How it Works
ZyXEL Communications
Loading...
ZyWALL 1000
User Manual
780 pgs22.46 Mb0
Table of contents
Loading...

ZyXEL Communications ZyWALL 1000 User Manual

Download
ZyWALL USG 1000
Unified Security Gateway

User’s Guide

Version 2.00 10/2007 Edition 1
LAN Port P1
IP Address http://192.168.1.1
User Name admin
Password 1234
www.zyxel.com

About This User's Guide

About This User's Guide
This manual is designed to guide you through the configuration of your ZyWALL for its various applications. Generally, it is organized as follows.
• Introduction (ZyWALL, web configurator)
• Features (by menu item in the web configurator)
• Overview, including background
• Web Configurator screens
• Appendices
Intended Audience
This manual is intended for network administrators, or people who have a good knowledge of TCP/IP networking concepts and topology, who want to want to configure the ZyWALL using the web configurator.
1 Read Chapter 1 on page 53 chapter for an overview of features available on the
ZyWALL.
2 Read Chapter 3 on page 65 for web browser requirements and an introduction to the
main components, icons and menus in the ZyWALL web configurator.
3 Read Chapter 4 on page 75 if you’re using the wizards for first time setup and you want
more detailed information than what the real time online help provides.
4 It is highly recommended you read Chapter 5 on page 111 for detailed information on
essential terms used in the ZyWALL, what prerequisites are needed to configure a feature and how to use that feature.
5 It is highly recommended you read Chapter 6 on page 125 for multiple ZyWALL
application examples.
6 Subsequent chapters are arranged by menu item as defined in the web configurator. Read
each chapter carefully for detailed information on that menu item.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to show you how to make the ZyWALL hardware
connections, rack mounting and access the web configurator wizards. (See the wizard real time help for information on configuring each screen.) It contains a connection diagram, default settings, handy checklists and information on setting up your network and configuring for Internet access.
• Configuration Reference Card See this handy reference card to see what prerequisites are needed to configure a feature
and how to use this feature in the ZyWALL.
• CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to
configure the ZyWALL.
ZyWALL USG 1000 User’s Guide
3
About This User's Guide
" It is recommended you use the web configurator to configure the ZyWALL.
• Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary
information.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
for additional support documentation and product
E-mail: techwriters@zyxel.com.tw
4
ZyWALL USG 1000 User’s Guide

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The ZyWALL USG1000 may be referred to as the “ZyWALL”, the “device”, the “system” or the “product” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
ZyWALL USG 1000 User’s Guide
5
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
6
ZyWALL USG 1000 User’s Guide

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
This product is recyclable. Dispose of it properly.
ZyWALL USG 1000 User’s Guide
7
Safety Warnings
8
ZyWALL USG 1000 User’s Guide

Contents Overview

Contents Overview
Introduction ............................................................................................................................ 51
Introducing the ZyWALL ............................................................................................................ 53
Features and Applications ......................................................................................................... 57
Web Configurator ....................................................................................................................... 65
Wizard Setup ............................................................................................................................. 75
Configuration Basics ................................................................................................................111
Tutorials ................................................................................................................................... 125
Status ...................................................................................................................................... 157
Registration ............................................................................................................................. 165
Update ..................................................................................................................................... 171
Network ................................................................................................................................. 177
Interface ................................................................................................................................... 179
Trunks ...................................................................................................................................... 219
Policy and Static Routes .......................................................................................................... 225
Routing Protocols .................................................................................................................... 235
Zones ...................................................................................................................................... 245
DDNS ...................................................................................................................................... 249
Virtual Servers ......................................................................................................................... 255
HTTP Redirect ........................................................................................................................ 261
ALG ......................................................................................................................................... 265
Firewall and VPN ..................................................................................................................275
Firewall .................................................................................................................................. 277
IPSec VPN ............................................................................................................................... 291
SSL VPN ................................................................................................................................. 323
SSL User Screens ................................................................................................................... 331
SSL User Application Screens ................................................................................................ 337
SSL User File Sharing Screens ............................................................................................... 339
L2TP VPN ................................................................................................................................ 345
L2TP VPN Example ................................................................................................................. 351
Application Patrol & Anti-X .................................................................................................377
Application Patrol ..................................................................................................................... 379
Anti-Virus ................................................................................................................................. 403
IDP .......................................................................................................................................... 417
ADP ........................................................................................................................................ 445
ZyWALL USG 1000 User’s Guide
9
Contents Overview
Content Filter Screens ............................................................................................................. 463
Content Filter Reports ............................................................................................................. 483
Device HA & Objects ...........................................................................................................491
Device HA ............................................................................................................................... 493
User/Group ............................................................................................................................. 503
Addresses ............................................................................................................................... 515
Services ................................................................................................................................... 521
Schedules ................................................................................................................................ 527
AAA Server ............................................................................................................................. 531
Authentication Objects ............................................................................................................ 541
Certificates ............................................................................................................................... 545
ISP Accounts ........................................................................................................................... 563
SSL Application ....................................................................................................................... 567
System ..................................................................................................................................573
System ................................................................................................................................... 575
Service Control ....................................................................................................................... 587
Maintenance & Troubleshooting ........................................................................................613
File Manager ............................................................................................................................ 615
Logs ........................................................................................................................................ 625
Reports ................................................................................................................................... 637
Diagnostics ............................................................................................................................. 647
Reboot ..................................................................................................................................... 649
Troubleshooting ....................................................................................................................... 651
Appendices and Index ......................................................................................................... 655
10
ZyWALL USG 1000 User’s Guide

Table of Contents

Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................5
Safety Warnings........................................................................................................................7
Contents Overview ................................................................................................................... 9
Table of Contents.................................................................................................................... 11
List of Figures ......................................................................................................................... 31
List of Tables...........................................................................................................................43
Part I: Introduction................................................................................. 51
Chapter 1
Introducing the ZyWALL ........................................................................................................53
1.1 Overview and Key Default Settings ..................................................................................... 53
1.2 Front Panel LEDs ................................................................................................................ 53
1.3 Management Overview ........................................................................................................54
1.4 Starting and Stopping the ZyWALL ...................................................................................... 55
Chapter 2
Features and Applications.....................................................................................................57
2.1 Features .............................................................................................................................. 57
2.2 Packet Flow ......................................................................................................................... 58
2.2.1 Interface to Interface (Through ZyWALL) ................................................................... 59
2.2.2 Interface to Interface (To/From ZyWALL) ................................................................... 59
2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 59
2.2.4 Interface to Interface (To VPN Tunnel) ....................................................................... 59
2.3 Applications ......................................................................................................................... 60
2.3.1 VPN Connectivity ....................................................................................................... 60
2.3.2 SSL VPN Network Access ......................................................................................... 60
2.3.3 User-Aware Access Control ....................................................................................... 61
2.3.4 Multiple WAN Interfaces ............................................................................................. 62
2.3.5 Device HA .................................................................................................................. 62
Chapter 3
Web Configurator.................................................................................................................... 65
ZyWALL USG 1000 User’s Guide
11
Table of Contents
3.1 Web Configurator Requirements ......................................................................................... 65
3.2 Web Configurator Access ....................................................................................................65
3.3 Web Configurator Main Screen ........................................................................................... 67
3.3.1 Title Bar ...................................................................................................................... 67
3.3.2 Navigation Panel ........................................................................................................ 68
3.3.3 Main Window ..............................................................................................................71
3.3.4 Message Bar ..............................................................................................................72
Chapter 4
Wizard Setup ........................................................................................................................... 75
4.1 Wizard Setup Overview ....................................................................................................... 75
4.2 Installation Setup, One ISP ................................................................................................. 76
4.3 Step 1 Internet Access ........................................................................................................ 77
4.3.1 Ethernet: Auto IP Address Assignment ...................................................................... 78
4.3.2 Ethernet: Static IP Address Assignment .................................................................... 78
4.3.3 Step 2 Internet Access Ethernet ................................................................................ 80
4.3.4 PPPoE: Auto IP Address Assignment ........................................................................ 81
4.3.5 PPPoE: Static IP Address Assignment ...................................................................... 82
4.3.6 Step 2 Internet Access PPPoE .................................................................................. 84
4.3.7 PPTP: Auto IP Address Assignment .......................................................................... 85
4.3.8 PPTP: Static IP Address Assignment ......................................................................... 88
4.3.9 Step 2 Internet Access PPTP .................................................................................... 89
4.3.10 Step 4 Internet Access - Finish ............................................................................... 91
4.4 Device Registration .......................................................................................................... 91
4.5 Installation Setup, Two Internet Service Providers .............................................................. 93
4.5.1 Internet Access Wizard Setup Complete ................................................................... 95
4.6 VPN Setup ........................................................................................................................... 95
4.7 VPN Wizards ...................................................................................................................... 96
