................................................. 575

Figure 431 Device HA > General ..........................................................................................................577

Figure 432 Virtual Router ....................................................................................................................578

Figure 433 Cluster IDs for Multiple Virtual Routers .............................................................................578

Figure 434 Management IP Addresses ................................................................................................ 579

Figure 435 Device HA > Active-Passive Mode .....................................................................................580

Figure 436 Device HA > Active-Passive Mode > Edit ..........................................................................582

Figure 437 Device HA > Legacy Mode ................................................................................................. 584

Figure 438 Device HA > Legacy Mode > Add ......................................................................................586

Figure 439 Example: VRRP, Normal Operation ...................................................................................588

Figure 440 Example: VRRP, Master Becomes Unavailable ................................................................. 588

Figure 441 Object > User/Group .......................................................................................................... 596

Figure 442 User/Group > User > Edit ...................................................................................................597

Figure 443 Object > User/Group > Group ............................................................................................598

Figure 444 User/Group > Group > Add ................................................................................................599

Figure 445 Object > User/Group > Setting ........................................................................................... 600

Figure 446 Object > User/Group > Setting > Add/Edit ......................................................................... 602

Figure 447 Web Configurator for Non-Admin Users .............................................................................603

Figure 448 LDAP Example: Keywords for User Attributes ................................................................... 604

Figure 449 RADIUS Example: Keywords for User Attributes ............................................................... 604

Figure 450 Object > Address > Address ..............................................................................................608

Figure 451 Object > Address > Address > Edit .................................................................................... 608

Figure 452 Object > Address > Address Group ................................................................................... 609

Figure 453 Object > Address > Address Group > Add .........................................................................610

Figure 454 Object > Service > Service .................................................................................................614

Figure 455 Object > Service > Service > Edit .......................................................................................615

Figure 456 Object > Service > Service Group ...................................................................................... 616

Figure 457 Object > Service > Service Group > Edit ............................................................................617

Figure 458 Object > Schedule .............................................................................................................. 620

Figure 459 Object > Schedule > Edit (One Time) .................................................................................621

Figure 460 Object > Schedule > Edit (Recurring) .................................................................................622

Figure 461 Example: Directory Service Client and Server .................................................................. 625

Figure 462 RADIUS Server Network Example ..................................................................................... 626

Figure 463 Basic Directory Structure ...................................................... .............................................. 627

Figure 464 Object > AAA Server > Active Directory (or LDAP) > Default ........................................... 628

Figure 465 Object > AAA Server > Active Directory (or LDAP) > Group .............................................629

Figure 466 Object > AAA Server > Active Directory (or LDAP) > Group > Add .................................. 630

Figure 467 Object > AAA Server > RADIUS > Default ........................................................................ 631

Figure 468 Object > AAA Server > RADIUS > Group ......................................................................... 632

ZyWALL USG 100/200 Series User’s Guide

39

List of Figures

Figure 469 Object > AAA Server > RADIUS > Group > Add ............................................................... 632

Figure 470 Example: Using Authentication Method in VPN ........................... ... .... ... ... ... .... ... ... ...........636

Figure 471 Object > Auth. Method .......................................................................................................636

Figure 472 Object > Auth. Method > Add ............................................................................................ 637

Figure 473 Remote Host Certificates ...................................................................................................641

Figure 474 Certificate Details .............................................................................................................. 642

Figure 475 Object > Certificate > My Certificates .............................................................................. 642

Figure 476 Object > Certificate > My Certificates > Add ...................................................................... 644

Figure 477 Object > Certificate > My Certificates > Edit ......................................................................647

Figure 478 Object > Certificate > My Certificates > Import ........... ... ... .... ... ... ... ..................................... 649

Figure 479 Object > Certificate > Trusted Certificates ......................................................................... 650

Figure 480 Object > Certificate > Trusted Certificates > Edit .............................................................. 652

Figure 481 Object > Certificate > Trusted Certificates > Import ........................................................... 655

Figure 482 Example: SSL Application: Specifying a Web Site for Access ..........................................658

Figure 483 Object > SSL Application ...................................................................................................658

Figure 484 Object > SSL Application > Add/Edit: Web Application ............................ ... .... .................659

Figure 485 Object > SSL Application > Add/Edit: File Sharing ...........................................................660

Figure 486 System > Host Name ......................................................................................................... 666

Figure 487 System > Date and Time .................................................................................................... 667

Figure 488 Synchronization in Process ................................................................................................669

Figure 489 System > Console Speed ................................................................................................... 670

Figure 490 System > DNS .................................................................................................................... 671

Figure 491 System > DNS > Address/PTR Record Edit ...................................................................... 673

Figure 492 System > DNS > Domain Zone Forwarder Add ................................................................. 674

Figure 493 System > DNS > MX Record Add ......................................................................................675

Figure 494 System > DNS > Service Control Rule Add ....................................................................... 676

Figure 495 Secure and Insecure Service Access From the WAN ................................... .... ... ... ... ... .... . 677

Figure 496 HTTP/HTTPS Implementation ............................................................................................678

Figure 497 System > WWW ................................................................................................................. 679

Figure 498 System > Service Control Rule Edit ............................................................ .... ... ... ... ... ..... 681

Figure 499 Security Alert Dialog Box (Internet Explorer) ......................................................................682

Figure 500 Security Certificate 1 (Netscape) ........................................................................................683

Figure 501 Security Certificate 2 (Netscape) ........................................................................................683

Figure 502 Login Screen (Internet Explorer) ........................................................................................ 684

Figure 503 ZyWALL Trusted CA Screen .............................................................................................. 684

Figure 504 CA Certificate Example ......................................................................................................685

Figure 505 Personal Certificate Import Wizard 1 ....................... ... ... ..................................................... 686

Figure 506 Personal Certificate Import Wizard 2 ....................... ... ... ..................................................... 686

Figure 507 Personal Certificate Import Wizard 3 ....................... ... ... ..................................................... 687

Figure 508 Personal Certificate Import Wizard 4 ....................... ... ... ..................................................... 687

Figure 509 Personal Certificate Import Wizard 5 ....................... ... ... ..................................................... 688

Figure 510 Personal Certificate Import Wizard 6 ....................... ... ... ..................................................... 688

Figure 511 Access the ZyWALL Via HTTPS ........................................................................................688

40

ZyWALL USG 100/200 Series User’s Guide

List of Figures

Figure 512 SSL Client Authentication ................................................................................................... 689

Figure 513 Secure Web Configurator Login Screen .............................................................................689

Figure 514 SSH Communication Over the WAN Example ........................................ ...........................690

Figure 515 How SSH v1 Works Example .............................................................................................690

Figure 516 System > SSH .................................................................................................................... 691

Figure 517 SSH Example 1: Store Host Key ........................................................................................ 692

Figure 518 SSH Example 2: Test ........................................................................................................693

Figure 519 SSH Example 2: Log in ......................................................................................................693

Figure 520 System > Telnet ..................................................................................................................694

Figure 521 System > FTP .....................................................................................................................695

Figure 522 SNMP Management Model ................................................................................................696

Figure 523 System > SNMP ................................................................................................................. 698

Figure 524 System > Dial-in Mgmt ..................................................................................................... 700

Figure 525 System > Vantage CNM ..................................................................................................... 701

Figure 526 System > Language ........................................................................................................... 702

Figure 527 Configuration File / Shell Script: Example ..........................................................................706

Figure 528 Maintenance > File Manager > Configuration File ............................................................708

Figure 529 Maintenance > File Manager > Configuration File > Copy ................................................. 709

Figure 530 Maintenance > File Manager > Configuration File > Rename ........................................... 709

Figure 531 Maintenance > File Manager > Firmware Package ...........................................................711

Figure 532 Firmware Upload In Process ...............................................................................................711

Figure 533 Network Temporarily Disconnected ....................................................................................712

Figure 534 Firmware Upload Error ....................................................................................................... 712

Figure 535 Maintenance > File Manager > Shell Script ...................................................................... 712

Figure 536 Maintenance > File Manager > Shell Script > Copy ........................................................... 713

Figure 537 Maintenance > File Manager > Shell Script > Rename ......................................................713

Figure 538 Maintenance > Log > View Log .......................................................................................... 716

Figure 539 Maintenance > Log > Log Setting ......................................................................................718

Figure 540 Maintenance > Log > Log Setting > Edit (System Log) .... .... ... ... ... ... .... .............................. 720

Figure 541 Maintenance > Log > Log Setting > Edit (Remote Server) ...................................... ... ... .... . 723

Figure 542 Active Log Summary ..........................................................................................................725

Figure 543 Maintenance > Report > Traffic Statistics ... ................................................... .....................728

Figure 544 Maintenance > Report > Session ........... .... ... ... ... .... ........................................................... 731

Figure 545 Maintenance > Report > Anti-Virus: Virus Name .............................................................. 732

Figure 546 Maintenance > Report > Anti-Virus: Source ...................................................................... 733

Figure 547 Maintenance > Report > Anti-Virus: Destination ............................................................... 733

Figure 548 Maintenance > Report > IDP: Signature Name ................................................................. 734

Figure 549 Maintenance > Report > IDP: Source ............................................................................... 735

Figure 550 Maintenance > Report > IDP: Destination ......................................................................... 735

Figure 551 Maintenance > Report > Anti-Spam: Sender IP ................................................................736

Figure 552 Maintenance > Report > Email Daily Report .....................................................................738

Figure 553 Maintenance > Diagnostics .............................................................................................. 741

Figure 554 Maintenance > Reboot ....................................................................................................... 743

ZyWALL USG 100/200 Series User’s Guide

41

List of Figures

Figure 555 WLAN Card Installation ......................................................................................................754

Figure 556 Windows XP: Opening the Services Window ...................... .............................................. 819

Figure 557 Windows XP: Starting the Messenger Service .................................................................. 820

Figure 558 Windows 2000: Opening the Services Window ................................................................. 820

Figure 559 Windows 2000: Starting the Messenger Service ............................................................... 821

Figure 560 Windows 98 SE: WinPopup ............................................................................................. 821

Figure 561 WIndows 98 SE: Program Task Bar ................................................................................. 821

Figure 562 Windows 98 SE: Task Bar Properties .............................................. ... ... ... .....................822

Figure 563 Windows 98 SE: StartUp ..................................................................................................822

Figure 564 Windows 98 SE: Startup: Create Shortcut ......................................................................823

Figure 565 Windows 98 SE: Startup: Select a Title for the Program ................................................ . 823

Figure 566 Windows 98 SE: Startup: Shortcut ...................................................................................824

Figure 567 Security Certificate .............................................................................................................825

Figure 568 Login Screen ......................................................................................................................826

Figure 569 Certificate General Information before Import .................................................................... 826

Figure 570 Certificate Import Wizard 1 .................................................................................................827

