ZyXEL Communications VGN-FE800, VGN-C User Manual

ZyWALL USG 100/200 Series
Unified Security Gateway
User’s Guide
Version 2.10 5/2008 Edition 1
DEFAULT LOGIN
LAN1 Port P4 IP Address http://192.168.1.1 User Name admin Password 1234
www.zyxel.com

About This User's Guide

About This User's Guide
Intended Audience
This manual is intended for people who want to want to configure the ZyWALL using the web configurator.
How To Use This Guide
•Read Chapter 1 on page 53 chapter for an overview of features available on the ZyWALL.
•Read Chapter 3 on page 65 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL web configurator.
•Read Chapter 4 on page 75 if you’re using the wizards for first time setup and you want more detailed information than what the real time online help provides.
• It is highly recommended you read Chapter 5 on page 109 for detailed information on essential terms used in the ZyWALL, what prerequisites are needed to configure a feature and how to use that feature.
• It is highly recommended you read Chapter 6 on page 125 for ZyWALL application examples.
• Subsequent chapters are arranged by menu item as defined in the web configurator. Read each chapter carefully for detailed information on that menu item.
• To find specific information in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find the information you require.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to show you how to make the ZyWALL hardware
connections, rack mounting and access the web configurator wizards. (See the wizard real time help for information on configuring each screen.) It contains a connection diagram, default settings, handy checklists and information on setting up your network and configuring for Internet access.
• Configuration Reference Card See this handy reference card to see what prerequisites are needed to configure a feature
and how to use this feature in the ZyWALL.
• CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to
configure the ZyWALL.
" It is recommended you use the web configurator to configure the ZyWALL.
• Web Configurator Online Help
ZyWALL USG 100/200 Series User’s Guide
3
About This User's Guide
Click the help icon in any screen for help in configuring that screen and supplementary information.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
for additional support documentation and product
4
ZyWALL USG 100/200 Series User’s Guide

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL USG 100 and ZyWALL USG 200 may be referred to as the “ZyWALL”, the “device”, the “system” or the “product” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
ZyWALL USG 100/200 Series User’s Guide
5
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
6
ZyWALL USG 100/200 Series User’s Guide

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city offi ce, your household waste disposal service or the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
This product is recyclable. Dispose of it properly.
ZyWALL USG 100/200 Series User’s Guide
7
Safety Warnings
8
ZyWALL USG 100/200 Series User’s Guide

Contents Overview

Contents Overview
Getting Started .......................................................................................................................51
Introducing the ZyWALL ............................................................................................................ 53
Features and Applications ......................................................................................................... 57
Web Configurator ............................................. ... ... ... .... ............................................................. 65
Wizard Setup ............................................................................................................................. 75
Configuration Basics .............. ... ... .......................................................... .... ... ... ... .... ... ... ... ........109
Tutorials ...................................................................................................................................125
Status ...................................................................................................................................... 171
Registration ............................................................................................................................. 185
Signature Update ..................................................................................................................... 191
Network .................................................................................................................................197
Interface .................................... ....................... ...................... ....................... ........................... 199
Trunks .................................................... .......................................... ........................................ 269
Policy and Static Routes .......................................................................................................... 277
Routing Protocols .................................................................................................................... 287
Zones ...................................................................................................................................... 299
DDNS ...................................................................................................................................... 303
Virtual Servers .........................................................................................................................309
HTTP Redirect ........................................................................................................................321
ALG ......................................................................................................................................... 325
Firewall ..................................................................................................................................333
Firewall .................................................................................................................................. 335
VPN ........................................................................................................................................349
IPSec VPN ................... ... ........................................................... ... ... ... ... .................................. 351
SSL VPN .................................................................................................................................385
SSL User Screens ................................................................................................................... 395
SSL User Application Screens ................................................................................................ 401
SSL User File Sharing ............................................................................................................. 403
L2TP VPN ................................................................................................................................ 409
L2TP VPN Example ................................................................................................................. 415
Application Patrol ................................................................................................................441
Application Patrol ..................................................................................................................... 443
ZyWALL USG 100/200 Series User’s Guide
9
Contents Overview
Anti-X ....................................................................................................................................467
Anti-Virus ................................................................................................................................. 469
IDP ..........................................................................................................................................483
ADP ........................................................................................................................................ 513
Content Filtering .............................. ... ... ... ... .... ... ... .................................................................. 531
Content Filter Reports .... .... ..................................................................................................... 551
Anti-Spam ................................................................................................................................ 559
Device HA .............................................................................................................................573
Device HA ............................................................................................................................... 575
Objects ..................................................................................................................................591
User/Group .............................................................................................................................. 593
Addresses ............................................................................................................................... 607
Services ................................. ....................................................... ........................................... 613
Schedules ................................. ................................................. .............................................. 619
AAA Server ............................................................................................................................. 625
Authentication Method ........................................................................................................ ..... 635
Certificates ................................... ....................... ....................... ...................... ........................ 639
SSL Application ....................................................................................................................... 657
System ..................................................................................................................................663
System ................................................................................................................................... 665
Maintenance, Troubleshooting, & Specifications .............................................................703
File Manager ........................................................................................................................... 705
Logs ........................................................................................................................................ 715
Reports ................................................................................................................................... 727
Diagnostics .............................................................................................................................741
Reboot ..................................................................................................................................... 743
Troubleshooting ..................................................... .................................................................. 745
Product Specifications ............................................................................................................. 749
Appendices and Index .........................................................................................................757
10
ZyWALL USG 100/200 Series User’s Guide

Table of Contents

Table of Contents
About This User's Guide..........................................................................................................3
Document Conventions............................................................................................................5
Safety Warnings ........................................................................................................................7
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
List of Figures.........................................................................................................................29
List of Tables...........................................................................................................................43
Part I: Getting Started............................................................................ 51
Chapter 1