4.7.1 VPN Express Wizard .................................................................................................. 97
4.8 VPN Express Wizard - Remote Gateway ........................................................................... 97
4.8.1 VPN Express Wizard - Policy Setting ........................................................................ 99
4.8.2 VPN Express Wizard - Summary ............................................................................ 100
4.8.3 VPN Express Wizard - Finish .................................................................................. 101
4.8.4 VPN Advanced Wizard ............................................................................................. 101
4.8.5 VPN Advanced Wizard - Remote Gateway ............................................................. 103
4.8.6 VPN Advanced Wizard - Phase 1 ........................................................................... 105
4.8.7 VPN Advanced Wizard - Phase 2 ........................................................................... 107
4.8.8 VPN Advanced Wizard - Summary ......................................................................... 108
4.8.9 VPN Advanced Wizard - Finish ............................................................................... 109
Chapter 5
Configuration Basics...........................................................................................................111
5.1 Granular Configuration ...................................................................................................... . 111
12
ZyWALL USG 1000 User’s Guide
Table of Contents
5.2 Terminology in the ZyWALL ................................................................................................112
5.3 Physical Ports, Interfaces, and Zones ................................................................................112
5.3.1 Network Topology Example .......................................................................................113
5.4 Feature Configuration Overview ........................................................................................114
5.4.1 Feature ......................................................................................................................114
5.4.2 Interface ....................................................................................................................115
5.4.3 Trunks .......................................................................................................................115
5.4.4 IPSec VPN ................................................................................................................116
5.4.5 SSL VPN ...................................................................................................................116
5.4.6 L2TP VPN .................................................................................................................116
5.4.7 Zones ........................................................................................................................116
5.4.8 Device HA .................................................................................................................117
5.4.9 DDNS ........................................................................................................................117
5.4.10 Policy Routes ..........................................................................................................117
5.4.11 Static Routes ...........................................................................................................118
5.4.12 Firewall ....................................................................................................................118
5.4.13 Application Patrol ....................................................................................................119
5.4.14 Anti-Virus ................................................................................................................ 120
5.4.15 IDP ......................................................................................................................... 120
5.4.16 ADP ........................................................................................................................ 120
5.4.17 Content Filter ..........................................................................................................120
5.4.18 Virtual Server (Port Forwarding) ............................................................................ 121
5.4.19 HTTP Redirect ....................................................................................................... 121
5.4.20 ALG ........................................................................................................................ 122
5.5 Objects .............................................................................................................................. 122
5.5.1 User/Group ...............................................................................................................122
5.6 System Management and Maintenance ............................................................................ 123
5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM .................. 123
5.6.2 File Manager ............................................................................................................ 124
5.6.3 Licensing Registration .............................................................................................. 124
5.6.4 Licensing Update ..................................................................................................... 124
5.6.5 Logs and Reports ..................................................................................................... 124
5.6.6 Diagnostics ............................................................................................................... 124
Chapter 6
Tutorials ................................................................................................................................. 125
6.1 Interfaces and Zones ......................................................................................................... 125
6.1.1 Set up Port Grouping ............................................................................................... 125
6.1.2 Set up Ethernet Interfaces ....................................................................................... 127
6.1.3 WAN Trunk ............................................................................................................... 129
6.1.4 Zones ....................................................................................................................... 130
6.2 IPSec VPN ......................................................................................................................... 132
6.2.1 Set up the Ethernet Interfaces and Zones ............................................................... 132
ZyWALL USG 1000 User’s Guide
13
Table of Contents
6.2.2 Set up the VPN Gateway ......................................................................................... 132
6.2.3 Set up the VPN Connection ..................................................................................... 133
6.2.4 Set up the Policy Route for the VPN Tunnel ............................................................ 134
6.2.5 Set up the Zone for the VPN Tunnel ........................................................................ 135
6.3 Device HA .......................................................................................................................... 136
6.3.1 Set up DNS for the Virtual Router ............................................................................ 136
6.3.2 Set up the VRRP Groups on the Master .................................................................. 136
6.3.3 Set up the Password for Synchronization ................................................................ 138
6.3.4 Finish Configuring the Master .................................................................................. 139
6.3.5 Set up the Ethernet Interfaces on the Backup ......................................................... 139
6.3.6 Set up the VRRP Groups on the Backup ................................................................. 139
6.3.7 Synchronize the Backup .......................................................................................... 140
6.4 User-Aware Access Control ............................................................................................... 140
6.4.1 Set up User Accounts .............................................................................................. 141
6.4.2 Set up User Groups ................................................................................................. 141
6.4.3 Set up User Authentication Using the RADIUS Server ............................................ 142
6.4.4 Set up Web Surfing Policies With Bandwidth Restrictions ....................................... 143
6.4.5 Set up MSN Policies ................................................................................................ 144
6.4.6 Set up LAN-to-DMZ Policies .................................................................................... 145
6.5 Trunks ................................................................................................................................ 146
6.5.1 Set up Available Bandwidth on Ethernet Interfaces ................................................. 146
6.5.2 Change WAN Trunk Algorithm ................................................................................. 147
6.6 NAT 1:1 Example ............................................................................................................... 147
6.6.1 NAT 1:1 Address Objects ......................................................................................... 148
6.6.2 NAT 1:1 Virtual Server .............................................................................................. 149
6.6.3 NAT 1:1 Policy Route ............................................................................................... 149
6.6.4 NAT 1:1 Firewall Rule .............................................................................................. 150
6.7 NAT Loopback ................................................................................................................... 151
6.7.1 NAT Loopback Virtual Server ................................................................................... 152
6.7.2 NAT Loopback Policy Route .................................................................................... 153
6.8 Service Control and the Firewall ........................................................................................ 155
6.8.1 Allowing HTTPS Administrator Access Only From the LAN .................................... 155
Chapter 7
Status.................................................................................................................................... 157
7.1 Status Screen .................................................................................................................... 157
7.2 VPN Status ........................................................................................................................ 160
7.3 DHCP Table ....................................................................................................................... 161
7.4 Port Statistics .................................................................................................................... 162
7.5 Current Users .................................................................................................................... 163
Chapter 8
Registration........................................................................................................................... 165
14
ZyWALL USG 1000 User’s Guide
Table of Contents
8.1 myZyXEL.com Overview ................................................................................................... 165
8.1.1 Subscription Services Available on the ZyWALL ..................................................... 165
8.2 Registration ....................................................................................................................... 166
8.3 Service .............................................................................................................................. 168
Chapter 9
Update....................................................................................................................................171
9.1 Updating Anti-virus Signatures .......................................................................................... 171
9.2 Updating IDP and Application Patrol Signatures .............................................................. 173
9.3 Updating System Protect Signatures ................................................................................ 175
Part II: Network..................................................................................... 177
Chapter 10
Interface................................................................................................................................. 179
10.1 Interface Overview ........................................................................................................... 179
10.1.1 Types of Interfaces ................................................................................................. 179
10.1.2 IP Address Assignment .......................................................................................... 180
10.1.3 Interface Parameters .............................................................................................. 182
10.1.4 DHCP Settings ....................................................................................................... 182
10.1.5 Ping Check Settings ............................................................................................... 183
10.1.6 Relationships Between Interfaces .......................................................................... 184
10.2 Ethernet Interfaces .......................................................................................................... 184
10.2.1 Ethernet Interfaces Overview ................................................................................. 184
10.2.2 Interface Summary Screen .................................................................................... 185
10.2.3 Ethernet Summary Screen ..................................................................................... 188
10.2.4 Ethernet Edit ......................................................................................................... 189
10.3 Port Grouping ................................................................................................................. 194
10.3.1 Port Grouping Overview ......................................................................................... 194
10.3.2 Port Grouping Screen ............................................................................................ 195
10.4 VLAN Interfaces ............................................................................................................. 196
10.4.1 VLAN Overview ...................................................................................................... 196
10.4.2 VLAN Interfaces Overview ..................................................................................... 198
10.4.3 VLAN Summary Screen ......................................................................................... 198
10.4.4 VLAN Add/Edit ...................................................................................................... 199
10.5 Bridge Interfaces ............................................................................................................ 203
10.5.1 Bridge Overview ..................................................................................................... 204
10.5.2 Bridge Interface Overview ...................................................................................... 205
10.5.3 Bridge Summary .................................................................................................... 205
10.5.4 Bridge Add/Edit ..................................................................................................... 206
10.6 PPPoE/PPTP Interfaces ................................................................................................. 210
ZyWALL USG 1000 User’s Guide
15
Table of Contents
10.6.1 PPPoE/PPTP Overview ......................................................................................... 210
10.6.2 PPPoE/PPTP Interfaces Overview .........................................................................211
10.6.3 PPPoE/PPTP Interface Summary .......................................................................... 212
10.6.4 PPPoE/PPTP Interface Add/Edit ........................................................................... 213
10.7 Auxiliary Interface ........................................................................................................... 215
10.7.1 Auxiliary Interface Overview ................................................................................... 215
10.7.2 Auxiliary .................................................................................................................. 215
10.8 Virtual Interfaces ............................................................................................................. 217
10.8.1 Virtual Interfaces Add/Edit ...................................................................................... 217
Chapter 11
Trunks ....................................................................................................................................219
11.1 Trunks Overview .............................................................................................................. 219
11.2 Trunk Scenario Examples ................................................................................................ 219