Figure 571 Certificate Import Wizard 2 .................................................................................................827

Figure 572 Certificate Import Wizard 3 .................................................................................................828

Figure 573 Root Certificate Store ......................................................................................................... 828

Figure 574 Certificate General Information after Import ....................................................................... 829

Figure 575 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 831

Figure 576 Basic Service Set ...............................................................................................................832

Figure 577 Infrastructure WLAN ............................... ................................................. ........................... 833

Figure 578 RTS/CTS ........................................................................................................................... 834

Figure 579 WPA(2) with RADIUS Application Example ....................................................................... 841

Figure 580 WPA(2)-PSK Authentication ...............................................................................................842

42

ZyWALL USG 100/200 Series User’s Guide

List of Tables

List of Tables

Table 1 Front Panel LEDs ...................................................................................................................... 54

Table 2 Managing the ZyWALL: Console Port ....................................................................................... 55

Table 3 Starting and Stopping the ZyWALL ........................................................................................... 55

Table 4 Packet Flow Key ....................................................................................................................... 59

Table 5 Title Bar: Web Configurator Icons .............................................................................................68

Table 6 Navigation Panel Summary ......................................................................................................68

Table 7 Internet Access: Step 1 .............................................................................................................77

Table 8 Ethernet Encapsulation: Static ..................................................................................................79

Table 9 PPPoE Encapsulation: Auto ..................................................................................................... 81

Table 10 PPPoE Encapsulation: Static .................................................................................................. 83

Table 11 PPTP Encapsulation: Auto ......................................................................................................86

Table 12 PPTP Encapsulation: Static .................................................................................................... 88

Table 13 Registration ............................................................................................................................. 91

Table 14 VPN Wizard: Step 1: Wizard Type ..........................................................................................95

Table 15 VPN Express Wizard: Step 2 .................................................................................................. 96

Table 16 VPN Express Wizard: Step 3 .................................................................................................. 97

Table 17 VPN Express Wizard: Step 4 .................................................................................................. 98

Table 18 VPN Advanced Wizard: Step 2 ..... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ........................................ 100

Table 19 VPN Advanced Wizard: Step 3 ..... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ........................................ 102

Table 20 VPN Advanced Wizard: Step 4 ..... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ........................................ 104

Table 21 VPN Advanced Wizard: Step 5 ..... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ........................................ 105

Table 22 Zones, Interfaces, and Physical Ethernet Ports .....................................................................110

Table 23 ZyWALL USG 200 Default Port, Interface, and Zone Configuration ......................................111

Table 24 ZyWALL USG 100 Default Port, Interface, and Zone Configuration ......................................112

Table 25 ZyWALL Terminology That is Different Than ZyNOS .............................................................112

Table 26 ZyWALL Terminology That Might Be Different Than Other Products .....................................112

Table 27 NAT: Differences Between the ZyWALL and ZyNOS ................................. ... ... .... ... ... ... ... .... .. 113

Table 28 Bandwidth Management: Differences Between the ZyWALL and ZyNOS .............................113

Table 29 Objects Overview .................................................................................................................. 121

Table 30 User Types .......... ... ... ... .... ... ... ... .... ... .......................................................... ... ... .....................121

Table 31 User-aware Access Control Example ...................................................................................148

Table 32 Status .................................................................................................................................... 172

Table 33 Status > CPU Usage ..................................................... ... ... .... .............................................. 176

Table 34 Status > Memory Usage ........................................................................................................177

Table 35 Status > Session Usage ........................................................................................................ 178

Table 36 Status > VPN Status .............................................................................................................. 179

Table 37 Status > DHCP Table ............................................................................................................180

Table 38 Status > Port Statistics ..........................................................................................................181

ZyWALL USG 100/200 Series User’s Guide

43

List of Tables

Table 39 Status > Port Statistics > Switch to Graphic View ................................................................. 182

Table 40 Status > Current Users ..................................................... ... .... ... ... ... ... .... ... ... ... .... ... ..............183

Table 41 Status > Cellular Detail ..........................................................................................................183

Table 42 Licensing > Registration ........................................................................................................ 187

Table 43 Licensing > Registration > Service .......................................................................................189

Table 44 Licensing > Update > IDP/AppPatrol ....................................................................................193

Table 45 Licensing > Update > System Protect ................................................................................... 195

Table 46 Ethernet, VLAN, Bridge, PPP, and Virtual Interfaces Characteristics ................................... 201

Table 47 Relationships Between Different Types of Interfaces ............................................................201

Table 48 Network > Interface > Status .................................................................................................203

Table 49 Network > Interface > Port Role ............................................................................................ 206

Table 50 Network > Interface > Ethernet ........... ... ... .... ... ... ... .... ... ... ... .... ... ........................................... 207

Table 51 Network > Interface > Ethernet > Edit .... ... .... ... ... ... .... ... ... ..................................................... 210

Table 52 Interface Wizard: OPT Interface First Screen ............................................... ... .....................215

Table 53 Interface Wizard: WAN Type .................................................................................................215

Table 54 Interface Wizard: Non-WAN OPT Interface Setup .............. .... ... ... ... ..................................... 216

Table 55 Interface Wizard: WAN Interface Zone and IP Address Setup ............................................. 217

Table 56 Interface Wizard: WAN ISP Connection Settings .................... .............................................. 218

Table 57 Interface Wizard: Summary (Non-WAN) ...............................................................................219

Table 58 Interface Wizard: Summary WAN ......................................................................................... 220

Table 59 Network > Interface > PPP ................................................................................................... 221

Table 60 Network > Interface > PPP > Edit > Configuration ................................................................223

Table 61 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies ......................................................... 226

Table 62 Network > Interface > Cellular ..............................................................................................227

Table 63 Interface > Cellular > Add .....................................................................................................229

Table 64 Interface > Cellular > Status ..................................................................................................232

Table 65 Network > Interface > WLAN ................................................................................................ 234

Table 66 Wireless Security Levels .......................................................................................................235

Table 67 Network > Interface > WLAN > Add (No Security) ................................................................ 238

Table 68 Network > Interface > WLAN > Add (WEP Security) ............................................................ 242

Table 69 Network > Interface > WLAN > Add (WPA-PSK/WPA2-PSK Security) ................................. 243

Table 70 Network > Interface > WLAN > Add (WPA/WPA2 Security) ................................................. 244

Table 71 Network > Interface > WLAN > MAC Filter ........................................................................... 245

Table 72 Network > Interface > WLAN > MAC Filter ........................................................................... 246

Table 73 Network > Interface > WLAN > Station Monitor .................................................................... 246

Table 74 Network > Interface > VLAN .................................................................................................249

Table 75 Network > Interface > VLAN > Edit ....................................................................................... 251

Table 76 Example: Bridge Table After Computer A Sends a Packet to Computer B ........................... 255

Table 77 Example: Bridge Table After Computer B Responds to Computer A ...... ... ... ... .... ... ... ... ........255

Table 78 Example: Routing Table Before and After Bridge Interface br0 Is Created ...........................256

Table 79 Network > Interface > Bridge ................................................................................................ 256

Table 80 Network > Interface > Bridge > Add ...................................................................................... 259

Table 81 Network > Interface > Auxiliary ............................................................................................. 262

44

ZyWALL USG 100/200 Series User’s Guide

List of Tables

Table 82 Network > Interface > Bridge > Add ...................................................................................... 264

Table 83 Example: Routing Table Entries for Interfaces ......................................................................265

Table 84 Example: Routing Table Entry for a Gateway ..... ... .... ... ... ... .... .............................................. 266

Table 85 Example: Assigning IP Addresses from a Pool .....................................................................267

Table 86 Least Load First Example ..................................................................................................... 271

Table 87 Network > Interface > Trunk ............................................. ... .... ... ... ... ... .... ... ... ... .... ... ... ........... 273

Table 88 Network > Interface > Trunk > Edit .......................................................................................274

Table 89 Network > Routing > Policy Route ........................................................................................ 280

Table 90 Network > Routing > Policy Route > Edit ..............................................................................281

Table 91 Network > Routing > Static Route ......................................................................................... 284

Table 92 Network > Routing > Static Route > Edit ............................................................................... 284

Table 93 RIP vs. OSPF ........................................................................................................................ 287

Table 94 Network > Routing Protocol > RIP ........................................................................................ 288

Table 95 OSPF: Redistribution from Other Sources to Each Type of Area .........................................291

Table 96 Network > Routing Protocol > OSPF ....................................................................................293

Table 97 Network > Routing > OSPF > Edit ........................................................................................294

Table 98 Network > Zone ..................................................................................................................... 301

Table 99 Network > Zone > Edit .......................................................................................................... 301

Table 100 Network > DDNS ................................................................................................................. 303

Table 101 Network > DDNS ................................................................................................................. 304

Table 102 Network > DDNS > Add ......................................................................................................306

Table 103 Network > DDNS > Status .................................................................................................. 308

Table 104 Network > Virtual Server ..................................................................................................... 310

Table 105 Network > Virtual Server > Edit ............................................................................................311

Table 106 Network > HTTP Redirect ................................................................................................... 323

Table 107 Network > HTTP Redirect > Edit ......................................................................................... 324

Table 108 Network > ALG .................................................................................................................... 329

Table 109 Default Firewall Behavior .................................................................................................... 336

Table 110 Blocking All LAN1 to WAN IRC Traffic Example ................................................................. 338

Table 111 Limited LAN to WAN IRC Traffic Example 1 ........................................................................ 339

Table 112 Limited LAN to WAN IRC Traffic Example 2 ....................................................................... 340

Table 113 Firewall ................................................................................................................................344

Table 114 Firewall > Edit ......................................................................................................................346

Table 115 VPN > IPSec VPN > VPN Connection ................................................................................354

Table 116 VPN > IPSec VPN > VPN Connection > Edit ......................................................................357

Table 117 VPN > IPSec VPN > VPN Connection > Manual Key > Edit ............................................... 361

Table 118 VPN > IPSec VPN > VPN Gateway ....................................................................................363

Table 119 VPN > IPSec VPN > VPN Gateway > Edit .......................................................................... 365

Table 120 VPN > IPSec VPN > Concentrator ......................................................................................370

Table 121 VPN > IPSec VPN > Concentrator > Edit ........................................................................... 370

Table 122 VPN > IPSec VPN > SA Monitor ......................................................................................... 372

Table 123 VPN Example: Matching ID Type and Content ................................................................... 376

Table 124 VPN Example: Mismatching ID Type and Content .............................................................376

ZyWALL USG 100/200 Series User’s Guide

45

List of Tables

Table 125 Objects ................................................................................................................................ 386

Table 126 VPN > SSL VPN > Access Privilege ...................................................................................387

Table 127 VPN > SSL VPN > Access Privilege > Add/Edit ................................................................. 388

Table 128 VPN > SSL VPN > Connection Monitor .............................................................................. 390