Introducing the ZyWALL ........................................................................................................53
1.1 Overview and Key Default Settings ..................................................................................... 53
1.2 Front Panel LEDs .................................. .... ... ... ... .... ... ... ... .................................................... 53
1.3 Management Overview .......... .... ... ... ............................................................. .... ... ................54
1.4 Starting and Stopping the ZyWALL ...................................................... ... ... ... .... ... ... ... ... .... ... 55
Chapter 2
Features and Applications.....................................................................................................57
2.1 Features ... ... .... .......................................................... ... ... .... ... ... .......................................... 57
2.2 Packet Flow ........... .......................................................... .... ... ... ... ... .................................... 59
2.2.1 Interface to Interface (Through ZyWALL) ................................................................... 59
2.2.2 Interface to Interface (To/From ZyWALL) ................... ................................................ 60
2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 60
2.2.4 Interface to Interface (To VPN Tunnel) ....................................................................... 60
2.3 Applications ............................... ... ... ... .......................................................... .... ... ... .............60
2.3.1 VPN Connectivity ................................... ... .... ... ... ....................................................... 60
2.3.2 SSL VPN Network Access .................................. ... .... ................................................ 61
2.3.3 User-Aware Access Control ....................................................................................... 62
2.3.4 Multiple WAN Interfaces ................... ... ... ... .... ... ... ....................................................... 62
2.3.5 Device HA ........................................... ... ... .... ... ... ....................................................... 63
Chapter 3
Web Configurator....................................................................................................................65
ZyWALL USG 100/200 Series User’s Guide
11
Table of Contents
3.1 Web Configurator Requirements ......................................................................................... 65
3.2 Web Configurator Access ....................................................................................................65
3.3 Web Configurator Main Screen ...........................................................................................67
3.3.1 Title Bar ............................................ ... ... ... .... ... ... ... .................................................... 67
3.3.2 Navigation Panel ....................... ... .... ..........................................................................68
3.3.3 Main Window .......................... ... .......................................................... .... ... ... ... ... .......72
3.3.4 Message Bar ................ .... ... .......................................................... ... ... .... ... ................72
Chapter 4
Wizard Setup...........................................................................................................................75
4.1 Wizard Setup Overview ....................................................................................................... 75
4.2 Installation Setup, One ISP .................................................................................................76
4.3 Step 1 Internet Access ........................................... ... .......................................................... 77
4.3.1 Ethernet: Auto IP Address Assignment ...................................................................... 77
4.3.2 Ethernet: Static IP Address Assignment ............................................. .... ... ... ... ... .... ... 78
4.3.3 Step 2 Internet Access Ethernet ................................................... ... ... .... ... ... ... ..........79
4.3.4 PPPoE: Auto IP Address Assignment ........................................................................ 81
4.3.5 PPPoE: Static IP Address Assignment ...................................................................... 82
4.3.6 Step 2 Internet Access PPPoE ..................................................................................84
4.3.7 PPTP: Auto IP Address Assignment .......................................................................... 85
4.3.8 PPTP: Static IP Address Assignment ......................................................................... 88
4.3.9 Step 2 Internet Access PPTP ................... .... ... ... ... .... ... ... ... ... .................................... 89
4.3.10 Step 4 Internet Access - Finish ............................................................................... 90
4.4 Device Registration ..........................................................................................................91
4.5 Installation Setup, Two Internet Service Providers .............................................................. 92
4.5.1 Internet Access Wizard Setup Complete ................................................................... 94
4.6 VPN Setup ....................................... ... ... .... ... .......................................................... .............94
4.7 VPN Wizards ...................................................................................................................... 95
4.7.1 VPN Express Wizard .................................................................................................. 95
4.8 VPN Express Wizard - Remote Gateway ........................................................................... 96
4.8.1 VPN Express Wizard - Policy Setting ........................................................................ 97
4.8.2 VPN Express Wizard - Summary .................................................... ... .... ... ................98
4.8.3 VPN Express Wizard - Finish ....................................................................................99
4.8.4 VPN Advanced Wizard ........................ ... ... .......................................................... .... . 100
4.8.5 VPN Advanced Wizard - Remote Gateway ........... ............. ............. ............. .......... . 101
4.8.6 VPN Advanced Wizard - Phase 1 ........................................................................... 102
4.8.7 VPN Advanced Wizard - Phase 2 ........................................................................... 105
4.8.8 VPN Advanced Wizard - Summary .........................................................................106
4.8.9 VPN Advanced Wizard - Finish ............................................................................... 106
Chapter 5
Configuration Basics............................................................................................................109
5.1 Object-based Configuration ............................................................................................... 109
12
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
5.2 Zones, Interfaces, and Physical Ports ................................................................................110
5.2.1 Interface Types .................................................... ... .... ... ... ... ... .... ... ... .........................110
5.2.2 Default Interface and Zone Configuration .................................................................111
5.3 Terminology in the ZyWALL ................................................................................................112
5.4 Feature Configuration Overview ........................................................................................113
5.4.1 Feature ................................................... ... .... ... ... ... ...................................................113
5.4.2 Interface ........................................... ... ... ... .... ... .........................................................114
5.4.3 Trunks .................................... ... ... .... ... ... ... .......................................................... ......114
5.4.4 IPSec VPN .......................................... ... .......................................................... ... .... ..114
5.4.5 SSL VPN ................... ... .......................................................... .... ... ............................115
5.4.6 L2TP VPN ........................................... ... ... .......................................................... .... ..115
5.4.7 Zones ........................................ ... ........................................................... ... ...............115
5.4.8 Device HA ........................................... ... ... .... ... .........................................................115
5.4.9 DDNS .............. .... ... ... ... .... ... ... .......................................................... ... ......................116
5.4.10 Policy Routes ..........................................................................................................116
5.4.11 Static Routes ...........................................................................................................117
5.4.12 Firewall ....................................................................................................................117
5.4.13 Application Patrol ....................................................................................................118
5.4.14 Anti-Virus .................................................................................................................118
5.4.15 IDP ..........................................................................................................................118
5.4.16 ADP .........................................................................................................................119
5.4.17 Content Filter ...........................................................................................................119
5.4.18 Anti-Spam ................................................................................................................119
5.4.19 Virtual Server (Port Forwarding) .......... ... .... ... ......................................................... 119
5.4.20 HTTP Redirect .......................................................................................................120
5.4.21 ALG ........................................................................................................................ 120
5.5 Objects .. ... ... .... .......................................................... ... ... .... ... ........................................... 121
5.5.1 User/Group ....................... ... ... .......................................................... ... .... ... ... ...........121
5.6 System Management and Maintenance ............................................................................122
5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .................. 122
5.6.2 File Manager ............................................. .... ... ... ... .... ... ... ... ... .... .............................. 122
5.6.3 Licensing Registration ......................................... ... .... ... ... ... ... .................................. 123
5.6.4 Licensing Update ......... .... ... ... ... ... .... ... .......................................................... ... ... .... . 123
5.6.5 Logs and Reports .....................................................................................................123
5.6.6 Diagnostics ................ ... .... ... ... ... ... ........................................................... ... ... ...........123
Chapter 6
Tutorials.................................................................................................................................125
6.1 How to Configure Ethernet Interfaces and Port Roles ....................................................... 125
6.1.1 How to Configure a WAN Ethernet Interface ............................................................ 125
6.1.2 How to Configure the OPT Interface for a Local Network ........................................ 126
6.1.3 How to Configure Port Roles ............................... ............. ............. ............. ............. . 128