11.3 Load Balancing Introduction ............................................................................................ 219
11.4 Load Balancing Algorithms .............................................................................................. 220
11.4.1 Least Load First ...................................................................................................... 220
11.4.2 Weighted Round Robin .......................................................................................... 221
11.4.3 Spillover .................................................................................................................. 221
11.5 Trunk Summary ............................................................................................................... 222
11.6 Configuring a Trunk ........................................................................................................ 222
Chapter 12
Policy and Static Routes......................................................................................................225
12.1 Policy Route .................................................................................................................... 225
12.1.1 Benefits .................................................................................................................. 225
12.2 Routing Policy .................................................................................................................. 225
12.2.1 NAT and SNAT ....................................................................................................... 226
12.2.2 Port Triggering ....................................................................................................... 226
12.2.3 Maximize Bandwidth Usage ................................................................................... 227
12.2.4 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 227
12.3 IP Routing Policy Setup ...................................................................................................227
12.4 Policy Route Edit ............................................................................................................ 229
12.5 IP Static Routes .............................................................................................................. 232
12.6 Static Route Summary ..................................................................................................... 233
12.7 Edit a Static Route .......................................................................................................... 233
Chapter 13
Routing Protocols.................................................................................................................235
13.1 Routing Protocols Overview ............................................................................................ 235
13.1.1 RIP Overview ......................................................................................................... 235
13.1.2 Authentication Types .............................................................................................. 236
13.2 RIP Screen ...................................................................................................................... 236
16
ZyWALL USG 1000 User’s Guide
Table of Contents
13.3 OSPF Overview .............................................................................................................. 237
13.3.1 OSPF Areas ........................................................................................................... 238
13.3.2 OSPF Routers ........................................................................................................ 239
13.3.3 Virtual Links ............................................................................................................ 240
13.3.4 OSPF Configuration ............................................................................................... 240
13.4 OSPF Screens ................................................................................................................. 241
13.4.1 OSPF Summary ..................................................................................................... 241
13.4.2 OSPF Area Add/Edit ............................................................................................. 242
Chapter 14
Zones ....................................................................................................................................245
14.1 Zones Overview ............................................................................................................... 245
14.1.1 Effect of Zones on Different Types of Traffic .......................................................... 245
14.2 Zone Summary ................................................................................................................ 246
14.3 Zone Add/Edit ................................................................................................................. 247
Chapter 15
DDNS...................................................................................................................................... 249
15.1 DDNS Overview .............................................................................................................. 249
15.1.1 DYNDNS Wildcard ................................................................................................. 249
15.1.2 High Availability (HA) ............................................................................................. 250
15.1.3 Mail Exchanger ...................................................................................................... 250
15.2 DDNS Screens ................................................................................................................ 250
15.3 DDNS Summary ..............................................................................................................251
15.4 Dynamic DNS Add/Edit .................................................................................................. 252
Chapter 16
Virtual Servers....................................................................................................................... 255
16.1 Virtual Server Overview ...................................................................................................255
16.2 Virtual Server Example ....................................................................................................256
16.3 Virtual Server Screens ..................................................................................................... 256
16.4 Virtual Server Summary Screen ...................................................................................... 256
16.4.1 Virtual Server Add/Edit .......................................................................................... 258
Chapter 17
HTTP Redirect ...................................................................................................................... 261
17.1 HTTP Redirect Overview ................................................................................................. 261
17.1.1 Web Proxy Server .................................................................................................. 261
17.2 HTTP Redirect, Firewall and Policy Route ...................................................................... 261
17.3 Configuring HTTP Redirect ............................................................................................. 262
17.4 HTTP Redirect Edit ......................................................................................................... 263
Chapter 18
ALG ........................................................................................................................................265
ZyWALL USG 1000 User’s Guide
17
Table of Contents
18.1 ALG Introduction .............................................................................................................. 265
18.1.1 Application Layer Gateway (ALG) and NAT ........................................................... 265
18.1.2 ALG and Trunks ..................................................................................................... 265
18.1.3 FTP ........................................................................................................................ 266
18.1.4 H.323 ...................................................................................................................... 266
18.1.5 RTP ........................................................................................................................ 266
18.1.6 SIP ......................................................................................................................... 267
18.2 Peer-to-Peer Calls and the ZyWALL ............................................................................... 268
18.2.1 VoIP Calls from the WAN with Multiple Outgoing Calls .......................................... 268
18.2.2 VoIP with Multiple WAN IP Addresses ................................................................... 268
18.3 ALG Screen ..................................................................................................................... 269
18.4 WAN to LAN SIP Peer-to-peer Calls Example ................................................................ 271
Part III: Firewall and VPN..................................................................... 275
Chapter 19
Firewall.................................................................................................................................277
19.1 Firewall Overview ............................................................................................................ 277
19.2 Firewall Rules .................................................................................................................. 278
19.2.1 Rule Directions ....................................................................................................... 278
19.2.2 Firewall and VPN Traffic ......................................................................................... 280
19.3 Firewall Rule Example Applications ................................................................................ 280
19.4 Alerts ............................................................................................................................... 282
19.5 Asymmetrical Routes .......................................................................................................282
19.5.1 Virtual Interfaces and Asymmetrical Routes .......................................................... 283
19.6 Configuring the Firewall ................................................................................................... 283
19.6.1 Edit a Firewall Rule ................................................................................................ 286
19.7 Firewall Rule Configuration Example .............................................................................. 287
Chapter 20
IPSec VPN..............................................................................................................................291
20.1 IPSec VPN Overview ....................................................................................................... 291
20.1.1 IPSec SA Overview ................................................................................................ 292
20.1.2 Additional Topics for IPSec SA ............................................................................... 294
20.2 VPN Related Configuration ............................................................................................. 296
20.3 VPN Connection Screens ................................................................................................ 297
20.3.1 VPN Connection Summary .................................................................................... 297
20.3.2 VPN Connection Add/Edit IKE .............................................................................. 298
20.3.3 VPN Connection Add/Edit Manual Key .................................................................. 302
20.4 VPN Gateway Screens ................................................................................................... 306
20.4.1 IKE SA Overview .................................................................................................... 306
18
ZyWALL USG 1000 User’s Guide
Table of Contents
20.4.2 Additional Topics for IKE SA .................................................................................. 310
20.4.3 VPN Gateway Summary ........................................................................................ 312
20.4.4 VPN Gateway Add/Edit ......................................................................................... 313
20.5 VPN Concentrator ........................................................................................................... 318
20.5.1 VPN Concentrator Summary .................................................................................. 319
20.5.2 VPN Concentrator Add/Edit .................................................................................. 319
20.6 SA Monitor Screen ......................................................................................................... 320
20.6.1 Regular Expressions in Searching IPSec SAs by Name or Policy ......................... 322
Chapter 21
SSL VPN................................................................................................................................. 323
21.1 SSL Access Policy ........................................................................................................... 323
21.1.1 SSL Access Policy Objects .................................................................................... 323
21.1.2 SSL Access Policy Limitations ............................................................................... 324
21.2 SSL Access Privilege List ................................................................................................ 324
21.3 Creating/Editing an SSL Access Policy .......................................................................... 325
21.4 SSL Connection Monitor .................................................................................................. 326
21.5 Configuring SSL Global Setting ....................................................................................... 327
21.5.1 Uploading a Custom Logo ...................................................................................... 329
21.6 Establishing an SSL VPN Connection ............................................................................. 329
Chapter 22
SSL User Screens .................................................................................................................331
22.1 Overview .......................................................................................................................... 331
22.1.1 Network Resource Access Methods ...................................................................... 331
22.1.2 System Requirements ............................................................................................ 331
22.1.3 Information You Need ............................................................................................ 332
22.1.4 Certificates ............................................................................................................. 332
22.2 Remote User Login .......................................................................................................... 332
22.3 SSL VPN User Screens ................................................................................................... 334
22.4 Bookmark ........................................................................................................................ 335
22.5 Logout .............................................................................................................................. 335
Chapter 23
SSL User Application Screens ............................................................................................337
23.1 Overview .......................................................................................................................... 337
23.1.1 The Application Screen .......................................................................................... 337
Chapter 24
SSL User File Sharing Screens ...........................................................................................339
24.1 Overview .......................................................................................................................... 339
24.2 Main File Sharing Screen ................................................................................................ 339
24.3 Opening a File or Folder ..................................................................................................340
ZyWALL USG 1000 User’s Guide
19
Table of Contents
24.3.1 Downloading a File ................................................................................................. 341
24.3.2 Saving a File .......................................................................................................... 341
24.4 Creating a New Folder .....................................................................................................342
24.5 Renaming a File or Folder ............................................................................................... 342
24.6 Deleting a File or Folder .................................................................................................. 343
24.7 Uploading a File ............................................................................................................... 344
Chapter 25
L2TP VPN...............................................................................................................................345
25.1 L2TP VPN Overview ........................................................................................................ 345