Table 129 VPN > SSL VPN > Global Setting .......................................................................................391

Table 130 Remote User Screen Overview .......................................................................................... 399

Table 131 VPN > IPSec VPN > VPN Connection .................................................................................411

Table 132 VPN > L2TP VPN > Session Monitor .................................................................................. 412

Table 133 Configured Rate Effect ........................................................................................................ 447

Table 134 Priority Effect ....................................................................................................................... 447

Table 135 Maximize Bandwidth Usage Effect ...................................................................................... 447

Table 136 Priority and Over Allotment of Bandwidth Effect ................................................................. 448

Table 137 AppPatrol > General ...........................................................................................................452

Table 138 AppPatrol > Common .......................................................................................................... 453

Table 139 Application Edit ................................................................................................................... 454

Table 140 Application Policy Edit ......................................................................................................... 456

Table 141 AppPatrol > Other ...............................................................................................................459

Table 142 AppPatrol > Other > Edit .....................................................................................................461

Table 143 AppPatrol > Statistics: General Setup .................................................................................463

Table 144 AppPatrol > Statistics: Protocol Statistics ............................................................................464

Table 145 Anti-X > Anti-Virus > General .............................................................................................. 472

Table 146 Anti-X > Anti-Virus > General > Add ................................................................................... 474

Table 147 Anti-X > Anti-Virus > Black/White List > Black List ............................................................. 476

Table 148 Anti-X > Anti-Virus > Black/White List > Black List (or White List) > Add ............................ 477

Table 149 Anti-X > Anti-Virus > Black/White List > White List ............................................................. 478

Table 150 Anti-X > Anti-Virus > Signature ........................................................................................... 479

Table 151 Common Computer Virus Types .........................................................................................480

Table 152 Anti-X > IDP > General ....................................................................................................... 485

Table 153 Anti-X > IDP > General > Add ............................................................................................. 487

Table 154 Base Profiles ....................................................................................................................... 488

Table 155 Anti-X > IDP > Profile .......................................................................................................... 489

Table 156 Anti-X > IDP > Profile > Group View ................................................................................... 492

Table 157 Policy Types ........................................................................................................................ 493

Table 158 IDP Service Groups ............................................................................................................ 494

Table 159 Anti-X > IDP > Profile: Query View .....................................................................................496

Table 160 IP v4 Packet Headers ......................................................................................................... 499

Table 161 Anti-X > IDP > Custom Signatures .....................................................................................501

Table 162 Anti-X > IDP > Custom Signatures > Add/Edit .................................................................... 503

Table 163 ZyWALL - Snort Equivalent Terms ......................................................................................510

Table 164 Anti-X > ADP > General ......................................................................................................515

Table 165 Anti-X > ADP > General > Add ........................................................................................... 516

Table 166 Base Profiles ....................................................................................................................... 517

Table 167 Anti-X > ADP > Profile ........................................................................................................517

46

ZyWALL USG 100/200 Series User’s Guide

List of Tables

Table 168 ADP > Profile > Traffic Anomaly .........................................................................................520

Table 169 ADP > Profile > Protocol Anomaly ...................................................................................... 523

Table 170 HTTP Inspection and TCP/UDP/ICMP Decoders ...............................................................527

Table 171 Anti-X > Content Filter > General ........................................................................................ 533

Table 172 Anti-X > Content Filter > General > Add .............................................................................535

Table 173 Anti-X > Content Filter > Filter Profile ................................................................................. 536

Table 174 Anti-X > Content Filter > Filter Profile > Add ....................................................................... 537

Table 175 Anti-X > Content Filter > Filter Profile > Customization ..................................... .................544

Table 176 Anti-X > Content Filter > Cache .......................................................................................... 547

Table 177 Anti-X > Anti-Spam > General .............................................................................................562

Table 178 Anti-X > Anti-Virus > General > Add ................................................................................... 564

Table 179 Anti-X > Anti-Spam > Black/White List > Black List ............................................................ 565

Table 180 Anti-X > Anti-Spam > Black/White List > Black List (or White List) > Add ......................... 566

Table 181 Anti-X > Anti-Spam > Black/White List > White List ............................................................ 567

Table 182 Anti-X > Anti-Spam > DNSBL .............................................................................................569

Table 183 Anti-X > Anti-Spam > DNSBL > Add ................................................................................... 571

Table 184 Anti-X > Anti-Spam > Status ...............................................................................................571

Table 185 Device HA > General ..........................................................................................................577

Table 186 Device HA > Active-Passive Mode .....................................................................................580

Table 187 Device HA > Active-Passive Mode > Edit ........................................................................... 582

Table 188 Device HA > Legacy Mode ................................................................................................. 584

Table 189 Device HA > Legacy Mode > Add .......................................................................................586

Table 190 Types of User Accounts ......................................................................................................593

Table 191 Object > User/Group ........................................................................................................... 596

Table 192 Reserved User Names ........................................................................................................ 596

Table 193 User/Group > User > Edit ...................................................................................................597

Table 194 Object > User/Group > Group .............................................................................................598

Table 195 User/Group > Group > Add .................................................................................................599

Table 196 Object > User/Group > Setting ............................................................................................ 600

Table 197 Object > User/Group > Setting > Add/Edit .......................................................................... 603

Table 198 Web Configurator for Non-Admin Users .............................................................................604

Table 199 LDAP/RADIUS: Keywords for User Attributes ....................................................................604

Table 200 Object > Address > Address ............................................................................................... 608

Table 201 Object > Address > Address > Edit .....................................................................................609

Table 202 Object > Address > Address Group ....................................................................................610

Table 203 Object > Address > Address Group > Add ..........................................................................610

Table 204 Object > Service > Service .................................................................................................615

Table 205 Object > Service > Service > Edit .......................................................................................615

Table 206 Object > Service > Service Group ...................................................................................... 616

Table 207 Object > Service > Service Group > Edit ............................................................................617

Table 208 Object > Schedule .............................................................................................................. 620

Table 209 Object > Schedule > Edit (One Time) .................................................................................621

Table 210 Object > Schedule > Edit (Recurring) .................................................................................622

ZyWALL USG 100/200 Series User’s Guide

47

List of Tables

Table 211 Object > AAA Server > Active Directory (or LDAP) > Default ............................................. 628

Table 212 Object > AAA Server > Active Directory (or LDAP) > Group .............................................. 629

Table 213 Object > AAA Server > Active Directory (or LDAP) > Group > Add .................................... 630

Table 214 Object > AAA Server > RADIUS > Default .......................................................................... 631

Table 215 Object > AAA Server > RADIUS > Group ...........................................................................632

Table 216 Object > AAA Server > RADIUS > Group > Add ................................................................ 633

Table 217 Object > Auth. Method ........................................................................................................636

Table 218 Object > Auth. Method > Add .............................................................................................. 638

Table 219 Object > Certificate > My Certificates .................................................................................642

Table 220 Object > Certificate > My Certificates > Add .......................................................................644

Table 221 Object > Certificate > My Certificates > Edit .......................................................................647

Table 222 Object > Certificate > My Certificates > Import ................................................................... 650

Table 223 Object > Certificate > Trusted Certificates .......................................................................... 650

Table 224 Object > Certificate > Trusted Certificates > Edit ................................................................ 652

Table 225 Object > Certificate > Trusted Certificates > Import ............................................................ 655

Table 226 Object > SSL Application ....................................................................................................658

Table 227 Object > SSL Application > Add/Edit: Web Application .............................. ... .... ... ... ... ... .....659

Table 228 Object > SSL Application > Add/Edit: Web Application .............................. ... .... ... ... ... ... .....660

Table 229 System > Host Name .......................................................................................................... 666

Table 230 System > Date and Time .................................................................................................... 667

Table 231 Default Time Servers .......................................................................................................... 669

Table 232 System > Console Speed ................................................................................................... 670

Table 233 System > DNS ....................................................................................................................671

Table 234 System > DNS > Address/PTR Record Edit ....................................................................... 674

Table 235 System > DNS > Domain Zone Forwarder Add .................................................................. 675

Table 236 System > DNS > MX Record Add .......................................................................................675

Table 237 System > DNS > Service Control Rule Add ........................................................................676

Table 238 System > WWW .................................................................................................................. 679

Table 239 Edit Service Control Rule .................................................................................................... 682

Table 240 System > SSH ..................................................................................................................... 691

Table 241 System > Telnet ..................................................................................................................694

Table 242 System > FTP .....................................................................................................................695

Table 243 SNMP Traps ........................................................................................................................ 697

Table 244 System > SNMP .................................................................................................................. 698

Table 245 System > Dial-in Mgmt ........................................................................................................ 700

Table 246 System > Vantage CNM ...................................................................................................... 701

Table 247 System > Language ............................................................................................................ 702

Table 248 Configuration Files and Shell Scripts in the ZyWALL .......................................................... 706

Table 249 Maintenance > File Manager > Configuration File ..............................................................709

Table 250 Maintenance > File Manager > Firmware Package .............................................................711

Table 251 Maintenance > File Manager > Shell Script ........................................................................ 713

Table 252 Specifications: Logs ............................................................................................................ 715

Table 253 Maintenance > Log > View Log ..........................................................................................716

48

ZyWALL USG 100/200 Series User’s Guide

List of Tables

Table 254 Maintenance > Log > Log Setting ....................................................................................... 718

Table 255 Maintenance > Log > Log Setting > Edit (System Log) ......................................................721

Table 256 Maintenance > Log > Log Setting > Edit (Remote Server) ................................................. 724

Table 257 Maintenance > Log > Log Setting > Active Log Summary ..................................................725

Table 258 Maintenance > Report > Traffic Statistics ...........................................................................728

Table 259 Maximum Values for Reports .............................................................................................. 730

Table 260 Maintenance > Report > Session ........................................................................................ 731

Table 261 Maintenance > Report > Anti-Virus .....................................................................................732

Table 262 Maintenance > Report > IDP ..............................................................................................734

Table 263 Maintenance > Report > Anti-Spam ....................................................................................736

Table 264 Maintenance > Report > Email Daily Report .......................................................................738

Table 265 Maintenance > Diagnostics ................................................................................................. 741

Table 266 Default Login Information ....................................................................................................749

Table 267 Hardware Specifications ..................................................................................................... 749

Table 268 Feature Specifications .........................................................................................................750

Table 269 Standards Referenced by Features ....................................................................................753

Table 270 North American Plug Standards ..........................................................................................754

Table 271 European Plug Standards ...................................................................................................755

Table 272 United Kingdom Plug Standards .........................................................................................755

Table 273 Australia And New Zealand Plug Standards .......................................................................755

Table 274 Japan Plug Standards ......................................................................................................... 755

Table 275 China Plug Standards ......................................................................................................... 755

Table 276 Content Filter Logs .............................................................................................................. 759