6.2 How to Configure a Cellular Interface . ... .... ... ... ... .... ... ... ... .... .............................................. 129
ZyWALL USG 100/200 Series User’s Guide
13
Table of Contents
6.3 How to Set Up a WLAN Interface ...................................................................................... 131
6.3.1 How to Set Up User Accounts .................................................................................. 131
6.3.2 How to Create the WLAN Interface .......................................................................... 132
6.3.3 How to Set Up the Wireless Clients to Use the WLAN Interface .............................134
6.4 How to Set Up an IPSec VPN ...........................................................................................144
6.4.1 How to Set Up the VPN Gateway ............................................................................ 144
6.4.2 How to Set Up the VPN Connection ........................................................................145
6.4.3 How to Set Up the Policy Route for the VPN Tunnel .................... ... ........................146
6.4.4 How to Configure Security Policies for the VPN Tunnel ...........................................147
6.5 How to Configure User-aware Access Control .................................................................. 148
6.5.1 How to Set Up User Accounts .................................................................................. 148
6.5.2 How to Set Up User Groups .......................... ................... ................... ................ ..... 148
6.5.3 How to Set Up User Authentication Using the RADIUS Server ............................... 149
6.5.4 How to Set Up Web Surfing Policies With Bandwidth Restrictions .......................... 150
6.5.5 How to Set Up MSN Policies .................. ............. ............. ............. ............. ............. . 152
6.5.6 How to Set Up Firewall Rules .................................................................................. 153
6.6 How to Configure Load Balancing ..................................................................................... 154
6.6.1 How to Set Up Available Bandwidth on Ethernet Interfaces .................................... 155
6.6.2 How to Configure the Load Balancing in the WAN Trunk ........................................ 155
6.7 How to Configure Service Control .....................................................................................156
6.7.1 How to Allow HTTPS Administrator Access Only From the LAN ............................. 156
6.8 How to Allow Incoming H.323 Peer-to-peer Calls ........ ..................................................... 1 59
6.8.1 How to Turn On the ALG .......................................................................................... 160
6.8.2 How to Set Up a Virtual Server Policy For H.323 ..................................................... 160
6.8.3 How to Set Up a Firewall Rule For H.323 .............................. .... ... ... ... .... ... ... ... ........161
6.9 How to Use Device HA ...................................................................................................... 162
6.9.1 Before You Start ..... ... ... .... ... ... ... .......................................................... .... ... ... ... ... .....163
6.9.2 How to Configure Device HA on the Master ZyWALL .............................................. 163
6.9.3 How to Configure the Backup ZyWALL ....................................................................165
6.9.4 How to Deploy the Backup ZyWALL ........................................................................166
6.9.5 How to Check Your Device HA Setup .............................. ... ... .... .............................. 166
6.10 How to Allow Public Access to a Server ..........................................................................167
6.10.1 How to Create the Address Objects ....................................................................... 167
6.10.2 How to Configure a Virtual Server ..........................................................................168
Chapter 7
Status....................................................................................................................................171
7.1 Overview ............. .......................................................... ... .... ... ... ........................................ 171
7.1.1 What You Can Do in the Status Screens .................................................................. 171
7.2 The Status Screen .............................................................................................................171
7.2.1 The CPU Usage Screen ........................................................................................... 175
7.2.2 The Memory Usage Screen ............................................. ... ..................................... 176
7.2.3 The Session Usage Screen ............. ... ... ... .... ... ... ... .... .............................................. 177
14
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
7.2.4 The VPN Status Screen ................... ... .......................................................... ... ... .... . 178
7.2.5 The DHCP Table Screen ..........................................................................................179
7.2.6 The Port Statistics Screen ................ ... ... ... .... ... ... ... .... .............................................. 180
7.2.7 The Port Statistics Graph Screen .................. ... ... ... .................................................. 181
7.2.8 The Current Users Screen ............................................... ... ... .... ... ... ........................ 182
7.2.9 The Cellular Status Detail Screen ............................................................................183
Chapter 8
Registration...........................................................................................................................185
8.1 Overview ............. .......................................................... ... .... ... ... ........................................ 185
8.1.1 What You Can Do in the Registration Screens ........................................................185
8.1.2 What you Need to Know About Service Registration .............................. ................. 185
8.2 The Registration Screen ....................................................................................................186
8.3 The Service Screen ...... .......................................................... ... ... ... .... ... ...........................189
Chapter 9
Signature Update..................................................................................................................191
9.1 Overview ............. .......................................................... ... .... ... ... ........................................ 191
9.1.1 What You Can Do in the Update Screens .................................................. ..............191
9.1.2 What you Need to Know About Signature Updates ................................................. 191
9.2 The Antivirus Update Screen ............................................................................................. 191
9.3 The IDP/AppPatrol Update Screen ............................... ....................... ...................... ........ 193
9.4 The System Protect Update Screen .................................................................................194
Part II: Network..................................................................................... 197
Chapter 10
Interface.................................................................................................................................199
10.1 Interface Overview ........................................................................................................... 199
10.1.1 What You Can Do in the Interface Screens .................... ... ..................................... 199
10.1.2 What You Need to Know About Interfaces .............................................................200
10.2 The Interface Status Screen ............................................................................................ 202
10.3 The Port Role Screen ......................................................................................................205
10.4 The Ethernet Summary Screen ............... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ..............206
10.4.1 The Ethernet Edit Screen ..... ... ... .... ... ... ... .... ........................................................... 207
10.5 Interface Wizards ............................................................................................................. 214
10.5.1 Interface Wizard: OPT Interface First Screen ........................................................ 214
10.5.2 Interface Wizard: WAN Type ............. ................................................................ ..... 215
10.5.3 Interface Wizard: Non-WAN OPT Interface Setup ................................................. 215
10.5.4 Interface Wizard: WAN Zone and IP Address Assignment .................................... 216
10.5.5 Interface Wizard: WAN ISP Connection Settings ................................................... 217
ZyWALL USG 100/200 Series User’s Guide
15
Table of Contents
10.5.6 Interface Wizard: Summary (Non-WAN) ..................... ... ... ... .... ... ... ... .... .................219
10.5.7 Interface Wizard: Summary (WAN) ........................................................................ 219
10.6 The PPP Interfaces Screen .............................................................................................221
10.6.1 PPP Interface Edit Screen ..................................................................................... 222
10.7 Cellular Configuration Screen (3G) ................................................................................. 226
10.7.1 Cellular Add/Edit Screen ......................... ............................................................... 2 28
10.8 Cellular Status Screen .....................................................................................................231
10.9 WLAN Interface General Screen ..................................................................................... 233
10.9.1 WLAN Add/Edit Screen .. ... ... ... ... .... ........................................................................235
10.9.2 WLAN Add/Edit Screen: WEP Security .................................................................. 241
10.9.3 WLAN Add/Edit Screen: WPA-PSK/WPA2-PSK Security ...................................... 242
10.9.4 WLAN Add/Edit Screen: WPA/WPA2 Security ......................................... .............. 2 43
10.10 WLAN Interface MAC Filter Screen ............................................................................... 245
10.10.1 MAC Filter Add/Edit Screen ................................................................................. 245
10.11 WLAN Interface Station Monitor Screen ........................................................................246
10.12 VLAN Interface Screen .................................................................................................. 247
10.12.1 Configuring the VLAN Summary Screen ................... ............. ............. ............ ..... 2 49
10.12.2 Configuring the VLAN Add/Edit Screen ............................................................... 250
10.13 Bridge Interface Screen .................................................................................................255
10.13.1 Configuring the Bridge Summary Screen ............................................................. 256
10.13.2 Configuring the Bridge Add/Edit Screen ..............................................................257
10.14 Auxiliary Interface Screen ............................... ....................... ....................... ................. 261
10.15 Virtual Interface Screen .................................................................................................263
10.16 Interface Technical Reference ....................................................................................... 265
Chapter 11
Trunks ....................................................................................................................................269
11.1 Overview ..........................................................................................................................269