25.2 IPSec Configuration ......................................................................................................... 345
25.2.1 Using the Default L2TP VPN Connection .............................................................. 346
25.3 Policy Route .................................................................................................................... 346
25.4 L2TP VPN Configuration ................................................................................................. 347
25.5 L2TP VPN Session Monitor ............................................................................................. 348
Chapter 26
L2TP VPN Example ...............................................................................................................351
26.1 L2TP VPN Example ......................................................................................................... 351
26.2 Configuring the Default L2TP VPN Gateway Example .................................................... 351
26.3 Configuring the Default L2TP VPN Connection Example ................................................ 353
26.4 Configuring the L2TP VPN Settings Example ................................................................. 354
26.5 Configuring the Policy Route for L2TP Example ............................................................. 354
26.6 Configuring L2TP VPN in Windows XP and 2000 ........................................................... 355
26.6.1 Configuring L2TP in Windows XP .......................................................................... 356
26.6.2 Configuring L2TP in Windows 2000 ....................................................................... 361
Part IV: Application Patrol & Anti-X.................................................... 377
Chapter 27
Application Patrol ................................................................................................................. 379
27.1 Application Patrol Overview ............................................................................................. 379
27.2 Classification of Applications ........................................................................................... 379
27.3 Configurable Application Policies .................................................................................... 380
27.4 Bandwidth Management .................................................................................................. 380
27.4.1 Connection and Packet Directions ......................................................................... 381
27.4.2 Outbound and Inbound Bandwidth Limits .............................................................. 381
27.4.3 Bandwidth Management Priority ............................................................................ 382
27.4.4 Maximize Bandwidth Usage ................................................................................... 382
27.4.5 Bandwidth Management Behavior ......................................................................... 382
27.5 Application Patrol Bandwidth Management Examples .................................................... 384
20
ZyWALL USG 1000 User’s Guide
Table of Contents
27.5.1 Setting the Interface’s Bandwidth ........................................................................... 385
27.5.2 SIP Any to WAN Bandwidth Management Example .............................................. 385
27.5.3 SIP WAN to Any Bandwidth Management Example .............................................. 386
27.5.4 HTTP Any to WAN Bandwidth Management Example ........................................... 386
27.5.5 FTP WAN to DMZ Bandwidth Management Example ............................................ 386
27.5.6 FTP LAN to DMZ Bandwidth Management Example ............................................. 387
27.6 Other Applications ........................................................................................................... 388
27.7 Application Patrol Screens .............................................................................................. 388
27.8 Application Patrol General ............................................................................................... 388
27.9 Application Patrol Applications ........................................................................................ 390
27.9.1 Application Patrol Edit ............................................................................................ 391
27.9.2 Application Patrol Policy Edit ................................................................................ 393
27.10 Other Protocol Screen .................................................................................................. 395
27.10.1 Other Configuration Add/Edit .............................................................................. 397
27.11 Application Patrol Statistics ............................................................................................399
27.11.1 Application Patrol Statistics: General Setup ......................................................... 399
27.11.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 400
27.11.3 Application Patrol Statistics: Protocol Statistics ................................................... 400
Chapter 28
Anti-Virus...............................................................................................................................403
28.1 Anti-Virus Overview ......................................................................................................... 403
28.1.1 Types of Computer Viruses ................................................................................... 403
28.1.2 Computer Virus Infection and Prevention .............................................................. 403
28.1.3 Types of Anti-Virus Scanner .................................................................................. 404
28.2 Introduction to the ZyWALL Anti-Virus Scanner .............................................................. 404
28.2.1 How the ZyWALL Anti-Virus Scanner Works ........................................................ 404
28.2.2 Notes About the ZyWALL Anti-Virus ...................................................................... 405
28.3 Anti-Virus Summary ......................................................................................................... 406
28.3.1 Anti-Virus Policy Edit .............................................................................................. 408
28.4 Anti-Virus Setting ............................................................................................................. 410
28.5 Anti-Virus White List Add/Edit .......................................................................................... 412
28.6 Anti-Virus Black List Add/Edit .......................................................................................... 413
28.7 Signature Searching ........................................................................................................ 413
Chapter 29
IDP ......................................................................................................................................... 417
29.1 Introduction to IDP ........................................................................................................... 417
29.1.1 Host Intrusions ....................................................................................................... 417
29.1.2 Network Intrusions ................................................................................................. 417
29.1.3 IDP on the ZyWALL ............................................................................................... 417
29.1.4 Signatures ..............................................................................................................418
29.2 Traffic Directions and Profiles .......................................................................................... 418
ZyWALL USG 1000 User’s Guide
21
Table of Contents
29.3 Configuring IDP General ................................................................................................. 418
29.4 Configuring IDP Bindings ................................................................................................ 420
29.5 Introducing IDP Profiles ................................................................................................. 421
29.5.1 Base Profiles .......................................................................................................... 421
29.6 Profile Summary Screen .................................................................................................. 422
29.7 Creating New Profiles ...................................................................................................... 423
29.7.1 Procedure To Create a New Profile ........................................................................ 423
29.8 Profiles: Packet Inspection ............................................................................................. 424
29.8.1 Profile > Group View Screen .................................................................................. 424
29.8.2 Policy Types ........................................................................................................... 427
29.8.3 IDP Service Groups ............................................................................................... 428
29.8.4 Profile > Query View Screen .................................................................................. 429
29.8.5 Query Example ...................................................................................................... 431
29.9 Introducing IDP Custom Signatures ............................................................................... 432
29.9.1 IP Packet Header ................................................................................................... 432
29.10 Configuring Custom Signatures ..................................................................................... 434
29.10.1 Creating or Editing a Custom Signature .............................................................. 435
29.10.2 Custom Signature Example ................................................................................. 439
29.10.3 Applying Custom Signatures ................................................................................ 442
29.10.4 Verifying Custom Signatures ................................................................................ 442
29.10.5 Snort Signatures .................................................................................................. 443
Chapter 30
ADP .......................................................................................................................................445
30.1 Introduction to ADP ......................................................................................................... 445
30.1.1 Host Intrusions ....................................................................................................... 445
30.1.2 Network Intrusions ................................................................................................. 445
30.1.3 ADP on the ZyWALL .............................................................................................. 446
30.2 Traffic Directions and Profiles .......................................................................................... 446
30.3 Configuring ADP General ................................................................................................ 446
30.4 Configuring Anomaly Profile Bindings ............................................................................. 447
30.5 Introducing ADP Profiles ............................................................................................... 448
30.5.1 Base Profiles .......................................................................................................... 448
30.6 Profile Summary Screen .................................................................................................. 449
30.7 Creating New Profiles ...................................................................................................... 450
30.7.1 Procedure To Create a New Profile ........................................................................ 450
30.8 Profiles: Traffic Anomaly ................................................................................................. 450
30.8.1 Port Scanning ......................................................................................................... 451
30.8.2 Flood Detection ...................................................................................................... 452
30.8.3 Profile > Traffic Anomaly Screen ............................................................................ 455
30.9 Profiles: Protocol Anomaly ............................................................................................. 456
30.9.1 HTTP Inspection and TCP/UDP/ICMP Decoders .................................................. 457
30.9.2 Protocol Anomaly Configuration ............................................................................. 459
22
ZyWALL USG 1000 User’s Guide
Table of Contents
Chapter 31
Content Filter Screens..........................................................................................................463
31.1 Content Filter Overview ...................................................................................................463
31.1.1 Content Filter Policies ............................................................................................ 463
31.1.2 Content Filter Profiles ............................................................................................. 463
31.1.3 Content Filter Configuration Guidelines ................................................................. 464
31.2 Content Filter General Screen ......................................................................................... 464
31.3 Content Filter Policy Screen ........................................................................................... 466
31.4 Content Filter Profile Screen .......................................................................................... 467
31.5 External Web Filtering Service ........................................................................................ 468
31.6 Content Filter Categories Screen ................................................................................... 469
31.7 Content Filter Customization Screen .............................................................................. 477
31.8 Keyword Blocking URL Checking .................................................................................... 480
31.9 Content Filter Cache Screen .......................................................................................... 480
Chapter 32
Content Filter Reports ..........................................................................................................483
32.1 Viewing Content Filter Reports ........................................................................................ 483
32.2 Web Site Submission .......................................................................................................488
Part V: Device HA & Objects ............................................................... 491
Chapter 33
Device HA ............................................................................................................................. 493
33.1 Virtual Router Redundancy Protocol (VRRP) Overview .................................................. 493
33.1.1 Additional VRRP Notes .......................................................................................... 495
33.2 VRRP Group Overview .................................................................................................... 495
33.2.1 Link Monitoring and Remote Management ............................................................ 496
33.3 Device HA Screens .........................................................................................................496
33.4 VRRP Group Summary ................................................................................................... 496
33.5 VRRP Group Add/Edit .................................................................................................... 498
33.6 Synchronization Overview .............................................................................................. 500
33.6.1 Synchronization and Subscription Services .......................................................... 500
33.6.2 Synchronize Screen ............................................................................................... 501
Chapter 34
User/Group ........................................................................................................................... 503
34.1 User Account Overview ................................................................................................... 503
34.1.1 User Types ............................................................................................................. 503
34.1.2 Ext-User Accounts ................................................................................................. 504
34.1.3 User Groups ........................................................................................................... 505
ZyWALL USG 1000 User’s Guide
23
Table of Contents
34.1.4 Access Users and the ZyWALL .............................................................................. 505
34.1.5 Force User Authentication Policy ........................................................................... 505
34.2 User Summary ................................................................................................................. 506
34.2.1 User Add/Edit ........................................................................................................ 506
34.3 Group Summary ............................................................................................................. 508