Table 277 Forward Web Site Logs ......................................................................................................759

Table 278 Blocked Web Site Logs .......................................................................................................759

Table 279 Anti-Spam Logs ...................................................................................................................760

Table 280 SSL VPN Logs ....................................................................................................................762

Table 281 L2TP Over IPSec Logs ....................................................................................................... 765

Table 282 ZySH Logs .......................................................................................................................... 766

Table 283 ADP Logs ............................................................................................................................ 768

Table 284 Anti-Virus Logs .................................................................................................................... 768

Table 285 User Logs ............................................................................................................................ 771

Table 286 myZyXEL.com Logs ............................................................................................................772

Table 287 IDP Logs ............................................................................................................................. 777

Table 288 Application Patrol ................................................................................................................ 781

Table 289 IKE Logs ............................................................................................................................. 782

Table 290 IPSec Logs .......................................................................................................................... 786

Table 291 Firewall Logs ....................................................................................................................... 786

Table 292 Sessions Limit Logs ............................................................................................................787

Table 293 Policy Route Logs ............................................................................................................... 787

Table 294 Built-in Services Logs .........................................................................................................788

Table 295 System Logs ....................................................................................................................... 791

Table 296 Connectivity Check Logs ....................................................................................................796

ZyWALL USG 100/200 Series User’s Guide

49

List of Tables

Table 297 Device HA Logs .................................................................................................................. 797

Table 298 Routing Protocol Logs ......................................................................................................... 799

Table 299 NAT Logs ............................................................................................................................802

Table 300 PKI Logs ............................................................................................................................. 803

Table 301 Interface Logs ..................................................................................................................... 805

Table 302 WLAN Logs ......................................................................................................................... 809

Table 303 Account Logs .......................................................................................................................811

Table 304 Port Grouping Logs ..............................................................................................................811

Table 305 Force Authentication Logs ...................................................................................................811

Table 306 File Manager Logs .............................................................................................................. 812

Table 307 E-mail Daily Report Logs .................................................................................................... 812

Table 308 Commonly Used Services ..................................................................... ... ... ... .... ... ... ... ........ 815

Table 309 IEEE 802.11g ...................................................................................................................... 835

Table 310 Wireless Security Levels ..................................................................................................... 836

Table 311 Comparison of EAP Authentication Types .......................................................................... 839

Table 312 Wireless Security Relational Matrix ....................................................................................842

50

ZyWALL USG 100/200 Series User’s Guide

PART I

Getting Started

Introducing the ZyWALL (53)
Features and Applications (57)
Web Configurator (65)
Configuration Basics (109)
Tutorials (125)
Status (171)
Registration (185)
Signature Update (191)

51

52

CHAPTER 1

Introducing the ZyWALL

This chapter gives an overview of the ZyWALL. It explains the front panel ports, LEDs,
introduces the management methods, and lists different ways to start or stop the ZyWALL.

1.1 Overview and Key Default Settings

The ZyWALL is a comprehensive security device designed for Small and Medium Businesses
(SMB) and branch offices. The ZyWALL’s security features include VPN, firewall, anti-virus,
content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and
Protection), and certificates. It also provides bandwidth management, Instant Messaging (IM)
and Peer to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many
other powerful features. Flexible configuration helps you set up the network and enforce
security policies efficiently. See Chapter 2 on page 57 for a more detailed overview of the
ZyWALL’s features.

The ZyWALL provides excellent throughput with the reliability of dual WAN Gigabit
Ethernet ports and load balancing. You can also use a 3G cellular card (not included) for a
third WAN connection.

The ZyWALL lets you set up multiple networks for your company. The De-Militarized Zone
(DMZ) increases LAN security by providing separate ports for connecting publicly accessible
servers. The ZyWALL also provides two separate LAN networks. You can set ports to be part
of the LAN1, WLAN, or DMZ. Alternatively, you can deploy the ZyWALL as a transparent
firewall in an existing network with minimal configuration.

You can insert a wireless LAN card into the PCMCIA/CardBus slot to add an IEEE 802.11b/
g-compliant wireless LAN.

Configure the ZyWALL USG 200’s OPT Gigabit Ethernet port as a third WAN port, an
additional LAN1, WLAN, or DMZ port or a separate network.

1.2 Front Panel LEDs

Figure 1 ZyWALL USG 200 Front Panel

ZyWALL USG 100/200 Series User’s Guide

53

Chapter 1 Introducing the ZyWALL

Figure 2 ZyWALL USG 100 Front Panel

The following table describes the LEDs.

Table 1 F ron t Pan e l LEDs

LED COLOR STATUS DESCRIPTION

PWR Off The ZyWALL is turned off.

Green On The ZyWALL is turned on.
Red On There is a hardware component failure. Shut down the

SYS Green Off The ZyWALL is not ready or has failed.

AUX Green Off The AUX port is not connected.

P1~P7 Green Off There is no traffic on this port.

Orange Off There is no connection on this port.

Card Green Off There is no card in the slot.

device, wait for a few minutes and then restart the device
(see Section 1.4 on page 55). If the LED turns red again,
then please contact your vendor.

On The ZyWALL is ready and running.
Flashing The ZyWALL is restarting.

Flashing The AUX port is sending or receiving packets.
On The AUX port is connected.

Flashing The ZyWALL is sending or receiving packets on this port.

On This port has a successful link.

On There is a card in the slot.
Flashing The card in the slot is sending or receiving traffic.

1.3 Management Overview

You can use the following ways to manage the ZyWALL.

Web Configurator

The web configurator allows easy ZyWALL setup and management using an Internet browser.
This User’s Guide provides information about the web configurator.

54

ZyWALL USG 100/200 Series User’s Guide

Chapter 1 Introducing the ZyWALL

Figure 3 Managing the ZyWALL: Web Configurator

Command-Line Interface (CLI)

The CLI allows you to use text-based commands to configure the ZyWALL. Y ou can access it
using remote management (for example, SSH or Telnet) or via the console port. See the
Command Reference Guide for more information about the CLI.

Console Port

You can use the console port to manage the ZyWALL. Y ou have to use CLI commands, which
are explained in the Command Reference Guide.

The default settings for the console port are as follows.

Table 2 Managing the ZyWALL: Console Port

SETTING VALUE

Speed 115200 bps
Data Bits 8
Parity None
Stop Bit 1
Flow Control Off

1.4 Starting and Stopping the ZyWALL

Here are some of the ways to start and stop the ZyWALL.

Table 3 Starting and Stopping the ZyWALL

METHOD DESCRIPTION

Connecting the power A cold start occurs when you turn on the power to the ZyWALL. The ZyWALL

powers up, checks the hardware, and starts the system processes.

Rebooting the
ZyWALL

Using the RESET
button

A warm start (without powering down and powering up again) occurs when
you use the Reboot button in the Reboot scre en or when you use the

reboot command. The ZyWALL writes all cached data to the local storage,

stops the system processes, and then does a warm start.
If you press the RESET button, the ZyWALL sets the configuration to its

default values and then reboots.

ZyWALL USG 100/200 Series User’s Guide

55

Chapter 1 Introducing the ZyWALL

Table 3 Starting and Stopping the ZyWALL

METHOD DESCRIPTION

Using the shutdown
command

Disconnecting the
power

The shutdown command writes all cached data to the local storage and
stops the system processes. It does not turn off the power.You have to turn
the power off and on manually to start the ZyWALL again. Y ou should use this
command before you turn off the ZyWALL.

Power off occurs when you turn off the power to the ZyWALL. The ZyWALL
simply turns off. It does not stop the system processes or write cached data to
local storage.

" It is recommended you use the shutdown command before turning off the

ZyWALL.

When you apply configuration files or running shell scripts, the ZyWALL does not stop or
start the system processes. However, you might lose access to network resources temporarily
while the ZyWALL is applying configuration files or running shell scripts.

56

ZyWALL USG 100/200 Series User’s Guide

CHAPTER 2

Features and Applications

This chapter introduces the main features and applications of the ZyWALL.

2.1 Features

The ZyWALL’s security features include VPN, firewall, anti-virus, content filtering, IDP
(Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and
certificates. It also provides bandwidth management, NAT, port forwarding , policy routing,
DHCP server and many other powerful features.

The rest of this section provides more information about the features of the ZyWALL.

High Availability

To ensure the ZyWA LL provides reliable, secure Internet access, set up one or more of the
following:

• Multiple WAN ports and configure load balancing between these ports.

• One or more 3G (cellular) connections.

• An auxiliary Internet connection.

• A backup ZyWALL in the event the master ZyWALL fails (device HA).

Virtual Private Networks (VPN)

Use IPSec, SSL, or L2TP VPN to provide secure communication between two sites over the
Internet or any insecure network that uses TCP/IP for communication. The ZyWALL also
offers hub-and-spoke IPSec VPN.

Security Zones

Many security settings are made by zone, instead of by interface or port. This makes it simpler
to set up and to change security settings in the ZyWALL. You can add interfaces and VPN
tunnels to zones.

Firewall

The ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restricts access by
screening data packets against defined access rules. It can also inspect sessions. For example,
traffic from one zone is not allowed unless it is initiated by a computer in another zone first.

ZyWALL USG 100/200 Series User’s Guide

57

Chapter 2 Features and Applications

Intrusion Detection and Prevention (IDP)

IDP (Intrusion Detection and Protection) can detect malicious or suspicious packets and
respond instantaneously . It detects pattern-based attacks in order to protect against network­based intrusions. See Section 29.6.2 on page 493 for a list of attacks that the ZyWALL can
protect against. You can also create your own custom IDP rules.

Anomaly Detection and Prevention (ADP)

ADP (Anomaly Detection and Prevention) can detect malicious or suspicious packets and
respond instantaneously . It can detect:

• Anomalies based on violations of protocol standards (RFCs – Requests for Comments)

• Abnormal flows such as port scans.

The ZyWALL’s ADP protects agains t network-based intrusions. See Sec tion 30.3.4 on page

518 and Section 30.3.5 on page 520 for more on the kinds of attacks that the ZyWALL can

protect against. You can also create your own custom ADP rules.

Bandwidth Management

Bandwidth management allows you to allocate network resources according to defined
policies. This policy-based bandwidth allocation helps your network to better handle
applications such as Internet access, e-mail, Voice-over-IP (VoIP), video c onferencing and
other business-critical applications.

Content Filter

Content filtering allows schools and businesses to create and enforce Internet access policies
tailored to the needs of the organization.

You can also subscribe to category-based content filtering that allows your ZyWALL to check
web sites against an external database of dynamically-updated ratings of millions of web sites.
You then simply select categories to block or monitor, such as pornography or racial
intolerance, from a pre-defined list.

Anti-Virus Scanner

With the anti-virus packet scanner , your ZyWALL scans files transmitting through the enabled
interfaces into the network. The ZyWALL helps stop threats at the network edge before they
reach the local host computers.