11.1.1 What You Can Do in the Trunk Screens ................................................................ . 269
11.1.2 What you Need to Know About Trunks ..................................................................269
11.2 The Trunk Summary Screen ............................................................................................272
11.2.1 The Trunk Edit Screen ........................................................................................... 273
11.3 Trunk Technical Reference .............................................................................................. 275
Chapter 12
Policy and Static Routes......................................................................................................277
12.1 Policy and Static Routes Overview .................................................................................. 277
12.1.1 What You Can Do in the Policy and Static Route Screens ..................................... 278
12.1.2 What You Need to Know About Policy and Static Routing ..................................... 278
12.2 Policy Route Screen ........................................................................................................ 279
12.2.1 Policy Route Edit Screen ....................................................................................... 281
12.3 IP Static Route Screen ....................................................................................................283
12.3.1 Static Route Add/Edit Screen .................................................................................284
16
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
12.4 Policy Routing Technical Reference ................................................................................ 285
Chapter 13
Routing Protocols .................................................................................................................287
13.1 Routing Protocols Overview ............................................................................................287
13.1.1 What You Can Do in the RIP and OSPF Screens ....................................... ... ... .... . 287
13.1.2 What You Need to Know About Routing Protocols ................................................287
13.2 The RIP Screen ................ ... .... ... ... ... ... .... ... ... ............................................................. ..... 288
13.3 The OSPF Screen ................................................................................................... ... .....289
13.3.1 Configuring the OSPF Screen .................................. ......... .......... .......... ......... ........ 292
13.3.2 OSPF Area Add/Edit Screen ................................................................................. 293
13.4 Routing Protocol Technical Reference ............................................................................295
Chapter 14
Zones ....................................................................................................................................299
14.1 Zones Overview ............................................................................................................... 299
14.1.1 What You Can Do in the Zones Screens ................................................................ 299
14.1.2 What You Need to Know About Zones ................................................................... 300
14.2 The Zone Screen .................................................. ........................................................... 300
14.2.1 The Zone Edit Screen ....................................................... ... .... ... ... ... .... ... ... ... ... .....301
Chapter 15
DDNS......................................................................................................................................303
15.1 DDNS Overview ..............................................................................................................303
15.1.1 What You Can Do in the DDNS Screens ............................................................... 303
15.1.2 What You Need to Know About DDNS ...................................................................303
15.2 The DDNS Screen ...........................................................................................................304
15.2.1 The Dynamic DNS Add/Edit Screen ......................................................................305
15.3 The DDNS Status Screen ................................................................................................ 307
Chapter 16
Virtual Servers.......................................................................................................................309
16.1 Virtual Servers Overview ................................................................................................. 309
16.1.1 What You Can Do in the Virtual Server Screens .................................................... 309
16.1.2 What You Need to Know About Virtual Servers ..................................................... 309
16.2 The Virtual Server Screen ............................................................................................... 310
16.2.1 The Virtual Server Add/Edit Screen ........................................................................311
16.3 NAT 1:1 and NAT Loopback Examples ........................................................................... 313
Chapter 17
HTTP Redirect......................................................................................................................321
17.1 Overview .......................................................................................................................... 321
17.1.1 What You Can Do in the HTTP Redirect Screens .................................................. 321
ZyWALL USG 100/200 Series User’s Guide
17
Table of Contents
17.1.2 What You Need to Know About HTTP Redirect ..................................................... 322
17.2 The HTTP Redirect Screen ............................................................................................. 322
17.2.1 The HTTP Redirect Edit Screen .............................................................................323
Chapter 18
ALG ........................................................................................................................................325
18.1 ALG Overview .................................................................................................................325
18.1.1 What You Can Do in the ALG Screen .................................................................... 325
18.1.2 What You Need to Know About ALG ..................................................................... 326
18.1.3 Before You Begin ...................................................................................................328
18.2 The ALG Screen ..............................................................................................................328
18.3 ALG Technical Reference ................................................................................................330
Part III: Firewall .................................................................................... 333
Chapter 19
Firewall.................................................................................................................................335
19.1 Overview .......................................................................................................................... 335
19.1.1 What You Can Do in the Firewall Screens ............................................................. 335
19.1.2 What You Need to Know About the Firewall ..........................................................336
19.1.3 Firewall Rule Example Applications ....................................................................... 338
19.1.4 Firewall Rule Configuration Example ..................................................................... 340
19.2 The Firewall Screen ................. ... ... ... ... .............................................................. ... ... ........343
19.2.1 Configuring the Firewall Screen ............................... .............................................. 343
19.2.2 The Firewall Edit Screen ....................................................................................... . 346
Part IV: VPN .......................................................................................... 349
Chapter 20
IPSec VPN..............................................................................................................................351
20.1 IPSec VPN Overview ....................................................................................................... 351
20.1.1 What You Can Do in the IPSec VPN Screens ........................................................ 351
20.1.2 What You Need to Know About IPSec VPN ........................................................... 352
20.1.3 Before You Begin ...................................................................................................352
20.2 The VPN Connection Screen ..........................................................................................353
20.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 355
20.2.2 The VPN Connection Add/Edit Manual Key Screen ..............................................360
20.3 The VPN Gateway Screen ..............................................................................................363
20.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 364
20.4 The VPN Concentrator Screen ........................................................................................369
18
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
20.4.1 The VPN Concentrator Add/Edit Screen ........................................... .... ... ... ... ... .... . 370
20.5 The SA Monitor Screen ..................................................................................................371
20.6 IPSec VPN Background Information ............................................................................... 373
Chapter 21
SSL VPN.................................................................................................................................385
21.1 Overview .......................................................................................................................... 385
21.1.1 What You Can Do in the SSL VPN Screens ..........................................................385
21.1.2 What You Need to Know About SSL VPN ..............................................................385
21.2 The SSL Access Privilege Screen ................................................................................... 387
21.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 387
21.3 The SSL Connection Monitor Screen ..............................................................................389
21.4 The SSL Global Setting Screen .................. ... ... .... ........................................................... 390
21.4.1 How to Upload a Custom Logo .............................................................................. 392
21.5 Establishing an SSL VPN Connection ............................................................................. 392
Chapter 22
SSL User Screens.................................................................................................................395
22.1 Overview .......................................................................................................................... 395
22.1.1 What You Need to Know About the SSL User Screens .........................................395
22.2 Remote User Login .......................................................................................................... 396
22.3 The SSL VPN User Screens ...... ... ... ... .... ............................................................. ... ........398
22.4 Bookmarking the ZyWALL ...............................................................................................399
22.5 Logging Out of the SSL VPN User Screens .................................................................... 399
Chapter 23
SSL User Application Screens ............................................................................................401
23.1 SSL User Application Screens Overview ........................................................................401
23.2 The Application Screen ....... .... ... ... ... ... ............................................................................401
Chapter 24
SSL User File Sharing ..........................................................................................................403