34.3.1 Group Add/Edit ...................................................................................................... 509
34.4 Setting Screen ................................................................................................................ 510
34.4.1 Force User Authentication Policy Add/Edit ........................................................... 512
34.5 Web Configurator for Non-Admin Users .......................................................................... 513
Chapter 35
Addresses............................................................................................................................. 515
35.1 Addresses Overview ........................................................................................................515
35.2 Address Screens ............................................................................................................. 515
35.2.1 Address Summary .................................................................................................. 515
35.2.2 Address Add/Edit .................................................................................................. 516
35.3 Address Group Screens ................................................................................................. 517
35.3.1 Address Group Summary ....................................................................................... 517
35.3.2 Address Group Add/Edit ....................................................................................... 518
Chapter 36
Services ................................................................................................................................. 521
36.1 Services Overview ........................................................................................................... 521
36.1.1 IP Protocols ............................................................................................................521
36.1.2 Service Objects and Service Groups ..................................................................... 521
36.2 Service Summary Screen ................................................................................................ 522
36.2.1 Service Add/Edit .................................................................................................... 523
36.3 Service Group Summary Screen .................................................................................... 524
36.3.1 Service Group Add/Edit ......................................................................................... 524
Chapter 37
Schedules.............................................................................................................................. 527
37.1 Schedule Overview .......................................................................................................... 527
37.2 Schedule Screens ........................................................................................................... 527
37.2.1 Schedule Summary ................................................................................................ 527
37.2.2 One-Time Schedule Add/Edit ................................................................................ 528
37.2.3 Recurring Schedule Add/Edit ................................................................................ 529
Chapter 38
AAA Server ...........................................................................................................................531
24
38.1 AAA Server Overview ...................................................................................................... 531
38.1.1 ASAS ...................................................................................................................... 531
38.1.2 User Authentication Method ................................................................................... 532
ZyWALL USG 1000 User’s Guide
Table of Contents
38.2 Directory Service (AD/LDAP) Overview .......................................................................... 532
38.2.1 Directory Structure ................................................................................................. 532
38.2.2 Distinguished Name (DN) ...................................................................................... 533
38.2.3 Configuring Active Directory or LDAP Default Server Settings .............................. 533
38.3 Active Directory or LDAP Group Summary .................................................................... 534
38.3.1 Creating an Active Directory or LDAP Group ......................................................... 535
38.4 RADIUS Server .............................................................................................................. 536
38.5 Configuring a Default RADIUS Server ............................................................................. 537
38.6 Configuring a Group of RADIUS Servers ....................................................................... 538
38.6.1 Adding a RADIUS Server Member ......................................................................... 538
Chapter 39
Authentication Objects........................................................................................................541
39.1 Authentication Objects Overview ..................................................................................... 541
39.2 Viewing Authentication Objects ....................................................................................... 541
39.3 Creating an Authentication Object .................................................................................. 542
39.3.1 Example: Selecting a VPN Authentication Method ............................................... 543
Chapter 40
Certificates ............................................................................................................................ 545
40.1 Certificates Overview ....................................................................................................... 545
40.1.1 Advantages of Certificates ..................................................................................... 546
40.2 Self-signed Certificates .................................................................................................... 546
40.3 Factory Default Certificate ...............................................................................................546
40.3.1 Certificate File Formats .......................................................................................... 546
40.4 Certificate Configuration Screens Summary ................................................................... 547
40.5 Verifying a Certificate ....................................................................................................... 547
40.5.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 547
40.6 My Certificates Screen ....................................................................................................548
40.6.1 My Certificates Add Screen .................................................................................. 549
40.6.2 My Certificate Edit Screen ..................................................................................... 552
40.6.3 My Certificate Import Screen ................................................................................. 555
40.7 Trusted Certificates Screen ............................................................................................ 556
40.7.1 OCSP ..................................................................................................................... 556
40.8 Trusted Certificates Edit Screen ..................................................................................... 557
40.9 Trusted Certificates Import Screen ................................................................................. 560
Chapter 41
ISP Accounts.........................................................................................................................563
41.1 ISP Accounts Overview ................................................................................................... 563
41.2 ISP Account Summary .................................................................................................... 563
41.3 ISP Account Edit ............................................................................................................. 564
ZyWALL USG 1000 User’s Guide
25
Table of Contents
Chapter 42
SSL Application .................................................................................................................... 567
42.1 SSL Application Overview ............................................................................................... 567
42.1.1 Application Types ................................................................................................... 567
42.1.2 Remote User Screen Links .................................................................................... 567
42.2 SSL Application Configuration ......................................................................................... 567
42.3 Creating/Editing an SSL Application ................................................................................ 568
42.3.1 Web-based Application .......................................................................................... 568
42.3.2 Example: Specifying a Web Site for Access .......................................................... 569
42.3.3 Configuring File Sharing ......................................................................................... 570
Part VI: System..................................................................................... 573
Chapter 43
System ................................................................................................................................. 575
43.1 System Overview ............................................................................................................. 575
43.2 Host Name ....................................................................................................................... 575
43.3 Time and Date ................................................................................................................ 576
43.3.1 Pre-defined NTP Time Servers List ........................................................................ 578
43.3.2 Time Server Synchronization ................................................................................. 578
43.4 Console Port Speed ........................................................................................................ 579
43.5 DNS Overview ................................................................................................................ 580
43.5.1 DNS Server Address Assignment .......................................................................... 580
43.5.2 DNS Servers .......................................................................................................... 580
43.5.3 Configuring DNS .................................................................................................... 580
43.5.4 Address Record .................................................................................................... 583
43.5.5 PTR Record ........................................................................................................... 583
43.5.6 Adding an Address/PTR Record ............................................................................ 583
43.5.7 Domain Zone Forwarder ....................................................................................... 584
43.5.8 Adding a Domain Zone Forwarder ......................................................................... 584
43.5.9 MX Record ............................................................................................................ 585
43.5.10 Adding a MX Record ............................................................................................ 585
43.5.11 DNS Service Control .......................................................................................... 585
43.6 Language Screen ........................................................................................................... 586
Chapter 44
Service Control .................................................................................................................... 587
44.1 Service Control Overview ................................................................................................ 587
44.1.1 Service Access Limitations .................................................................................... 588
44.1.2 System Timeout ..................................................................................................... 588
44.2 HTTPS ............................................................................................................................. 588
26
ZyWALL USG 1000 User’s Guide
Table of Contents
44.3 Configuring WWW ...........................................................................................................589
44.4 Service Control Rules ..................................................................................................... 592
44.5 HTTPS Example .............................................................................................................. 592
44.5.1 Internet Explorer Warning Messages ..................................................................... 593
44.5.2 Netscape Navigator Warning Messages ................................................................ 593
44.5.3 Avoiding Browser Warning Messages .................................................................... 594
44.5.4 Login Screen .......................................................................................................... 595
44.5.5 Enrolling and Importing SSL Client Certificates ..................................................... 595
44.5.6 Using a Certificate When Accessing the ZyWALL Example .................................. 599
44.6 SSH .............................................................................................................................. 600
44.6.1 How SSH Works .................................................................................................... 600
44.6.2 SSH Implementation on the ZyWALL ..................................................................... 601
44.6.3 Requirements for Using SSH ................................................................................. 601
44.6.4 Configuring SSH .................................................................................................... 601
44.7 Secure Telnet Using SSH Examples ............................................................................... 602
44.7.1 Example 1: Microsoft Windows .............................................................................. 602
44.7.2 Example 2: Linux .................................................................................................... 603
44.8 Telnet .............................................................................................................................. 604
44.8.1 Configuring Telnet .................................................................................................. 604
44.9 Configuring FTP ............................................................................................................. 605
44.10 SNMP ........................................................................................................................... 606
44.10.1 Supported MIBs ................................................................................................... 607
44.10.2 SNMP Traps ......................................................................................................... 607
44.10.3 Configuring SNMP ............................................................................................... 608
44.11 Dial-in Management .......................................................................................................609
44.11.1 a managementAT Command Strings ................................................................... 609
44.11.2 DTR Signal ........................................................................................................... 609
44.11.3 Response Strings ................................................................................................. 609
44.12 Dial-in Mgmt Configuration ............................................................................................ 609
44.13 Vantage CNM ............................................................................................................... 610
44.14 Configuring Vantage CNM ..............................................................................................611
Part VII: Maintenance & Troubleshooting.......................................... 613
Chapter 45
File Manager.......................................................................................................................... 615
45.1 Configuration Files and Shell Scripts Overview .............................................................. 615
45.1.1 Comments in Configuration Files or Shell Scripts .................................................. 616
45.1.2 Errors in Configuration Files or Shell Scripts ......................................................... 617
45.1.3 ZyWALL Configuration File Details ....................................................................... 617
45.1.4 Configuration File Flow at Restart .......................................................................... 617
ZyWALL USG 1000 User’s Guide
27
Table of Contents
45.2 Configuration File Screen ................................................................................................ 618
45.3 Firmware Package Screen ............................................................................................. 620
45.4 Shell Script Screen ......................................................................................................... 622
Chapter 46