Anti-Spam

The anti-spam feature can mark or discard spam. Use the white list to identify legitimate e­mail. Use the black list to identify spam e-mail. The ZyWALL can also check e-mail against a
DNS black list (DNSBL) of IP addresses of servers that are suspected of being used by
spammers.

58

ZyWALL USG 100/200 Series User’s Guide

Application Patrol

Application patrol (App. Patrol) manages instant messenger (IM), peer-to-peer (P2P)
applications like MSN and BitTorrent. You can even control the use of a particular
application’s individual features (like text messaging, voice, video conferencing, and file
transfers). Application patrol has powerful bandwidth management including traffic
prioritization to enhance the performance of delay-sensitive applications like voice and video.
You can also use an option that gives SIP priority over all other traffic. This maximizes SIP
traffic throughput for improved VoIP call sound quality.

2.2 Packet Flow

The following is the key used to describe the packet flow in the ZyWALL.

Table 4 Packet Flow Key

Ethernet The interface on which the packet is received or sent
VLAN Virtual LAN
Encap The PPPoE or PPTP encapsulation used

Chapter 2 Features and Applications

ALG Application Layer Gateway
DNAT Destination NAT

Routing Routing includes policy routes, interface routing, static routes and load balancing

for example.

FW Firewall (Through ZyWALL)
zFW Firewall (To ZyWALL)
IDP Intrusion Detection & Protection
ADP Anomaly Detection and Protection
AP Application Patrol
AS Anti-spam
CF Content Filtering

SNAT Source NAT
IPSec D/E VPN Decryption/Encryption
BWM Bandwidth Management
RM Remote Management (System)
AV Anti-Virus

2.2.1 Interface to Interface (Through ZyWALL)

Ethernet -> VLAN -> Encap -> ALG -> DNAT-> Routing -> FW -> IDP -> AP-> CF -> AV

-> AS -> SNAT -> BWM -> Encap -> VLAN -> Ethernet

ZyWALL USG 100/200 Series User’s Guide

59

Chapter 2 Features and Applications

2.2.2 Interface to Interface (To/From ZyWALL)

To: Ethernet -> VLAN -> Encap -> ALG -> DNAT -> Routing -> zFW -> ADP -> RM
From: RM -> Routing -> BWM -> Encap -> VLAN -> Ethernet

2.2.3 Interface to Interface (From VPN Tunnel)

This example shows the flow from a VPN tunnel though the ZyWALL, not to the ZyWALL or
to another VPN tunnel (VPN concentrator).

Ethernet -> VLAN -> Encap -> ALG -> DNAT-> Routing -> zFW -> IPSec D -> ALG -> AC

-> DNAT-> Routing -> FW -> IDP -> AP -> CF -> AV -> AS -> SNAT -> BWM -> Encap ->
VLAN -> Ethernet

2.2.4 Interface to Interface (To VPN Tunnel)

This example shows the flow to a VPN tunnel from a source other than the ZyWALL or
another VPN tunnel (VPN concentrator).

Ethernet -> VLAN -> Encap -> ALG -> DNAT-> Routing -> FW -> IDP -> AP -> CF -> AV

-> AS -> SNAT -> IPSec E -> Routing -> BWM -> Encap -> VLAN -> Ethernet

2.3 Applications

These are some example applications for your ZyWALL. See also Chapter 6 on page 125 for
configuration tutorial examples.

2.3.1 VPN Connectivity

Set up VPN tunnels with other companies, branch offices, telecommuters, and business
travelers to provide secure access to your network. You can also set up additional connections
to the Internet to provide better service.

60

ZyWALL USG 100/200 Series User’s Guide

Figure 4 Applications: VPN Connectivity

Chapter 2 Features and Applications

2.3.2 SSL VPN Network Access

You can configure the ZyWALL to provide SSL VPN network access to remote users. There
are two SSL VPN network access modes: reverse proxy and full tunnel.

2.3.2.1 Reverse Proxy Mode

In reverse proxy mode, the ZyW ALL is a proxy that acts on behalf of the local network servers
(such as your web and mail servers). As the final destination, the ZyWALL appears to be the
server to remote users. This provides an added layer of protection for your internal servers.

With reverse proxy mode, remote users can easily access any web-based applications on the
local network by clicking on links or entering the provided URL. You do not have to install
additional client software on the remote user computers for access.

Figure 5 Network Access Mode: Reverse Proxy

2.3.2.2 Full Tunnel Mode

In full tunnel mode, a virtual connection is created for remote users with private IP addresses
in the same subnet as the local network. This allows them to access network resources in the
same way as if they were part of the internal network.

ZyWALL USG 100/200 Series User’s Guide

61

Chapter 2 Features and Applications

Figure 6 Network Access Mode: Full Tunnel Mode

2.3.3 User-Aware Access Control

Set up security policies that restrict access to sensitive information and shared resources based
on the user who is trying to access it.

Figure 7 Applications: User-Aware Access Control

2.3.4 Multiple WAN Interfaces

Set up multiple connections to the Internet on the same port, or set up multiple connections on
different ports. In either case, you can balance the loads between them.

62

ZyWALL USG 100/200 Series User’s Guide

Figure 8 Applications: Multiple WAN Interfaces

2.3.5 Device HA

Chapter 2 Features and Applications

Set up an additional ZyWALL as a backup gateway to ensure the default gateway is always
available for the network.

Figure 9 Applications: Device HA

ZyWALL USG 100/200 Series User’s Guide

63

Chapter 2 Features and Applications

64

ZyWALL USG 100/200 Series User’s Guide

CHAPTER 3

Web Configurator

The ZyWALL web configurator allows easy ZyWALL setup and management using an
Internet browser. Unless otherwise specified, the ZyWALL USG 200 screens are shown.

3.1 Web Configurator Requirements

In order to use the web configurator, you must

• Use Internet Explorer 6.0 or later, Netscape Navigator 7.2 or later, or Fi refo x 1 .0.7 or later

• Allow pop-up windows (blocked by default in Windows XP Service Pack 2)

• Enable JavaScripts (enabled by default)

• Enable Java permissions (enabled by default)

• Enable cookies

The recommended screen resolution is 1024 x 768 pixels.

3.2 Web Configurator Access

1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide.
2 Open your web browser, and go to http://192.168.1.1. By default, the ZyWALL

automatically routes this request to its HTTPS server, and it is recommended to keep this
setting. The Login screen appears.

ZyWALL USG 100/200 Series User’s Guide

65

Chapter 3 Web Configurator

Figure 10 Login Screen

3 Type the user name (default: “admin”) and password (default: “1234”).

If your account is configured to use an ASAS authentication server, use the OTP (One­Time Password) token to generate a number. Enter it in the One-Time Password field.
The number is only good for one login. You must use the token to generate a new
number the next time you log in.

4 Click Login. If you logged in using the default user name and password, the Update

Admin Info screen (Figure 11 on page 66) appears. Otherwise, the main screen (Figure

12 on page 67) appears.

Figure 11 Update Admin Info Screen

66

5 The screen above appears every time you log in using the default user name and default

password. If you change the password for the default user account, this screen does not
appear anymore.

ZyWALL USG 100/200 Series User’s Guide

Chapter 3 Web Configurator

Follow the directions in this screen. If you change the default password, the Login
screen (Figure 10 on page 66) appears after you click Apply. If you click Ignore, the
main screen appears.

Figure 12 Main Screen

A

C

B

D

3.3 Web Configurator Main Screen

As illustrated in Figure 12 on page 67, the main screen is divided into these parts:

• A - title bar

• B - navigation panel

• C - main window

• D - status bar

3.3.1 Title Bar

The title bar provides some icons in the upper right corner.

ZyWALL USG 100/200 Series User’s Guide

67

Chapter 3 Web Configurator

The icons provide the following functions.

Table 5 Title Bar: Web Configurator Icons

ICON DESCRIPTION

Help: Click this icon to open the help page for the current screen.

Wizards: Click this icon to open one of the web configurator wizards. See Chapter 4

on page 75 for more information.

Console: Click this icon to open the console in which you can use the command
line interface (CLI).

Site Map: Click this icon to display the site map for the web configurator. You can
use the site map to go directly to any menu item or any tab in the web configurator.

About: Click this icon to display basic information about the ZyWALL.

Logout: Click this icon to log out of the web configurator.

3.3.2 Navigation Panel

Use the menu items on the navigation panel to open screens to configure ZyWALL features.
The following tables describe each menu item.

Table 6 Navigation Panel Summary

LINK TAB FUNCTION

Status Use this screen to look at the ZyWALL’s general device information, system

Licensing

Registration Registration Use this screen to register the device and activate trial services.

Service Use this screen to look at the licensed service status and to upgrade licensed

Update Anti-Virus Use this screen to schedule anti-virus signature updates and to update

IDP/AppPatrol Use this screen to schedule IDP signature updates and to update signature

System Protect Use this screen to schedule system-protect signature updates and to update

Network

status, system resource usage, licensed service status, and interface status.

services.

signature information immediately.

information immediately.

signature information immediately.

68

ZyWALL USG 100/200 Series User’s Guide

Chapter 3 Web Configurator

Table 6 Navigation Panel Summary (continued)

LINK TAB FUNCTION

Interface Status Use this screen to see information about all of the ZyWALL’s interfaces and

their connection status.
Port Role Use this screen to set the ZyWALL’s flexible ports as LAN1, WLAN, or DMZ.
Ethernet Use this screen to manage Ethernet interfaces and virtual Ethernet

interfaces.
PPP Use this screen to create and manage PPPoE and PPTP interfaces.
Cellular Use this screen to configure settings for a cellular Internet connection through

an installed 3G card.
WLAN Use this screen to configure settings for an installed wireless LAN card.
VLAN Use this screen to create and manage VLAN interfaces and virtual VLAN

interfaces.
Bridge Use this screen to create and manage bridges and virtual bridge interfaces.
Auxiliary Use this screen to manage the AUX port.
Trunk Use this screen to create and manage trunks for load balancing and link HA.

Routing Policy Route Use this screen to create and manage routing policies.

Static Route Use this screen to create and manage IP static routing information.
RIP Use this screen to configure device-level RIP settings.
OSPF Use this screen to configure device-level OSPF settings, including areas and

Zone Use this screen to configure zones used to define various policies.
DDNS Profile Use this screen to define and manage the ZyWALL’s DDNS domain names.

Status Use this screen to view the status of the ZyWALL’s DDNS domain names.

Virtual
Server

HTTP
Redirect

ALG Use this screen to configure SIP, H.323, and FTP pass-through settings.
Firewall Use this screen to create and manage level-3 traffic rules.

VPN VPN Connection Use this screen to configure IPSec tunnels.

IPSec VPN VPN Connection Use this screen to configure IPSec tunnels.