24.1 Overview .......................................................................................................................... 403
24.1.1 What You Need to Know About the SSL VPN File Sharing ................................... 403
24.2 The Main File Sharing Screen ......................................................................................... 403
24.3 Opening a File or Folder ................................... ....................................................... ........404
24.3.1 Downloading a File ...................................... ......... ....... ......... .......... .......... ......... ..... 405
24.3.2 Saving a File .......................................................................................................... 405
24.4 Creating a New Folder ......................... ....................... ....................... ...................... ........406
24.5 Renaming a File or Folder ............................................................................................... 406
24.6 Deleting a File or Folder ..................................................................................................407
24.7 Uploading a File ............................. ....................... ...................... ....................... .............. 408
ZyWALL USG 100/200 Series User’s Guide
19
Table of Contents
Chapter 25
L2TP VPN...............................................................................................................................409
25.1 Overview .......................................................................................................................... 409
25.1.1 What You Can Do in the L2TP VPN Screens ......................................................... 409
25.1.2 What You Need to Know About L2TP VPN ................................................. ........... 409
25.2 L2TP VPN Screen ................................................................................................... ... ......411
25.3 L2TP VPN Session Monitor Screen ................................................................................ 412
Chapter 26
L2TP VPN Example...............................................................................................................415
26.1 L2TP VPN Example ....................... ... ... .... ... ... ... .... ... ... ..................................................... 415
26.2 Configuring the Default L2TP VPN Gateway Example .................................................... 415
26.3 Configuring the Default L2TP VPN Connection Example ................................................ 416
26.4 Configuring the L2TP VPN Settings Example ................................................................. 418
26.5 Configuring the Policy Route for L2TP Example ............................................................. 418
26.6 Configuring L2TP VPN in Windows XP and 2000 ...........................................................419
26.6.1 Configuring L2TP in Windows XP .......................................................................... 419
26.6.2 Configuring L2TP in Windows 2000 ............................................... ... .... ... ... ... ... .... . 425
Part V: Application Patrol.................................................................... 441
Chapter 27
Application Patrol.................................................................................................................443
27.1 Overview .......................................................................................................................... 443
27.1.1 What You Can Do in the Application Patrol Screens .............................................. 443
27.1.2 What You Need to Know About Application Patrol ................................................ 444
27.1.3 Application Patrol Bandwidth Management Examples ........................................... 448
27.2 Application Patrol General Screen .................................................................................. 451
27.3 Application Patrol Applications ........................................................................................ 453
27.3.1 The Application Patrol Edit Screen ........................................................................454
27.3.2 The Application Patrol Policy Edit Screen .............................................................456
27.4 The Other Applications Screen ........................................................................................458
27.4.1 The Other Applications Add/Edit Screen ................................................................ 460
27.5 Application Patrol Statistics .............................................................................................462
27.5.1 Application Patrol Statistics: General Setup ................... ... ... .... ... ... ... .... ... ... ...........462
27.5.2 Application Patrol Statistics: Bandwidth Statistics .......................................... ... .... . 463
27.5.3 Application Patrol Statistics: Protocol Statistics .....................................................464
Part VI: Anti-X....................................................................................... 467
20
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
Chapter 28
Anti-Virus...............................................................................................................................469
28.1 Overview .......................................................................................................................... 469
28.1.1 What You Can Do in the Anti-Virus Screens ..........................................................469
28.1.2 What You Need to Know About Anti-Virus ............................................................. 470
28.1.3 Before You Begin ...................................................................................................471
28.2 Anti-Virus Summary Screen ............................................................................................ 4 71
28.2.1 Anti-Virus Policy Add or Edit Screen ...................................................................... 473
28.3 Anti-Virus Black List ......................................................................................................... 475
28.4 Anti-Virus Black List or White List Add/Edit ..................................................................... 476
28.5 Anti-Virus White List ................................ ... ... ... .... ... ... ... .................................................. 477
28.6 Signature Searching ........................................................................................................ 478
28.7 Anti-Virus Technical Reference ........................................................................................480
Chapter 29
IDP.........................................................................................................................................483
29.1 Overview .......................................................................................................................... 483
29.1.1 What You Can Do Using the IDP Screens ........................... .... ... ... ... .... ... ..............483
29.1.2 What You Need To Know About IDP ......................................................................483
29.1.3 Before You Begin ...................................................................................................484
29.2 The IDP General Screen .................................................................................................484
29.2.1 Configuring IDP Policies ........................................................................................ 486
29.3 Introducing IDP Profiles .................................................................................................487
29.3.1 Base Profiles .......................................................................................................... 487
29.4 The Profile Summary Screen .......................................................................................... 488
29.5 Creating New Profiles ......................................................................................................489
29.5.1 Procedure To Create a New Profile ........................................................................489
29.6 Profiles: Packet Inspection .............................................................................................490
29.6.1 Profile > Group View Screen .................................................................................. 490
29.6.2 Policy Types ...........................................................................................................493
29.6.3 IDP Service Groups ............................................................................................... 494
29.6.4 Profile > Query View Screen ..................................................................................495
29.6.5 Query Example ...................................................................................................... 497
29.7 Introducing IDP Custom Signatures ...............................................................................498
29.7.1 IP Packet Header ................................................................................................... 498
29.8 Configuring Custom Signatures ..................... ....................... ...................... ..................... 500
29.8.1 Creating or Editing a Custom Signature ................................................................ 501
29.8.2 Custom Signature Example ........................................... ... ..................................... 505
29.8.3 Applying Custom Signatures .................................................................................. 508
29.8.4 Verifying Custom Signatures ..................................................................................508
29.9 IDP Technical Reference .................................................................................................509
ZyWALL USG 100/200 Series User’s Guide
21
Table of Contents
Chapter 30
ADP .......................................................................................................................................513
30.1 Overview .......................................................................................................................... 513
30.1.1 ADP and IDP Comparison .....................................................................................513
30.1.2 What You Can Do Using the ADP Screens ........................................................... 513
30.1.3 What You Need To Know About ADP .....................................................................513
30.1.4 Before You Begin ...................................................................................................514
30.2 The ADP General Screen ........................ ................................................... ..................... 514
30.2.1 Configuring ADP Policies ............................... ........................................................ 515
30.3 The Profile Summary Screen .......................................................................................... 516
30.3.1 Base Profiles .......................................................................................................... 516
30.3.2 Configuring The ADP Profile Summary Screen ..................................................... 517
30.3.3 Creating New ADP Profiles ............................ ........................................................ 517
30.3.4 Traffic Anomaly Profiles ........................................................................................ 518
30.3.5 Protocol Anomaly Profiles ...... ... .... ... ... ... .......................................................... .... . 520
30.3.6 Protocol Anomaly Configuration .............................................................................521
30.4 Technical Reference ........................................................................................................523
Chapter 31
Content Filtering...................................................................................................................531
31.1 Overview .......................................................................................................................... 531
31.1.1 What You Can Do in the Content Filter Screens ............ ... ... .... ... ... ........................ 531
31.1.2 What You Need to Know About Content Filtering ..................................................531