Logs ......................................................................................................................................625
46.1 View Log Screen .............................................................................................................. 625
46.2 Log Settings Screens .....................................................................................................627
46.3 Log Settings Summary .................................................................................................... 628
46.3.1 Log Settings Edit E-mail ........................................................................................ 629
46.3.2 Log Settings Edit syslog ........................................................................................ 632
46.3.3 Active Log Summary ............................................................................................. 634
Chapter 47
Reports ................................................................................................................................. 637
47.1 Traffic Screen .................................................................................................................. 637
47.2 Session Screen .............................................................................................................. 640
47.3 Anti-Virus Report Screen ................................................................................................. 642
47.4 IDP Report Screen .......................................................................................................... 643
Chapter 48
Diagnostics...........................................................................................................................647
48.1 Diagnostics ...................................................................................................................... 647
Chapter 49
Reboot.................................................................................................................................... 649
Chapter 50
Troubleshooting....................................................................................................................651
50.1 Getting More Troubleshooting Help ................................................................................. 652
50.2 Resetting the ZyWALL ..................................................................................................... 652
Part VIII: Appendices and Index ......................................................... 655
Appendix A Product Specifications.......................................................................................657
Appendix B Log Descriptions ...............................................................................................663
Appendix C Common Services ............................................................................................703
Appendix D Displaying Anti-Virus Alert Messages in Windows............................................707
Appendix E Importing Certificates ........................................................................................713
28
ZyWALL USG 1000 User’s Guide
Table of Contents
Appendix F Open Software Announcements .......................................................................719
Appendix G Legal Information..............................................................................................755
Appendix H Customer Support............................................................................................. 759
Index....................................................................................................................................... 765
ZyWALL USG 1000 User’s Guide
29
Table of Contents
30
ZyWALL USG 1000 User’s Guide

List of Figures

List of Figures
Figure 1 ZyWALL USG 1000 Front Panel .............................................................................................. 53
Figure 2 Managing the ZyWALL: Web Configurator ............................................................................... 54
Figure 3 Applications: VPN Connectivity ................................................................................................ 60
Figure 4 Network Access Mode: Reverse Proxy ...................................................................................61
Figure 5 Network Access Mode: Full Tunnel Mode ............................................................................... 61
Figure 6 Applications: User-Aware Access Control ................................................................................ 62
Figure 7 Applications: Multiple WAN Interfaces ...................................................................................... 62
Figure 8 Applications: Device HA ........................................................................................................... 63
Figure 9 Login Screen .......................................................................................................................... 66
Figure 10 Update Admin Info Screen ..................................................................................................... 66
Figure 11 Main Screen .................................................................................................................... 67
Figure 12 Message Bar .......................................................................................................................... 72
Figure 13 Warning Messages ................................................................................................................. 72
Figure 14 CLI Messages ........................................................................................................................ 73
Figure 15 Wizard Setup Welcome .................................................................................................... 76
Figure 16 Internet Access: Step 1 ......................................................................................................... 77
Figure 17 Ethernet Encapsulation: Auto: Finish ..................................................................................... 78
Figure 18 Ethernet Encapsulation: Static ............................................................................................... 79
Figure 19 Ethernet Encapsulation: Static: Finish ................................................................................. 80
Figure 20 PPPoE Encapsulation: Auto ................................................................................................... 81
Figure 21 PPPoE Encapsulation: Auto: Finish ....................................................................................... 82
Figure 22 PPPoE Encapsulation: Static ................................................................................................. 83
Figure 23 PPPoE Encapsulation: Static: Finish ...................................................................................... 85
Figure 24 PPTP Encapsulation: Auto ..................................................................................................... 86
Figure 25 PPTP Encapsulation: Auto: Finish .......................................................................................... 87
Figure 26 PPTP Encapsulation: Static .................................................................................................... 88
Figure 27 PPTP Encapsulation: Static: Finish ....................................................................................... 90
Figure 28 Registration ............................................................................................................................ 92
Figure 29 Registration: Registered Device ............................................................................................. 93
Figure 30 Internet Access: Step 1: First WAN Interface .........................................................................94
Figure 31 Internet Access: Step 3: Second WAN Interface .................................................................... 94
Figure 32 Internet Access: Finish .......................................................................................................... 95
Figure 33 VPN Wizard: Wizard Type ...................................................................................................... 96
Figure 34 VPN Express Wizard: Step 2 ................................................................................................. 97
Figure 35 VPN Express Wizard: Step 3 .................................................................................................. 98
Figure 36 VPN Express Wizard: Step 4 ................................................................................................. 99
Figure 37 VPN Express Wizard: Step 6 ............................................................................................... 100
Figure 38 VPN Advanced Wizard: Step 2 ............................................................................................ 102
ZyWALL USG 1000 User’s Guide
31
List of Figures
Figure 39 VPN Advanced Wizard: Step 3 ............................................................................................. 104
Figure 40 VPN Advanced Wizard: Step 4 ............................................................................................ 106
Figure 41 VPN Advanced Wizard: Step 5 ............................................................................................. 108
Figure 42 VPN Wizard: Step 6: Advanced ............................................................................................ 109
Figure 43 Interfaces and Zones: Example .............................................................................................114
Figure 44 Network > Interface > Port Grouping, Initial .....................................................................126
Figure 45 Network > Interface > Port Grouping, Drag-and-Drop ...................................................... 126
Figure 46 Status: Interface Status Summary After Port Grouping ........................................................ 127
Figure 47 Network > Interface > Ethernet, Initial ............................................................................... 127
Figure 48 Network > Interface > Ethernet > ge4 .................................................................................. 128
Figure 49 Network > Interface > Ethernet > ge5 > IP Address Assignment ......................................... 128
Figure 50 Network > Interface > Ethernet > ge5 > DHCP Setting ........................................................ 128
Figure 51 Status > Interface Status Summary, After Ethernet Interface Edits ...................................... 129
Figure 52 Network > Interface > Trunk, Initial ....................................................................................... 129
Figure 53 Network > Interface > Trunk > Edit, Initial ............................................................................ 129
Figure 54 Network > Interface > Trunk > Edit > Member ................................................................. 130
Figure 55 Network > Zone, Initial ....................................................................................................... 130
Figure 56 Network > Zone > DMZ, Remove ge4 ............................................................................... 131
Figure 57 Network > Zone > WAN, Add ge4 ...................................................................................131
Figure 58 Status: Interface Status Summary After Zone Edits ............................................................. 131
Figure 59 VPN Example ....................................................................................................................... 132
Figure 60 VPN > IPSec VPN > VPN Gateway > Add ........................................................................... 133
Figure 61 Object > Address > Address > Add ...................................................................................... 133
Figure 62 VPN > IPSec VPN > VPN Connection > add ....................................................................... 134
Figure 63 Network > Routing > Policy Route ....................................................................................... 134
Figure 64 Network > Routing > Policy Route > Add ............................................................................. 135
Figure 65 Network > Zone > Add ......................................................................................................... 135
Figure 66 Device HA Example ............................................................................................................. 136
Figure 67 Device HA > VRRP Group > Add: ge1 ................................................................................. 137
Figure 68 Status: Interface Status Summary: Device HA Master Configured ...................................... 137
Figure 69 Network > Device HA > VRRP Group > Add: ge4 ................................................................ 138
Figure 70 Device HA > Synchronize ..................................................................................................... 138
Figure 71 Device HA > VRRP Group > Add .........................................................................................139
Figure 72 Status: Interface Status Summary ........................................................................................ 139
Figure 73 Device HA > Synchronize ..................................................................................................... 140
Figure 74 User/Group > User > Add ..................................................................................................... 141
Figure 75 User/Group > Group > Add .................................................................................................. 141
Figure 76 Object > AAA Server > RADIUS > Default ........................................................................... 142
Figure 77 Object > Auth. method > Add ............................................................................................... 142
Figure 78 System > WWW > Authentication ........................................................................................142
Figure 79 Object > User/Group > Setting > Add (Force User Authentication Policy) ........................... 143
Figure 80 AppPatrol > http ................................................................................................................... 143
Figure 81 AppPatrol > http > Edit Default ............................................................................................. 144
32
ZyWALL USG 1000 User’s Guide
List of Figures
Figure 82 AppPatrol > http > Edit Default ............................................................................................. 144
Figure 83 Object > Schedule > Recurring > add ..................................................................................145
Figure 84 Firewall > LAN > DMZ > Edit ................................................................................................ 145
Figure 85 Firewall > LAN > DMZ > Add ................................................................................................ 146
Figure 86 Trunk Example ..................................................................................................................... 146
Figure 87 Network > Interface > Ethernet > Edit > ge2 ........................................................................ 147
Figure 88 Network > Interface > Trunk > WAN_TRUNK > Edit ............................................................ 147
Figure 89 NAT 1:1 Example Network Topology .................................................................................... 148
Figure 90 Create Address Objects ....................................................................................................... 148
Figure 91 Address Objects ................................................................................................................... 148
Figure 92 NAT 1:1 Example Virtual Server ........................................................................................... 149
Figure 93 Create a Virtual Server ......................................................................................................... 149
Figure 94 NAT 1:1 Example Policy Route ............................................................................................ 150
Figure 95 Create a Policy Route .......................................................................................................... 150
Figure 96 Create a Firewall Rule .......................................................................................................... 151
Figure 97 LAN Computer Queries the DNS Server .............................................................................. 151
Figure 98 NAT Loopback Virtual Server ............................................................................................... 152
Figure 99 Create a Virtual Server ......................................................................................................... 152
Figure 100 Triangle Route ................................................................................................................... 153
Figure 101 NAT Loopback Policy Route ............................................................................................. 153
Figure 102 Create a Policy Route ........................................................................................................ 154
Figure 103 NAT Loopback Successful ............................................................................................... 154
Figure 104 System > WWW ................................................................................................................. 155
Figure 105 System > WWW > Service Control Rule Edit ................................................................... 156
Figure 106 System > WWW ................................................................................................................. 156