VPN Gateway Use this screen to configure IKE tunnels.
Concentrator Use this screen to configure VPN concentrators (hub-and-spoke VPN).
SA Monitor Use this screen to monitor current IPSec VPN tunnels.

SSL VPN Access Privilege Use this screen to configure SSL VPN access rights for users and groups.

Connection
Monitor

Global Setting Use this screen to configure the ZyWALL’s SSL VPN settings that apply to all

L2TP VPN L2TP Over IPSec Use this screen to configure L2TP Over IPSec VPN settings.

Session Monitor Use this screen to monitor current L2TP Over IPSec VPN sessions.

virtual links.

Use this screen to set up and manage port forwarding rules.

Use this screen to set up and manage HTTP redirection rules.

Use this screen to monitor current SSL VPN connection.

connections.

ZyWALL USG 100/200 Series User’s Guide

69

Chapter 3 Web Configurator

Table 6 Navigation Panel Summary (continued)

LINK TAB FUNCTION

AppPatrol General Use this screen to enable or disable traffic management by application and

see registration and signature information.
Common Use this screen to manage traffic of the most commonly used web, file

transfer and e-mail protocols.
Instant

Messenger
Peer to Peer Use this screen to manage peer-to-peer traffic.
VoIP Use this screen to manage VoIP traffic.
Streaming Use this screen to manage streaming traffic.
Other Use this screen to manage other kinds of traffic.
Statistics Use this screen to view bandwidth usage and traffic statistics for the protocols

Anti-X

Anti-Virus General Use this screen to turn anti-virus on or off, set up anti-virus policies and check

Black/White List Use this screen to set up anti-virus black (blocked) and white (allowed) lists of

Signature Use these screens to search for signatures by signature name or attributes

IDP General Use this screen to look at and manage IDP bindings.

Profile Use this screen to create and manage IDP profiles.
Custom

Signatures

ADP General Use this screen to look at and manage ADP bindings.

Profile Use this screen to create and manage ADP profiles.

Content
Filter

Anti-Spam General Use these screens to turn anti-spam on or off and manage anti-spam policies.

Device HA General Use this to configure device HA global settings, and see the status of each

Object

General Use this screen to create and manage content filter policies.
Filter Profile Use this screen to create and manage the detailed filtering rules for content

Cache Use this screen to manage the URL cache in the ZyWALL.

Black/White List Use these screens to set up a black list to identify spam and a white list to

DNSBL Use these screens to have the ZyWALL check e-mail against DNS Black

Status Use this screen to see how many mail sessions the ZyWALL is currently

Active-Passive
Mode

Legacy Mode Use these screens to use legacy mode device HA with other ZyWALLs that

Use this screen to manage instant messenger traffic.

that the ZyWALL is managing.

the anti-virus engine type and the anti-virus license and signature status.

virus file patterns.

and configure how the ZyWALL uses them.

Use this screen to create, import, or export custom signatures.

filtering policies.

identify legitimate e-mail.

Lists.

checking and DNSBL statistics.

interface monitored by device HA.

Use these screens to configure (the new) active-passive mode device HA.

already have device HA setup using a firmware version earlier than 2.10.

70

ZyWALL USG 100/200 Series User’s Guide

Chapter 3 Web Configurator

Table 6 Navigation Panel Summary (continued)

LINK TAB FUNCTION

User/Group User Use this screen to create and manage users.

Group Use this screen to create and manage groups of users.
Setting Use this screen to manage default settings for all users, general settings for

user sessions, and rules to force user authentication.

Address Address Use this screen to create and manage host, range, and network (subnet)

addresses.
Address Group Use this screen to create and manage groups of addresses.

Service Service Use this screen to create and manage TCP and UDP services.

Service Group Use this screen to create and manage groups of services.

Schedule Use this screen to create one-time and recurring schedules.
AAA Server Active Directory-

Default
Active Directory-

Group
LDAP-Default Use this screen to configure the default LDAP settings.
LDAP-Group Use this screen to create and manage groups of LDAP servers.
RADIUS-Default Use this screen to configure the default RADIUS settings.
RADIUS-Group Use this screen to create and manage groups of RADIUS servers.

Auth.
Method

Certificate My Certificates Use this screen to create and manage the ZyWALL’s certificates.

Trusted
Certificates

ISP Account Use this screen to create and manage ISP account information for PPPoE/

SSL
Application

System

Host Name Use this screen to configure the system and domain name for the ZyWALL.
Date/Time Use this screen to configure the current date, time, and time zone in the

Console
Speed

DNS Use this screen to configure the DNS server and address records for the

WWW Use this screen to configure HTTP, HTTPS, and general authentication.
SSH Use this screen to configure the SSH server and SSH service settings for the

TELNET Use this screen to configure the telnet server settings for the ZyWALL.
FTP Use this screen to configure the FTP server settings for the ZyWALL.
SNMP Use this screen to configure SNMP communities and services.
Dial-in Mgmt. Use this screen to configure settings for an out of band management

Use this screen to configure the default Active Directory settings.

Use this screen to create and manage groups of Active Directory servers.

Use these screens to create and manage ways of authenticating users.

Use this screen to import and manage certificates from trusted sources.

PPTP interfaces.

Use these screens to create SSL web application or file sharing objects.

ZyWALL.

Use this screen to set the console speed.

ZyWALL.

ZyWALL.

connection through a modem connected to the DIAL BACKUPAUX port.

ZyWALL USG 100/200 Series User’s Guide

71

Chapter 3 Web Configurator

Table 6 Navigation Panel Summary (continued)

LINK TAB FUNCTION

Vantage
CNM

Language Use this screen to select the language of the ZyWALL’s web configurator

Maintenance

File Manager Configuration File Use this screen to manage and upload configuration files for the ZyWALL.

Firmware
Package

Shell Script Use this screen to manage and run shell script files for the ZyWALL.

Log View Log Use this screen to look at log en tries.

Log Setting Use this screen to configure the system log, e-mail logs, and remote syslog

Report Traffic Statistics Use this screen to collect traffic information and display basic reports about it.

Session Use this screen to display the status of all current sessions.
Anti-Virus Use this screen to collect and display statistics on the viruses that the

IDP Use this screen to collect and display statistics on the intrusions that the

Anti-Spam Use this screen to start or stop data collection and view spam statistics.
Email Daily

Report

Diagnostics Use this screen to have the ZyWALL collect diagnostic information.
Reboot Use this screen to restart the ZyWALL.

Use this screen to configure and allow your ZyWALL to be managed by the

Vantage CNM server.

screens.

Use this screen to look at the current firmware version and to upload

firmware.

servers.

ZyWALL has detected.

ZyWALL has detected.

Use this screen to configure where and how to send daily reports and what

reports to send.

3.3.3 Main Window

The main window shows the screen you select in the menu. It is discussed in the rest of this
document.

Right after you log in, the Status screen is displayed. See Chapter 7 on page 171 for more
information about the Status screen.

3.3.4 Message Bar

Check the message bar when you click Apply or OK to verify that the configuration has been
updated.

Figure 13 Message Bar

3.3.4.1 Warning Messages

Click the up arrow to view the ZyWALL’s current warning messages. These warning
messages display in a popup window, such as the following.

72

ZyWALL USG 100/200 Series User’s Guide

Figure 14 Warning Messages

Chapter 3 Web Configurator

Click Refresh Now to update the screen. Close the popup window when you are done with it.
Click Clear Warning Messages to remove the current warning messages from the window.

3.3.4.2 CLI Messages

Click CLI to look at the CLI commands sent by the web configurator. These commands
appear in a popup window, such as the following.

Figure 15 CLI Messages

Click Change Display Style to show or hide the index numbers for the commands (the
commands are more convenient to copy and paste without the index numbers).

ZyWALL USG 100/200 Series User’s Guide

73

Chapter 3 Web Configurator

Click Refresh Now to update the screen. For example, if you just enabled a particular feature,
you can look at the commands the web configurator generated to enable it. Close the popup
window when you are done with it.

See the Command Reference Guide for information about the commands.

74

ZyWALL USG 100/200 Series User’s Guide

CHAPTER 4

Wizard Setup

4.1 Wizard Setup Overview

The web configurator's setup wizards help you configure initial configuration (Internet) and
VPN connection settings. This chapter provides information on configuring the Wizard setup
screens in the web configurator. See the feature-specific chapters in this User’s Guide for
background information.

" Use the installation wizards only for initial configuration starting from the

default configuration.

Changes you make in an installation wizard may not be applied if you have already changed
the ZyWALL’s configuration. After your initial configuration, use the interface screens to
configure interface settings.

In the ZyWALL web configurator, click the Wizard icon

Welcome screen. The following summarizes the wizards you can select:

• INSTALLATION SETUP, ONE ISP

Click this link to open a wizard to set up a single Internet connection for Gigabit Ethernet
interface wan1. This wizard creates matching ISP account settings in the ZyWALL if you
use PPPoE or PPTP. See Section 4.2 on page 76.

• INSTALLATION SETUP, TWO ISP

Click this link to open a wizard to set up Internet connections for Gigabit Ethernet (ge)
interfaces wan1 and wan2. See Section 4.5 on page 92. You can connect one interface to
one ISP (or network) and connect the other to a second ISP (or network). You can use the
second WAN connection for load balancing to increase overall network throughput or as a
backup to enhance network reliability (see Section 11.1.2 on page 269 for more on load
balancing).

This wizard creates matching ISP account settings in the ZyWALL if you use PPPoE or
PPTP. This wizard also creates a WAN trunk.

• VPN SETUP
Use VPN SETUP to configure a VPN connection. See Section 4.6 on page 94.

to open the Wizard Setup

ZyWALL USG 100/200 Series User’s Guide

75

Chapter 4 Wizard Setup

Figure 16 Wizard Setup Welcome

4.2 Installation Setup, One ISP

The wizard screens vary depending on what encapsulation type you use. Refer to information
provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have
that information.

" Enter the Internet access information exactly as your ISP gave it to you.

Figure 17 Internet Access: Step 1

76

ZyWALL USG 100/200 Series User’s Guide

The following table describes the labels in this screen.

Table 7 Internet Access: Step 1

LABEL DESCRIPTION

ISP Parameters
Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet.

Otherwise, choose PPPoE or PPTP for a dial-up connection according to the
information from your ISP.

WAN IP Address
Assignments

WAN Interface This is the interface you are configuring for Internet access.
Zone This is the security zone to which this interface and Internet connection belong.
IP Address

Assignment
Next Click Next to continue.

Select Auto If your ISP did not assign you a fixed IP address.
Select Static If the ISP assigned a fixed IP address.

4.3 Step 1 Internet Access

Chapter 4 Wizard Setup

Encapsulation: Choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the
information from your ISP.