31.1.3 Before You Begin ...................................................................................................532
31.2 Content Filter General Screen .................... ....................................................... ..............533
31.3 Content Filter Policy Add or Edit Screen .........................................................................535
31.4 Content Filter Profile Screen .......................................................................................... 536
31.5 Content Filter Categories Screen ...................................................................................536
31.6 Content Filter Customization Screen ..............................................................................543
31.7 Content Filter Cache Screen ...........................................................................................546
31.8 Content Filter Technical Reference ................................................................................. 548
Chapter 32
Content Filter Reports..........................................................................................................551
32.1 Overview .......................................................................................................................... 551
32.2 Viewing Content Filter Reports ............................................. ........................................... 551
32.3 Web Site Submission .......................................................................................................556
Chapter 33
Anti-Spam..............................................................................................................................559
33.1 Overview .......................................................................................................................... 559
33.1.1 What You Can Do in the Anti-Spam Screens .............................................. ........... 559
33.1.2 What You Need to Know About Anti-Spam ............................................................559
22
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
33.2 Before You Begin ............................................................................................................. 561
33.3 The Anti-Spam General Screen ....................................................................................... 561
33.3.1 The Anti-Spam Policy Add or Edit Screen ................................................ .............. 563
33.4 The Anti-Spam Black List Screen ....................................................................................564
33.4.1 The Anti-Spam Black or White List Add/Edit Screen .............................................. 565
33.4.2 Regular Expressions in Black or White List Entries ............................................... 567
33.5 The Anti-Spam White List Screen .................................................................................... 567
33.6 The DNSBL Screen ......................................................................................................... 568
33.6.1 The DNSBL Add/Edit Screen ............................ ..................................................... 570
33.7 The Anti-Spam Status Screen .........................................................................................571
Part VII: Device HA............................................................................... 573
Chapter 34
Device HA.............................................................................................................................575
34.1 Overview .......................................................................................................................... 575
34.1.1 What You Can Do in the Device HA Screens .........................................................575
34.1.2 What You Need to Know About Device HA ............................................................ 575
34.1.3 Before You Begin ...................................................................................................576
34.2 Device HA General ..........................................................................................................576
34.3 The Active-Passive Mode Screen ...................................................................................578
34.3.1 Configuring Active-Passive Mode Device HA ........................................................ 579
34.4 Configuring an Active-Passive Mode Monitored Interface ............................................... 582
34.5 The Legacy Mode Screen ............................................................................................... 583
34.6 Configuring the Legacy Mode Screen ............................... ... ... ... ... .... ... ... ... .....................583
34.7 The Legacy Mode Add/Edit Screen ................................................................................. 585
34.8 Device HA Technical Reference ...................................................................................... 587
Part VIII: Objects.................................................................................. 591
Chapter 35
User/Group............................................................................................................................593
35.1 Overview .......................................................................................................................... 593
35.1.1 What You Can Do Using The User/Group Screens ...............................................593
35.1.2 What You Need To Know About User/Groups ........................................................ 593
35.2 User Summary Screen .................................................................................................... 595
35.2.1 User Add/Edit Screen ........................... .......... .......... ......... .......... .......... ......... ........ 596
35.3 User Group Summary Screen .........................................................................................598
35.3.1 Group Add/Edit Screen .......................................................................................... 598
35.4 Setting Screen ................................................................................................................ 599
ZyWALL USG 100/200 Series User’s Guide
23
Table of Contents
35.4.1 Force User Authentication Policy Add/Edit Screen ................................................ 602
35.4.2 User Aware Login Example ............... ... ... .... ... ........................................................ 603
35.5 User /Group Technical Reference ...................................................................................604
Chapter 36
Addresses.............................................................................................................................607
36.1 Overview .......................................................................................................................... 607
36.1.1 What You Can Do Using The Addresses Screens ... .............................................. 607
36.1.2 What You Need To Know About Addresses /Groups ............................................. 607
36.2 Address Summary Screen ....................... ........................................................................607
36.2.1 Address Add/Edit Screen .......................................................................................608
36.3 Address Group Summary Screen ............................... ....................... ......................... ..... 609
36.3.1 Address Group Add/Edit Screen ............................................................................610
Chapter 37
Services.................................................................................................................................613
37.1 Overview .......................................................................................................................... 613
37.1.1 What You Can Do in the Services Screens .......... .................................... .............. 613
37.1.2 What You Need to Know About Protocols ... ................................ ........................... 613
37.2 The Service Summary Screen ....................... .......................... .......................... .............. 614
37.2.1 The Service Add/Edit Screen ............................ ..................................................... 615
37.3 The Service Group Summary Screen ........................ ... .... ... ... ... ... .... ... ... ... .... .................616
37.3.1 The Service Group Add/Edit Screen ......................................................................617
Chapter 38
Schedules..............................................................................................................................619
38.1 Overview .......................................................................................................................... 619
38.1.1 What You Can Do in the Schedule Screens ...........................................................619
38.1.2 What You Need to Know About Schedules ....................................................... ..... 619
38.2 The Schedule Summary Screen ...................................................................................... 620
38.2.1 The One-Time Schedule Add/Edit Screen ............................................................. 621
38.2.2 The Recurring Schedule Add/Edit Screen ..... ... ..................................................... 6 22
Chapter 39
AAA Server...........................................................................................................................625
39.1 Overview .......................................................................................................................... 625
39.1.1 Directory Service (AD/LDAP) Overview ...................................................... ... ........625
39.1.2 RADIUS Server Overview ...................................................................................... 625
39.1.3 ASAS ...................................................................................................................... 626
39.1.4 What You Can Do Using The AAA Screens ........................................................... 626
39.1.5 What You Need To Know About AAA Servers .......................................................626
39.2 Active Directory or LDAP Default Server Screen ....................... ... .... ... ... ... .... ... ... ... ... .... . 627
39.2.1 Configuring Active Directory or LDAP Default Server Settings ................... ... ... .... . 628
24
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
39.3 Active Directory or LDAP Group Summary Screen .........................................................629
39.3.1 Creating an Active Directory or LDAP Group ......................................................... 629
39.4 Configuring a Default RADIUS Server .............................................................................631
39.5 Configuring a Group of RADIUS Servers .......................................................................632
39.5.1 Adding a RADIUS Server Member .........................................................................632
Chapter 40
Authentication Method.........................................................................................................635
40.1 Overview .......................................................................................................................... 635
40.1.1 What You Can Do Using The Auth. Method Screens .. ... ........................................ 635
40.1.2 Before You Begin ...................................................................................................635
40.1.3 Example: Selecting a VPN Authentication Method ................................................635
40.2 Viewing Authentication Method Objects .......................................................................... 636
40.3 Creating an Authentication Method Object ...................................................................... 637
Chapter 41
Certificates ............................................................................................................................639
41.1 Overview .......................................................................................................................... 639
41.1.1 What You Can Do in the Certificate Screens ......................................................... 639
41.1.2 What You Need to Know About Certificates ........................................................... 639