Figure 107 Status ............................................................................................................................... 157
Figure 108 Status > VPN Status ........................................................................................................... 161
Figure 109 Status > DHCP Table .......................................................................................................... 162
Figure 110 Status > Port Statistics ..................................................................................................... 163
Figure 111 Status > Current Users ....................................................................................................... 164
Figure 112 Licensing > Registration ..................................................................................................... 166
Figure 113 Licensing > Registration: Registered Device ...................................................................... 168
Figure 114 Licensing > Registration > Service ..................................................................................... 168
Figure 115 Licensing > Update >Anti-Virus ......................................................................................... 172
Figure 116 Licensing > Update > IDP/AppPatrol .................................................................................173
Figure 117 Downloading IDP Signatures .............................................................................................. 174
Figure 118 Successful IDP Signature Download .................................................................................. 174
Figure 119 Licensing > Update > System Protect ............................................................................... 175
Figure 120 Downloading System Protect Signatures ........................................................................... 176
Figure 121 Successful System Protect Signature Download ............................................................... 176
Figure 122 Example: Entry in the Routing Table Derived from Interfaces ............................................ 181
Figure 123 Network > Interface > Interface Summary ..................................................................... 186
Figure 124 Network > Interface > Ethernet ...................................................................................... 188
ZyWALL USG 1000 User’s Guide
33
List of Figures
Figure 125 Network > Interface > Ethernet > Edit ................................................................................ 190
Figure 126 Network > Interface > Ethernet > Edit > Edit static DHCP table ......................................... 194
Figure 127 Port Grouping Example: Network ....................................................................................... 195
Figure 128 Port Grouping Example: Screen ................................................................................... 195
Figure 129 Network > Interface > Port Grouping ............................................................................... 196
Figure 130 Example: Before VLAN ...................................................................................................... 197
Figure 131 Example: After VLAN ......................................................................................................... 197
Figure 132 Network > Interface > VLAN ............................................................................................... 198
Figure 133 Network > Interface > VLAN > Edit .................................................................................... 200
Figure 134 Network > Interface > Edit > Edit static DHCP table .......................................................... 203
Figure 135 Network > Interface > Bridge .............................................................................................. 205
Figure 136 Network > Interface > Bridge > Edit ............................................................................... 207
Figure 137 Network > Interface > Edit > Edit static DHCP table .......................................................... 210
Figure 138 Example: PPPoE/PPTP Interfaces ......................................................................................211
Figure 139 Network > Interface > PPPoE/PPTP .................................................................................. 212
Figure 140 Network > Interface > PPPoE/PPTP > Edit ........................................................................ 213
Figure 141 Network > Interface > Auxiliary .......................................................................................... 216
Figure 142 Network > Interface > Add .................................................................................................. 218
Figure 143 Least Load First Example 1 ................................................................................................ 220
Figure 144 Weighted Round Robin Algorithm Example ....................................................................... 221
Figure 145 Spillover Algorithm Example ............................................................................................... 222
Figure 146 Network > Interface > Trunk ............................................................................................... 222
Figure 147 Network > Interface > Trunk > Edit ..................................................................................... 223
Figure 148 Trigger Port Forwarding Example ....................................................................................... 227
Figure 149 Network > Routing > Policy Route ..................................................................................... 228
Figure 150 Network > Routing > Policy Route > Edit ........................................................................... 230
Figure 151 Example of Static Routing Topology ................................................................................... 232
Figure 152 Network > Routing > Static Route ...................................................................................... 233
Figure 153 Network > Routing > Static Route > Edit ............................................................................ 233
Figure 154 Network > Routing > RIP .................................................................................................... 237
Figure 155 OSPF: Types of Areas ........................................................................................................ 238
Figure 156 OSPF: Types of Routers .................................................................................................... 240
Figure 157 OSPF: Virtual Link .............................................................................................................. 240
Figure 158 Network > Routing > OSPF ................................................................................................ 241
Figure 159 Network > Routing > OSPF > Edit ...................................................................................... 243
Figure 160 Example: Zones ................................................................................................................. 245
Figure 161 Network > Zone .............................................................................................................. 246
Figure 162 Network > Zone > Edit ..................................................................................................... 247
Figure 163 Network > DDNS .............................................................................................................. 251
Figure 164 Network > DDNS > Edit ...................................................................................................... 252
Figure 165 Multiple Servers Behind NAT Example .............................................................................. 256
Figure 166 Network > Virtual Server .................................................................................................... 257
Figure 167 Network > Virtual Server > Edit .......................................................................................... 258
34
ZyWALL USG 1000 User’s Guide
List of Figures
Figure 168 HTTP Redirect Example ..................................................................................................... 262
Figure 169 Network > HTTP Redirect .................................................................................................. 263
Figure 170 Network > HTTP Redirect > Edit ........................................................................................ 263
Figure 171 H.323 ALG Example .......................................................................................................... 267
Figure 172 SIP ALG Example ............................................................................................................. 267
Figure 173 VoIP Calls from the WAN with Multiple Outgoing Calls ...................................................... 268
Figure 174 VoIP with Multiple WAN IP Addresses ............................................................................... 269
Figure 175 Network > ALG .................................................................................................................. 269
Figure 176 WAN to LAN H.323 Peer-to-peer Calls Example ............................................................... 271
Figure 177 Network > Virtual Server > Add .......................................................................................... 271
Figure 178 Firewall > WAN to LAN ....................................................................................................... 272
Figure 179 Firewall > WAN > LAN > Add ............................................................................................ 272
Figure 180 Object > Address > Add ..................................................................................................... 272
Figure 181 Firewall > WAN > LAN > Add ............................................................................................ 273
Figure 182 Default Firewall Action ....................................................................................................... 277
Figure 183 Blocking All LAN to WAN IRC Traffic Example .................................................................. 280
Figure 184 Limited LAN to WAN IRC Traffic Example .......................................................................... 281
Figure 185 Triangle Route: Using Virtual Interfaces ............................................................................. 283
Figure 186 Firewall ............................................................................................................................. 284
Figure 187 Firewall > Edit ..................................................................................................................... 286
Figure 188 Firewall Example: Select the Traveling Direction of Traffic ................................................ 288
Figure 189 Firewall Example: Edit a Firewall Rule 1 ............................................................................288
Figure 190 Firewall Example: Create an Address Object ..................................................................... 289
Figure 191 Firewall Example: Create a Service Object ........................................................................ 289
Figure 192 Firewall Example: Edit a Firewall Rule ............................................................................... 289
Figure 193 Firewall Example: MyService Example Rule in Summary .................................................. 290
Figure 194 VPN: Example .................................................................................................................... 291
Figure 195 VPN: IKE SA and IPSec SA .............................................................................................. 292
Figure 196 VPN: Transport and Tunnel Mode Encapsulation .............................................................. 293
Figure 197 VPN Example: NAT for Inbound and Outbound Traffic ...................................................... 295
Figure 198 VPN > IPSec VPN > VPN Connection ............................................................................... 297
Figure 199 VPN > IPSec VPN > VPN Connection > Edit (IKE) ........................................................... 299
Figure 200 VPN > IPSec VPN > VPN Connection > Manual Key > Edit .............................................. 303
Figure 201 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ....................................... 307
Figure 202 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange .................................... 308
Figure 203 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication ........................................... 309
Figure 204 VPN/NAT Example ..............................................................................................................311
Figure 205 VPN > IPSec VPN > VPN Gateway ................................................................................... 312
Figure 206 VPN > IPSec VPN > VPN Gateway > Edit ......................................................................... 314
Figure 207 VPN Topologies .................................................................................................................. 318
Figure 208 VPN > IPSec VPN > Concentrator ..................................................................................... 319
Figure 209 VPN > IPSec VPN > Concentrator > Edit ........................................................................... 319
Figure 210 Network > IPSec VPN > Concentrator > Edit > Member .................................................... 320
ZyWALL USG 1000 User’s Guide
35
List of Figures
Figure 211 VPN > IPSec VPN > SA Monitor ........................................................................................321
Figure 212 VPN > SSL VPN > Access Privilege ................................................................................. 324
Figure 213 VPN > SSL VPN > Access Privilege > Add/Edit ................................................................ 325
Figure 214 VPN > SSL VPN > Connection Monitor ............................................................................ 327
Figure 215 VPN > SSL VPN > Global Setting .....................................................................................328
Figure 216 Example Logo Graphic Display ......................................................................................... 329
Figure 217 SSL VPN Client Portal Screen Example ........................................................................... 330
Figure 218 Network Example .............................................................................................................. 331
Figure 219 Enter the Address in a Web Browser ............................................................................... 332
Figure 220 Login Security Screen ..................................................................................................... 333
Figure 221 Login Screen .................................................................................................................... 333
Figure 222 SecuExtender Progress .................................................................................................. 333
Figure 223 Remote User Screen ...................................................................................................... 334
Figure 224 Add Favorite ...................................................................................................................... 335
Figure 225 Logout: Prompt .................................................................................................................. 335
Figure 226 Logout: Connection Termination Progress ........................................................................ 335
Figure 227 Application ......................................................................................................................... 337
Figure 228 File Sharing ....................................................................................................................... 340
Figure 229 File Sharing: Enter Access User Name and Password .................................................... 340
Figure 230 File Sharing: Open a Word File ........................................................................................ 341
Figure 231 File Sharing: Save a Word File ......................................................................................... 342
Figure 232 File Sharing: Save a Word File ......................................................................................... 342
Figure 233 File Sharing: Rename ........................................................................................................ 343
Figure 234 File Sharing: Rename ........................................................................................................ 343
Figure 235 File Sharing: Delete Prompt .............................................................................................. 343
Figure 236 File Sharing: File Upload ................................................................................................... 344
Figure 237 L2TP VPN Overview .......................................................................................................... 345
Figure 238 Policy Route for L2TP VPN ............................................................................................... 346
Figure 239 VPN > L2TP VPN ............................................................................................................... 347
Figure 240 VPN > L2TP VPN > Session Monitor ................................................................................. 348