WAN Interface: This is the interface you are configuring for Internet access.
Zone: This is the security zone to which this interface and Internet connection belong.
IP Address Assignment: Select Auto If your ISP did not assign you a fixed IP address.

Select Static If the ISP assigned a fixed IP address.

4.3.1 Ethernet: Auto IP Address Assignment

If you select Auto as the IP Address Assignment in the previous screen, the following screen
displays. Click Next to apply the configuration settings.

ZyWALL USG 100/200 Series User’s Guide

77

Chapter 4 Wizard Setup

Figure 18 Ethernet Encapsulation: Auto: Finish

You have set up your ZyWALL to access the Internet.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

4.3.2 Ethernet: Static IP Address Assignment

If you select Static as the IP Address Assignment, the following screen displays.

78

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Figure 19 Ethernet Encapsulation: Static

The following table describes the labels in this screen.

Table 8 Ethernet Encapsulation: Static

LABEL DESCRIPTION

ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
WAN IP Address

Assignments
WAN Interface This displays the identity of the in terface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will

IP Address Enter the IP address that your ISP gave you. This should be a static, public IP

IP Subnet Mask Enter the subnet mask for the IP address.
Gateway IP

Address
First DNS Server

Second DNS
Server

Next Click Next to continue.

belong.

address.

Enter the IP address of the router through which this WAN connection will send
traffic (the default gateway).

DNS (Domain Name System) is for mapping a domain name to its corresponding
IP address and vice versa. The DNS server is extremely important because without
it, you must know the IP address of a computer before you can access it. The
ZyWALL uses a system DNS server (in the order you specify here) to resolve
domain names for VPN, DDNS and the time server.

Enter the DNS server IP addresses.

The ZyWALL applies the configuration settings.

4.3.3 Step 2 Internet Access Ethernet

You do not configure this screen if you selected Auto as the IP Address Assignment in the
previous screen.

ZyWALL USG 100/200 Series User’s Guide

79

Chapter 4 Wizard Setup

" Enter the Internet access information exactly as given to you by your ISP.

WAN Interface: This is the number of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
Gateway IP Address: Enter the IP address of the router through which this WAN connection

will send traffic (the default gateway).
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and

vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you
specify here) to resolve domain names for VPN, DDNS and the time server.

Figure 20 Ethernet Encapsulation: Static: Finish

You have set up your ZyWALL to access the Internet.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

80

ZyWALL USG 100/200 Series User’s Guide

4.3.4 PPPoE: Auto IP Address Assignment

If you select Auto as the IP Address Assignment in the previous screen, the following screen
displays after you click Next.

Figure 21 PPPoE Encapsulation: Auto

Chapter 4 Wizard Setup

The following table describes the labels in this screen.

Table 9 PPPoE Encapsulation: Auto

LABEL DESCRIPTION

ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
Service Name Type the PPPoE service name given to you by your ISP. PPPoE uses a service

name to identify and reach the PPPoE server. You can use alphanumeric and ­_

@$./ characters, and it can be up to 64 characters long.

User Name Type the user name given to you by your ISP. You can use alphanumeric and -

_

@$./ characters, and it can be up to 31 characters long.

Password Type the password associated with the user name above. Use up to 64 ASCII

characters except the [] and ?. This field can be blank.

Retype to
Confirm

Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

WAN IP Address
Assignments

WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will

IP Address The ISP will assign your WAN IP address automatically
Next Click Next to continue.

Type your password again for confirmation.

from the PPPoE server. The default time is 100 seconds.

belong.

The ZyWALL applies the configuration settings.

ZyWALL USG 100/200 Series User’s Guide

81

Chapter 4 Wizard Setup

Figure 22 PPPoE Encapsulation: Auto: Finish

You have set up your ZyWALL to access the Internet.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

4.3.5 PPPoE: Static IP Address Assignment

If you select Static as the IP Address Assignment, the following screen displays.

82

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Figure 23 PPPoE Encapsulation: Static

The following table describes the labels in this screen.

Table 10 PPPoE Encapsulation: Static

LABEL DESCRIPTION

ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
Service Name Type the PPPoE service name given to you by your ISP. PPPoE uses a service

User Name Type the user name given to you by your ISP. You can use alphanumeric and -

Password Type the password associated with the user name above. Use up to 64 ASCII

Retype to
Confirm

Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

WAN IP Address
Assignments

WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will

IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

name to identify and reach the PPPoE server. You can use alphanumeric and ­_

@$./ characters, and it can be up to 64 characters long.

@$./ characters, and it can be up to 31 characters long.

_

characters except the [] and ?. This field can be blank.
Type your password again for confirmation.

from the PPPoE server. The default time is 100 seconds.

belong.

ZyWALL USG 100/200 Series User’s Guide

83

Chapter 4 Wizard Setup

Table 10 PPPoE Encapsulation: Static (continued)

LABEL DESCRIPTION

First DNS Server
Second DNS

Server

Next Click Next to continue.

Enter the DNS server's IP address(es) in the field(s) to the right.
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not

configure a DNS server, you must know the IP address of a machine in order to
access it.

4.3.6 Step 2 Internet Access PPPoE

" Enter the Internet access information exactly as given to you by your ISP.

4.3.6.1 ISP Parameters

Type the PPPoE Service Name from your service provider.
Type the User Name given to you by your ISP.
Type the Password associated with the user name.
Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle

Timeout in seconds that elapses before the router automatically disconnects from the PPPoE
server.

4.3.6.2 WAN IP Address Assignments

You do not configure this section if you selected Auto as the IP Address Assignment in the
previous screen.

WAN Interface: This is the number of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and

vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you
specify here) to resolve domain names for VPN, DDNS and the time server.

84

ZyWALL USG 100/200 Series User’s Guide

Figure 24 PPPoE Encapsulation: Static: Finish

You have set up your ZyWALL to access the Internet.

Chapter 4 Wizard Setup

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

4.3.7 PPTP: Auto IP Address Assignment

If you select Auto as the IP Address Assignment in the previous screen, the following screen
displays.

ZyWALL USG 100/200 Series User’s Guide

85

Chapter 4 Wizard Setup

Figure 25 PPTP Encapsulation: Auto

The following table describes the labels in this screen.

Table 11 PPTP Encapsulation: Auto

LABEL DESCRIPTION

ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
User Name Type the user name given to you by your ISP. You can use alphanumeric and -

Password Type the password associated with the user name above. Use up to 64 ASCII

Retype to Confirm Type your passwo r d again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically

PPTP
Configuration

Base Interface This displays the identity of the Ethernet interface you configure to connect with a

Base IP Address Type the (static) IP address assigned to you by your ISP.
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Type the IP address of the PPTP server.
Connection ID Enter the connection ID or connection name in this field. It must follow the "c:id"

WAN IP Address
Assignments

WAN Interface This displays the identity of the interface you configure to connect with your ISP.

_@$./ characters, and it can be up to 31 characters long.

characters except the [] and ?. This field can be blank.

disconnects from the PPTP server.

modem or router.

and "n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your DSL modem.

You can use alphanumeric and -_
long.

: characters, and it can be up to 31 characters

86

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Table 11 PPTP Encapsulation: Auto (continued)

LABEL DESCRIPTION

Zone This field displays to which security zone this interface and Internet connection

will belong.
IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server
Second DNS

Server

Next Click Next to continue.

Enter the DNS server's IP address(es) in the field(s) to the right.

Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do

not configure a DNS server, you must know the IP address of a machine in order

to access it.

The ZyWALL applies the configuration settings.

Figure 26 PPTP Encapsulation: Auto: Finish

You have set up your ZyWALL to access the Internet.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

ZyWALL USG 100/200 Series User’s Guide

87

Chapter 4 Wizard Setup

4.3.8 PPTP: Static IP Address Assignment

If you select Static as the IP Address Assignment, the following screen displays.

Figure 27 PPTP Encapsulation: Static

The following table describes the labels in this screen.

Table 12 PPTP Encapsulation: Static

LABEL DESCRIPTION

ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
User Name Type the user name given to you by your ISP. You can use alphanumeric and -

_

@$./ characters, and it can be up to 31 characters long.

Password Type the password associated with the user name above. Use up to 64 ASCII

Retype to Confirm Type your passwo r d again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically

PPTP
Configuration

Base Interface This displays the identity of the Ethernet interface you configure to connect with a

Base IP Address Type the (static) IP address assigned to you by your ISP.
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Type the IP address of the PPTP server.

characters except the [] and ?.

disconnects from the PPTP server.

modem or router.

88

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Table 12 PPTP Encapsulation: Static (continued)

LABEL DESCRIPTION

Connection ID Enter the connection ID or connection name in this field. It must follow the "c:id"

and "n:name" format. For example, C:12 or N:My ISP.

This field is optional and depends on the requirements of your DSL modem.

You can use alphanumeric and -_

long. This field can be blank.
WAN IP Address

Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection

will belong.
IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server
Second DNS

Server

Next Click Next to continue.

Enter the DNS server's IP address(es) in the field(s) to the right.

Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do

not configure a DNS server, you must know the IP address of a machine in order

to access it.

: characters, and it can be up to 31 characters

4.3.9 Step 2 Internet Access PPTP

" Enter the Internet access information exactly as given to you by your ISP.

4.3.9.1 ISP Parameters

Type the User Name given to you by your ISP.
Type the Password associated with the user name.
Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle

Timeout in seconds that elapses before the router automatically disconnects from the PPTP
server.

4.3.9.2 PPTP Configuration

Base Interface: This is the identity of the Ethernet interface you configure to connect with a
modem or router.

Type a Base IP Address (static) assigned to you by your ISP.
Type the IP Subnet Mask assigned to you by your ISP (if given).
Server IP: Type the IP address of the PPTP server.
Type a Connection ID or connection name. It must follow the “c:id” and “n:name” format.

For example, C:12 or N:My ISP. This field is optional and depends on the requirements of
your broadband modem or router.

ZyWALL USG 100/200 Series User’s Guide

89

Chapter 4 Wizard Setup

4.3.9.3 WAN IP Address Assignments

You do not configure this section if you selected Auto as the IP Address Assignment in the
previous screen.

WAN Interface: This is the connection type on the interface you are configuring to connect
with your ISP.

Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and

vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you
specify here) to resolve domain names for VPN, DDNS and the time server.

The ZyWALL applies the configuration settings.

Figure 28 PPTP Encapsulation: Static: Finish

4.3.10 Step 4 Internet Access - Finish

You have set up your ZyWALL to access the Internet.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

90

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

4.4

Device Registration

Use this screen to register your ZyWALL with myZXEL.com and activate trial periods of
subscription security features if you have not already done so.

" You must be connected to the Internet to register.

This screen displays a read-only user name and password if the ZyWALL is already
registered. It also shows which trial services are activated (if any). You can still select the
unchecked trial service(s) to activate it after registration. Use the Registration > Service
screen to update your service subscription status.