41.1.3 Verifying a Certificate ............................................................................................. 641
41.2 The My Certificates Screen ............................................................................................. 642
41.2.1 The My Certificates Add Screen ............................................................................643
41.2.2 The My Certificates Edit Screen ........... .......................................................... ... .... . 646
41.2.3 The My Certificates Import Screen ........................................................................649
41.3 The Trusted Certificates Screen .....................................................................................650
41.3.1 The Trusted Certificates Edit Screen .................................................................... 651
41.3.2 The Trusted Certificates Import Screen ................................................................ 654
41.4 Certificates Technical Reference ..................................................................................... 655
Chapter 42
SSL Application ....................................................................................................................657
42.1 Overview .......................................................................................................................... 657
42.1.1 What You Can Do in the SSL Application Screens ........................ ... .... ... ... ... ... .... . 657
42.1.2 What You Need to Know About SSL Application Objects ...................................... 657
42.1.3 Example: Specifying a Web Site for Access .......................................................... 657
42.2 The SSL Application Screen .......................... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 658
42.2.1 Creating/Editing a Web-based SSL Application Object ......................................... 659
42.2.2 Creating/Editing a File Sharing SSL Application Object ........................... ............. . 660
Part IX: System..................................................................................... 663
ZyWALL USG 100/200 Series User’s Guide
25
Table of Contents
Chapter 43
System.................................................................................................................................665
43.1 Overview .......................................................................................................................... 665
43.1.1 What You Can Do In The System Screens ............................................................ 665
43.2 Host Name ....................................................................................................................... 666
43.3 Date and Time ................................................................................................................ 666
43.3.1 Pre-defined NTP Time Servers List ............................................. ... ... .... ... ... ... ... .... . 668
43.3.2 Time Server Synchronization ................................................................................. 669
43.4 Console Port Speed .........................................................................................................670
43.5 DNS Overview .................................................................................................................670
43.5.1 DNS Server Address Assignment ..........................................................................670
43.5.2 Configuring the DNS Screen ................................ .......................................... ........ 671
43.5.3 Address Record ..................... ... .... ........................................................................673
43.5.4 PTR Record ........................................................................................................... 673
43.5.5 Adding an Address/PTR Record ............................................................................673
43.5.6 Domain Zone Forwarder ..................................... .... ... ........................................... 674
43.5.7 Adding a Domain Zone Forwarder ................................. ........................................ 674
43.5.8 MX Record ............................................................................................................675
43.5.9 Adding a MX Record .............................................................................................. 675
43.5.10 Adding a DNS Service Control Rule ...................... ... ... ... ... .... ... ... ... .... ... ... ... ... .... . 676
43.6 WWW Overview ..............................................................................................................676
43.6.1 Service Access Limitations .................................................................................... 677
43.6.2 System Timeout .....................................................................................................677
43.6.3 HTTPS ...................................................................................................................678
43.6.4 Configuring WWW ..................................................................................................679
43.6.5 Service Control Rules ............................................................................................ 681
43.6.6 HTTPS Example .................................................................................................... 682
43.7 SSH .............................................................................................................................. 689
43.7.1 How SSH Works ............... ... ... ... ........................................................... ... ... ... ... .... . 690
43.7.2 SSH Implementation on the ZyWALL ..................................................................... 691
43.7.3 Requirements for Using SSH .................................................................................691
43.7.4 Configuring SSH .................................................................................................... 691
43.7.5 Secure Telnet Using SSH Examples ...................................................................... 692
43.8 Telnet ..............................................................................................................................693
43.8.1 Configuring Telnet ..................................................................................................693
43.9 FTP .................................................................................................................................694
43.9.1 Configuring FTP ..................................................................................................... 695
43.10 SNMP ........................................................................................................................... 696
43.10.1 Supported MIBs ................................................................................................... 697
43.10.2 SNMP Traps ......................................................................................................... 697
43.10.3 Configuring SNMP ............................................................................................... 698
43.11 Dial-in Management ............................... ... ... ... .... ... ... ... .... ... ... ... ... .... ..............................699
43.11. 1 Configuring Dial-in Mgmt .......... .... ... ... ... .... ... ... ..................................................... 6 99
26
ZyWALL USG 100/200 Series User’s Guide
Table of Contents
43.12 Vantage CNM ...............................................................................................................700
43.12.1 Configuring Vantage CNM ...................................................................................700
43.13 Language Screen .........................................................................................................702
Part X: Maintenance, Troubleshooting, & Specifications................. 703
Chapter 44
File Manager.........................................................................................................................705
44.1 Overview .......................................................................................................................... 705
44.1.1 What You Can Do in the File Manager Screens ..................................................... 705
44.1.2 What you Need to Know About the File Manager .................................................. 705
44.2 The Configuration File Screen .............................. ...................................................... .....707
44.3 The Firmware Package Screen ...................................................................................... 710
44.4 The Shell Script Screen .......................... ....................................................... .................712
Chapter 45
Logs ......................................................................................................................................715
45.1 Overview .......................................................................................................................... 715
45.2 What You Can Do In The Log Screens ............................................................................ 715
45.3 View Log Screen ................................................... ........................................................... 715
45.4 Log Setting Screens .......................................................................................................717
45.4.1 Log Setting Summary .............................................................................................718
45.4.2 Edit System Log Settings ...................................................................................... 719
45.4.3 Edit Remote Server Log Settings .......................................................................... 722
45.4.4 Active Log Summary Screen ................................ ............. .......... ............. ............. . 724
Chapter 46
Reports .................................................................................................................................727
46.1 Overview .......................................................................................................................... 727
46.1.1 What You Can Do in the Report Screens ............. ................................. ................. 727
46.2 The Traffic Statistics Screen ............................................................................................ 727
46.3 The Session Screen .......................................................................................................730
46.4 The Anti-Virus Report Screen .......................................................................................... 732
46.5 The IDP Report Screen ................................................................................................... 733
46.6 The Anti-Spam Report Screen .........................................................................................735
46.7 The Email Daily Report Screen ....................................................................................... 737
Chapter 47
Diagnostics...........................................................................................................................741
47.1 The Diagnostics Screen ..................................................................................................741
ZyWALL USG 100/200 Series User’s Guide
27
Table of Contents
Chapter 48
Reboot....................................................................................................................................743
48.1 Overview .......................................................................................................................... 743
48.1.1 What You Need To Know About Reboot ................................................................ 743
48.2 The Reboot Screen .........................................................................................................743
Chapter 49
Troubleshooting....................................................................................................................745
49.1 Resetting the ZyWALL ..................................................................................................... 748
49.2 Getting More Troubleshooting Help ................................................................................. 748
Chapter 50
Product Specifications.........................................................................................................749
50.1 General Specifications ..................................................................................................... 749
50.2 3G or WLAN PCMCIA Card Installation .......................................................................... 754
50.3 Power Adaptor Specifications .......................................................................................... 754
Part XI: Appendices and Index ........................................................... 757
Appendix A Log Descriptions ...............................................................................................759
Appendix B Common Services.............................................................................................815
Appendix C Displaying Anti-Virus Alert Messages in Windows............................................819
Appendix D Importing Certificates........................................................................................825
Appendix E Wireless LANs ..................................................................................................831
Appendix F Open Software Announcements .......................................................................845
Appendix G Legal Information..............................................................................................873
Appendix H Customer Support.............................................................................................877
Index.......................................................................................................................................883
28
ZyWALL USG 100/200 Series User’s Guide

List of Figures

List of Figures
Figure 1 ZyWALL USG 200 Front Panel ................................................................................................53
Figure 2 ZyWALL USG 100 Front Panel ................................................................................................54
Figure 3 Managing the ZyWALL: Web Configurator ............................................................................... 55
Figure 4 Applications: VPN Connectivity ................................................................................................ 61
Figure 5 Network Access Mode: Reverse Proxy ...................................................................................61
Figure 6 Network Access Mode: Full Tunnel Mode ............................... ................................................ 62
Figure 7 Applications: User-Aware Access Control ................................................................................ 62
Figure 8 Applications: Multiple WAN Interfaces ...................................... ... ............................................. 63
Figure 9 Applications: Device HA ........................................................................................................... 63
Figure 10 Login Screen .................................................. ... ....................................................................66
Figure 11 Update Admin Info Screen ..................................................................................................... 66
Figure 12 Main Screen .......................................................................................................................... 67
Figure 13 Message Bar .......................................................................................................................... 72
Figure 14 Warning Messages ................................................................................................................ 73
Figure 15 CLI Messages ........................................................................................................................ 73
Figure 16 Wizard Setup Welcome ......................................................................................................76
Figure 17 Internet Access: Step 1 ......................................................................................................... 76
Figure 18 Ethernet Encapsulation: Auto: Finish ..................................................................................... 78
Figure 19 Ethernet Encapsulation: Static ........ ... ... ... .... ... ... ... .... ... ... ... .................................................... 79
Figure 20 Ethernet Encapsulation: Static: Finish .................................................................................80
Figure 21 PPPoE Encapsulation: Auto ................................................................................................... 81
Figure 22 PPPoE Encapsulation: Auto: Finish ....................................................................................... 82
Figure 23 PPPoE Encapsulation: Static .................................................................................................83
Figure 24 PPPoE Encapsulation: Static: Finish ...................................................................................... 85
Figure 25 PPTP Encapsulation: Auto ..................................................................................................... 86
Figure 26 PPTP Encapsulation: Auto: Finish .......................................................................................... 87
Figure 27 PPTP Encapsulation: S tatic ....................................................................................................88
Figure 28 PPTP Encapsulation: Static: Finish ....................................................................................... 90
Figure 29 Registration ............................................................................................................................ 91
Figure 30 Registration: Registered Device ............................................................................................. 92
Figure 31 Internet Access: Step 1: First WAN Interface ..................................... ....................................93
Figure 32 Internet Access: Step 3: Second WAN Interface .......................................................... .......... 93
Figure 33 Internet Access: Finish .......................................................................................................... 94
Figure 34 VPN Wizard: Wizard Type .................................................. .................................................... 95
Figure 35 VPN Express Wizard: Step 2 ................................................................................................. 96
Figure 36 VPN Express Wizard: Step 3 .................................................................................................. 97
Figure 37 VPN Express Wizard: Step 4 ................................................................................................. 98
Figure 38 VPN Express Wizard: Step 6 ................................................................................................. 99
ZyWALL USG 100/200 Series User’s Guide
29
List of Figures
Figure 39 VPN Advanced Wizard: Step 2 ............................................................................................ 100
Figure 40 VPN Advanced Wizard: Step 3 ............................................................................................. 101
Figure 41 VPN Advanced Wizard: Step 4 ............................................................................................ 103
Figure 42 VPN Advanced Wizard: Step 5 ............................................................................................. 105
Figure 43 VPN Wizard: Step 6: Advanced ............................................................................................107
Figure 44 Zones, Interfaces, and Physical Ethernet Ports ..................................................................110
Figure 45 Default Network Topology .....................................................................................................111
Figure 46 Port Role and Ethernet Interface Configuration Example .................................................... 125
Figure 47 Network > Interface > Ethernet > Edit wan1 ........................................................................ 126
Figure 48 Network > Interface > Ethernet > Edit opt ...........................................................................127
Figure 49 Network > Interface > Ethernet > Edit opt > More Settings ................................................. 128
Figure 50 Network > Interface > Port Roles (Configured) .................... ... ... ... ..................................... 128
Figure 51 Network > Interface > Cellular ............................................................................................. 129
Figure 52 Network > Interface > Cellular > Edit ...................................................................................130
Figure 53 Status .................................................................................................................................. 131
Figure 54 Object > User/Group > User > Add ...................................................................................... 132
Figure 55 Network > Interface > WLAN > Add (WPA/WPA2 Security) ................................................ 133
Figure 56 Network > Interface > WLAN ............................................................................................... 133
Figure 57 ZyXEL Wireless Client .......................................................................................................... 134
Figure 58 ZyXEL Wireless Client > Profile ........................................................................................... 135
Figure 59 ZyXEL Wireless Client > Profile: Security Type .................................................................... 135
Figure 60 ZyXEL Wireless Client > Profile: Security Settings .............................................................. 136
Figure 61 ZyXEL Wireless Client > Profile: Save ................................................................................. 136
Figure 62 ZyXEL Wireless Client > Profile: Activate .............................................................................136
Figure 63 ZyXEL Wireless Client > Profile: Activate .............................................................................137
Figure 64 Odyssey Access Client Manager > Profiles ......................................................................... 137
Figure 65 Odyssey Access Client Manager > Profiles > User Info ......................................................138
Figure 66 Odyssey Access Client Manager > Profiles > Authentication ............................................. 138
Figure 67 Odyssey Access Client Manager > Profiles > Authentication ............................................. 139
Figure 68 Odyssey Access Client Manager > Networks ..................................................................... 139
Figure 69 Odyssey Access Client Manager > Networks > Add ........................................................... 140
Figure 70 Internet Explorer: Tools > Internet Options > Content ......................................................... 140
Figure 71 Internet Explorer: Tools > Internet Options > Content > Certificates .................................... 141
Figure 72 Internet Explorer Certificate Import Wizard File Open Screen ............................................. 141
Figure 73 Internet Explorer Certificate Import Wizard Certificate Store Screen ...................................142
Figure 74 Internet Explorer Certificate Import Wizard Security Warning Screen ..................................142
Figure 75 Internet Explorer: Trusted Root Certification Authorities .............................................. ... .... . 143
Figure 76 Object > Certificate > My Certificates ................................................................................ 143
Figure 77 Funk Odyssey Access Wireless Client Login Example .................. ... .... ... ... ... .... ... ... ... ... .....144
Figure 78 VPN Example ........................ ... .... ... ... ... ... .... ... ... ... .... ........................................................... 144
Figure 79 VPN > IPSec VPN > VPN Gateway > Add ........................................................................... 145
Figure 80 Object > Address > Address > Add ......................................................................................145
Figure 81 VPN > IPSec VPN > VPN Connection > Add ....................................................................... 146
30
ZyWALL USG 100/200 Series User’s Guide
Loading...
+ 872 hidden pages