Figure 29 Registration

The following table describes the labels in this screen.

Table 13 Registration

LABEL DESCRIPTION
Device Registration If you select existing myZyXEL.com account, only the User Name and

Password fields are available.

new myZyXEL.com
account

existing myZyXEL.com
account

UserName Enter a user name for your myZyXEL.com account. The name should be

Check Click this button to check with the myZyXEL.com database to verify the user

ZyWALL USG 100/200 Series User’s Guide

If you haven’t created an account at myZyXEL.com, select this option and
configure the following fields to create an account and register your
ZyWALL.

If you already have an account at myZyXEL.com, select this option and enter
your user name and password in the fields below to register your ZyWALL.

from six to 20 alphanumeric characters (and the underscore). Spaces are
not allowed.

name you entered has not been used.

91

Chapter 4 Wizard Setup

Table 13 Registration (continued)

LABEL DESCRIPTION

Password Enter a password of between six and 20 alphanumeric characters (and the

Confirm Password Enter the password again for confirmation.
E-Mail Address Enter your e-mail address. You can use up to 80 alphanumeric characters

Country Code Select your country from the drop-down box list.
Trial Service Activation You can try a trial service subscription. After the trial expires, you can buy an

Anti-Virus
IDP/AppPatrol
Content Filter

Close Click Close to exit the wizard.
Next Click Next to save your changes back to the ZyWALL and activate the

Figure 30 Registration: Registered Device

underscore). Spaces are not allowed.

(periods and the underscore are also allowed) without spaces.

iCard and enter the license key in the Registration Service screen to
extend the service.

Select the check box to activate a trial. The ZyWALL provides both an
ZyXEL’s anti-virus engine and the Kaspersky anti-virus engine. Subscribe to
signature files from either.

The trial period starts the day you activate the trial.

selected services.

4.5 Installation Setup, Two Internet Service Providers

This wizard allows you to configure two interfaces for Internet access through either two
different Internet Service Providers (ISPs) or two different accounts with the same ISP.

The configuration of the following screens is explained in Section 4.2 on page 76 section.
Configure the First WAN Interface and click Next.

92

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Figure 31 Internet Access: Step 1: First WAN Interface

After you configure the First WAN Interface, you can configure the Second WAN
Interface. Click Next to continue.

Figure 32 Internet Access: Step 3: Second WAN Interface

After you configure the Second WAN Interface, a summary of configuration settings display
for both WAN interfaces.

ZyWALL USG 100/200 Series User’s Guide

93

Chapter 4 Wizard Setup

Figure 33 Internet Access: Finish

" You can register your ZyWALL with myZyXEL.com and activate trials of

services like IDP.

Use the myZyXEL.com link if you do already have a myZyXEL.com account. If you already
have a myZyXEL.com account, you can click Next and use the following screen to register
your ZyWALL and activate service trials (see Section 4.4 on page 91).

Alternatively, click Close to exit the wizard.

4.5.1 Internet Access Wizard Setup Complete

Well done! You have successfully set up your ZyWALL to access the Internet.

4.6 VPN Setup

The VPN wizard creates corresponding VPN connection and VPN gateway settings, a policy
route and address objects that you can use later in configuring more VPN connections or other
features.

Click VPN SETUP in the Wizard Setup Welcome screen (Figure 16 on page 76) to open the
following screen. Use it to select which type of VPN settings you want to configure.

94

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Figure 34 VPN Wizard: Wizard Type

The following table describes the labels in this screen.

Table 14 VPN Wizard: Step 1: Wizard Type

LABEL DESCRIPTION

Express Use this wizard to create a VPN connection with another ZLD-based ZyWALL using

a pre-shared key and default security settings.

Advanced Use this wizard to configure detailed VPN security settings such as using certificates.

Next Click Next to continue.

The VPN connection can be to another ZLD-based ZyWALL or other IPSec device.

4.7 VPN Wizards

A VPN (Virtual Private Network) tunnel is a secure connection to another computer or
network.

Use the Express wizard to create a VPN connection with another ZLD-based ZyWALL using
a pre-shared key and default security settings.

Use the Advanced wizard to configure detailed VPN security settings such as using
certificates. The VPN connection can be to another ZLD-based ZyWALL or other IPSec
devices.

4.7.1 VPN Express Wizard

Click the Express radio button as shown in Figure 34 on page 95 to display the following
screen.

ZyWALL USG 100/200 Series User’s Guide

95

Chapter 4 Wizard Setup

Figure 35 VPN Express Wizard: Step 2

The following table describes the labels in this screen.

Table 15 VPN Express Wizard: Step 2

LABEL DESCRIPTION

Name Type the name used to identify this VPN connection (and VPN gateway). You may

Secure
Gateway

Pre-Shared
Key

Next Click Next to continue.

use 1-31 alphanumeric characters, underscores(
character cannot be a number. This value is case-sensitive.

Enter the WAN IP address or domain name of the remote IPSec router (secure
gateway) to identify the remote IPSec router by its IP address or a domain name. Set
this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address.

Type your pre-shared key in this field. A pre-shared key identifies a communicating
party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to
share it with another party before you can communicate with them over a secure
connection.

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0­9", "A-F") characters. Precede hexadecimal characters with “0x”.

Both ends of the VPN tunnel must use the same pre-shared key. You will receive a
PYLD_MALFORMED (payload malformed) packet if the same pre-shared key is not
used on both ends.

_), or dashes (-), but the first

4.8 VPN Express Wizard - Remote Gateway

The Remote Gateway policy identifies the IPSec devices at either end of a VPN tunnel.
Name: T ype the name used to identify this VPN connection (and VPN gateway). You may use

1-31 alphanumeric characters, underscores(
number. This value is case-sensitive.

Secure Gateway: Enter the WAN IP address or domain name of the remote IPSec router
(secure gateway). Use 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address and
no domain name.

96

_), or dashes (-), but the first character cannot be a

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same
password. Use 8 to 31 case-sensitive ASCII characters or 16 to 62 hexadecimal (“0-9”, “A-F”)
characters. Proceed hexadecimal characters with “0x”.

Figure 36 VPN Express Wizard: Step 3

The following table describes the labels in this screen.

Table 16 VPN Express Wizard: Step 3

LABEL DESCRIPTION

Local Policy
(IP/Mask)

Remote Policy
(IP/Mask)

Next Click Next to continue.

Type a static local IP address that corresponds to the remote IPSec router's
configured remote IP address (the remote IP address of the other ZyWALL).

To specify IP addresses on a network by their subnet mask, type the subnet mask of
the LAN behind your ZyWALL.

Type a static local IP address that corresponds to the remote IPSec router's
configured local IP address (the local IP address of the other ZyWALL).

To specify IP addresses on a network by their subnet mask, type the subnet mask of
the LAN behind the remote gateway.

4.8.1 VPN Express Wizard - Policy Setting

The Policy Setting specifies which devices can use the VPN tunnel. Local and remote IP
addresses must be static.

Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also
specify a subnet. This must match the remote IP address configured on the peer IPSec device.

Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device.
You can also specify a subnet. This must match the local IP address configured on the peer
IPSec device.

ZyWALL USG 100/200 Series User’s Guide

97

Chapter 4 Wizard Setup

Figure 37 VPN Express Wizard: Step 4

The following table describes the labels in this screen.

Table 17 VPN Express Wizard: Step 4

LABEL DESCRIPTION

Summary

Name This is the name of the VPN connection (and VPN gateway).
Secure

Gateway
Pre-Shared

Key
Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.
Remote

Policy

Configuration
for Remote
Gateway

Save Click Save to store the VPN settings on your ZyWALL.

This is the WAN IP address or domain name of the remote IPSec router. If this field
displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.

This is a pre-shared key identifying a communicating party during a phase 1 IKE
negotiation.

This is a (static) IP address and Subnet Mask on the network behind the remote
IPSec router.

These commands set the matching VPN connection settings for the remote gateway.
If the remote gateway is a ZLD-based ZyWALL, you can copy and paste this list into
its command line interface in order to configure it for the VPN tunnel.

You can also use a text editor to save thes e commands as a shell script file with a
“.zysh” filename extension. Then you can use the file manager to run the script in
order to configure the VPN connection.

See the commands reference guide for details on the commands displayed in this
list.

4.8.2 VPN Express Wizard - Summary

This summary of VPN tunnel settings is read-only.

Name: Identifies the VPN gateway.
Secure Gateway: IP address or domain name of the peer IPSec device.
Pre-Shared Key: VPN tunnel password.

98

ZyWALL USG 100/200 Series User’s Guide

Chapter 4 Wizard Setup

Local Policy: IP address and subnet mask of the computers on the network behind your
ZyWALL that can use the tunnel.

Remote Policy: IP address and subnet mask of the computers on the network behind the peer
IPSec device that can use the tunnel.

You can copy and paste the Configuration for Remote Gateway commands into anoth er
ZLD-based ZyWALL’s command line interface.

Figure 38 VPN Express Wizard: Step 6

" If you have not already done so, use the myZyXEL.com link and register your

ZyWALL with myZyXEL.com and activate trials of services like IDP.

Alternatively, click Close to exit the wizard.

4.8.3 VPN Express Wizard - Finish

Now you can use the VPN tunnel.

" If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like IDP.

You can click Next and use the following screen to perform a basic registration (see Section

4.4 on page 91). If you want to do a more detailed registration or manage your account details,

click myZyXEL.com.
Alternatively, click Close to exit the wizard.

ZyWALL USG 100/200 Series User’s Guide

99

Chapter 4 Wizard Setup

4.8.4 VPN Advanced Wizard

Click the Advanced radio button as shown in Figure 34 on page 95 to display the following
screen.

Figure 39 VPN Advanced Wizard: Step 2

The following table describes the labels in this screen.

Table 18 VPN Advanced Wizard: Step 2

LABEL DESCRIPTION

Remote
Gateway

Name Type the name used to identify this VPN connection (and VPN gateway). You may

Secure
Gateway

My Address
(interface)

Authentication
Method

Pre-Shared
Key

use 1-31 alphanumeric characters, underscores(
character cannot be a number. This value is case-sensitive.

Enter the WAN IP address or domain name of the remote IPSec router (secure
gateway) in the field below to identify the remote IPSec router by its IP address or a
domain name. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN
IP address.

Select an interface from the drop-down list box to use on your ZyWALL.

Type your pre-shared key in this field. A pre-shared key identifies a communicating
party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to
share it with another party before you can communicate with them over a secure
connection.

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0­9", "A-F") characters. Precede hexadecimal characters with “0x”.

Both ends of the VPN tunnel must use the same pre-shared key. You will receive a
PYLD_MALFORMED (payload malformed) packet if the same pre-shared key is not
used on both ends.

_), or dashes (-), but the first

100

ZyWALL USG 100/200 Series User’s Guide