Figure 241 L2TP VPN Example ........................................................................................................... 351
Figure 242 VPN > IPSec VPN > VPN Gateway > Edit ........................................................................ 352
Figure 243 VPN > IPSec VPN > VPN Gateway (Enable) .................................................................... 352
Figure 244 VPN > IPSec VPN > VPN Connection > Edit ................................................................... 353
Figure 245 VPN > IPSec VPN > VPN Connection (Enable) ................................................................ 354
Figure 246 VPN > L2TP VPN Example ................................................................................................ 354
Figure 247 Routing > Add: L2TP VPN Example ................................................................................... 355
Figure 248 New Connection Wizard: Network Connection Type .......................................................... 356
Figure 249 New Connection Wizard: Network Connection .................................................................. 356
Figure 250 New Connection Wizard: Connection Name ...................................................................... 357
Figure 251 New Connection Wizard: Public Network ........................................................................... 357
Figure 252 New Connection Wizard: VPN Server Selection ................................................................ 358
Figure 253 Connect L2TP to ZyWALL .................................................................................................. 358
36
ZyWALL USG 1000 User’s Guide
List of Figures
Figure 254 Connect L2TP to ZyWALL: Security ................................................................................... 359
Figure 255 Connect ZyWALL L2TP: Security > Advanced ................................................................... 359
Figure 256 L2TP to ZyWALL Properties > Security .............................................................................. 360
Figure 257 L2TP to ZyWALL Properties > Security > IPSec Settings ................................................. 360
Figure 258 L2TP to ZyWALL Properties: Networking ........................................................................... 360
Figure 259 Connect L2TP to ZyWALL .................................................................................................. 361
Figure 260 ZyWALL-L2TP System Tray Icon ....................................................................................... 361
Figure 261 ZyWALL-L2TP Status: Details ............................................................................................ 361
Figure 262 Starting the Registry Editor ................................................................................................. 362
Figure 263 Registry Key ....................................................................................................................... 362
Figure 264 New DWORD Value ........................................................................................................... 362
Figure 265 ProhibitIpSec DWORD Value ............................................................................................. 363
Figure 266 Run mmc ............................................................................................................................ 363
Figure 267 Console > Add/Remove Snap-in ........................................................................................363
Figure 268 Add > IP Security Policy Management > Finish ................................................................. 364
Figure 269 Create IP Security Policy .................................................................................................... 364
Figure 270 IP Security Policy: Name .................................................................................................... 365
Figure 271 IP Security Policy: Request for Secure Communication .................................................... 365
Figure 272 IP Security Policy: Completing the IP Security Policy Wizard ............................................ 365
Figure 273 IP Security Policy Properties > Add .................................................................................... 366
Figure 274 IP Security Policy Properties: Tunnel Endpoint .................................................................. 366
Figure 275 IP Security Policy Properties: Network Type ...................................................................... 367
Figure 276 IP Security Policy Properties: Authentication Method ........................................................ 367
Figure 277 IP Security Policy Properties: IP Filter List ......................................................................... 368
Figure 278 IP Security Policy Properties: IP Filter List > Add .............................................................. 368
Figure 279 Filter Properties: Addressing .............................................................................................. 369
Figure 280 Filter Properties: Protocol ................................................................................................... 369
Figure 281 IP Security Policy Properties: IP Filter List ......................................................................... 370
Figure 282 IP Security Policy Properties: IP Filter List ......................................................................... 370
Figure 283 Console: L2TP to ZyWALL Assign ..................................................................................... 370
Figure 284 Start New Connection Wizard ............................................................................................ 371
Figure 285 New Connection Wizard: Network Connection Type .......................................................... 371
Figure 286 New Connection Wizard: Destination Address ................................................................... 372
Figure 287 New Connection Wizard: Connection Availability ............................................................... 372
Figure 288 New Connection Wizard: Naming the Connection ............................................................. 372
Figure 289 Connect L2TP to ZyWALL .................................................................................................. 373
Figure 290 Connect L2TP to ZyWALL: Security ................................................................................... 373
Figure 291 Connect L2TP to ZyWALL: Security > Advanced ............................................................... 374
Figure 292 Connect L2TP to ZyWALL: Networking .............................................................................. 374
Figure 293 Connect L2TP to ZyWALL .................................................................................................. 375
Figure 294 ZyWALL-L2TP System Tray Icon ....................................................................................... 375
Figure 295 L2TP to ZyWALL Status: Details ....................................................................................... 375
Figure 296 LAN to WAN Connection and Packet Directions ................................................................ 381
ZyWALL USG 1000 User’s Guide
37
List of Figures
Figure 297 LAN to WAN, Outbound 200 kbps, Inbound 500 kbps ...................................................... 382
Figure 298 Bandwidth Management Behavior ..................................................................................... 383
Figure 299 Application Patrol Bandwidth Management Example ......................................................... 385
Figure 300 SIP Any to WAN Bandwidth Management Example .......................................................... 386
Figure 301 HTTP Any to WAN Bandwidth Management Example ....................................................... 386
Figure 302 FTP WAN to DMZ Bandwidth Management Example ........................................................ 387
Figure 303 FTP LAN to DMZ Bandwidth Management Example ......................................................... 387
Figure 304 AppPatrol > General ........................................................................................................... 389
Figure 305 AppPatrol > Common ......................................................................................................... 390
Figure 306 Application Edit ................................................................................................................... 391
Figure 307 Application Policy Edit ........................................................................................................ 393
Figure 308 AppPatrol > Other ............................................................................................................... 395
Figure 309 AppPatrol > Other > Edit .................................................................................................... 397
Figure 310 AppPatrol > Statistics: General Setup ................................................................................ 399
Figure 311 AppPatrol > Statistics: Bandwidth Statistics ........................................................................400
Figure 312 AppPatrol > Statistics: Protocol Statistics ........................................................................... 401
Figure 313 ZyWALL Anti-virus Example ............................................................................................ 405
Figure 314 Anti-X > Anti-Virus > General ............................................................................................ 406
Figure 315 Anti-X > Anti-Virus > General > Edit .................................................................................. 408
Figure 316 Anti-X > Anti-Virus > Setting .............................................................................................. 410
Figure 317 Anti-X > Anti-Virus > Setting > White List Add .................................................................. 412
Figure 318 Anti-X > Anti-Virus > Setting > Black List Add ................................................................... 413
Figure 319 Anti-X > Anti-Virus > Signature: Search by Severity .......................................................... 414
Figure 320 Anti-X > IDP > General ....................................................................................................... 419
Figure 321 Anti-X > IDP > General > Add ............................................................................................ 421
Figure 322 Base Profiles ...................................................................................................................... 422
Figure 323 Anti-X > IDP > Profile ......................................................................................................... 423
Figure 324 Anti-X > IDP > Profile > Edit : Group View ........................................................................ 425
Figure 325 Anti-X > IDP > Profile > Edit > IDP Service Group ............................................................. 429
Figure 326 Anti-X > IDP > Profile: Query View ..................................................................................... 430
Figure 327 Query Example Search Criteria .......................................................................................... 431
Figure 328 Query Example Search Results ......................................................................................... 432
Figure 329 IP v4 Packet Headers ......................................................................................................... 433
Figure 330 Anti-X > IDP > Custom Signatures ..................................................................................... 434
Figure 331 Anti-X > IDP > Custom Signatures > Add/Edit ................................................................... 436
Figure 332 Custom Signature Example Pattern 1 ............................................................................... 440
Figure 333 Custom Signature Example Pattern 2 ............................................................................... 440
Figure 334 Custom Signature Example Patterns 3 and 4 .................................................................... 440
Figure 335 Example Custom Signature ................................................................................................ 441
Figure 336 Example: Custom Signature in IDP Profile ......................................................................... 442
Figure 337 Custom Signature Log ........................................................................................................ 443
Figure 338 Anti-X > ADP > General ..................................................................................................... 446
Figure 339 Anti-X > ADP > General > Add ........................................................................................... 448
38
ZyWALL USG 1000 User’s Guide
List of Figures
Figure 340 Base Profiles ...................................................................................................................... 449
Figure 341 Anti-X > ADP > Profile ........................................................................................................ 449
Figure 342 Smurf Attack ...................................................................................................................... 452
Figure 343 TCP Three-Way Handshake .............................................................................................. 453
Figure 344 SYN Flood .......................................................................................................................... 453
Figure 345 Profiles: Traffic Anomaly ..................................................................................................... 455
Figure 346 Profiles: Protocol Anomaly ................................................................................................. 460
Figure 347 Anti-X > Content Filter > General ...................................................................................... 464
Figure 348 Anti-X > Content Filter > General > Add l ...........................................................................466
Figure 349 Anti-X > Content Filter > Filter Profile ................................................................................ 467
Figure 350 Content Filter Lookup Procedure ....................................................................................... 468
Figure 351 Anti-X > Content Filter > Filter Profile > Add .....................................................................470
Figure 352 Anti-X > Content Filter > Filter Profile > Customization ..................................................... 478
Figure 353 Anti-X > Content Filter > Cache ........................................................................................ 481
Figure 354 myZyXEL.com: Login ......................................................................................................... 483
Figure 355 myZyXEL.com: Welcome ................................................................................................... 484
Figure 356 myZyXEL.com: Service Management ................................................................................ 484
Figure 357 Blue Coat: Login ................................................................................................................. 485
Figure 358 Blue Coat Content Filter Reports Main Screen .................................................................. 485
Figure 359 Blue Coat: Report Home .................................................................................................... 486
Figure 360 Global Report Screen Example .......................................................................................... 487
Figure 361 Requested URLs Example ................................................................................................. 488
Figure 362 Web Page Review Process Screen ................................................................................... 489
Figure 363 Example: VRRP, Normal Operation ................................................................................... 493
Figure 364 Example: VRRP, Master Becomes Unavailable ................................................................. 494
Figure 365 Example: VRRP, No Preempt ............................................................................................. 494
Figure 366 Device HA > VRRP Group ................................................................................................. 497
Figure 367 Device HA > VRRP Group > Edit .......................................................................................498
Figure 368 Network > Device HA > Synchronize ................................................................................. 501
Figure 369 LDAP Example: Keywords for User Attributes ................................................................... 504
Figure 370 RADIUS Example: Keywords for User Attributes ............................................................... 505
Figure 371 User/Group ......................................................................................................................... 506
Figure 372 User/Group > User > Edit ................................................................................................... 507
Figure 373 User/Group > Group ........................................................................................................... 508
Figure 374 User/Group > Group > Add ................................................................................................ 509
Figure 375 User/Group > Setting .......................................................................................................... 510
Figure 376 User/Group > Setting > Force User Authentication Policy > Add/Edit ................................ 512
Figure 377 Web Configurator for Non-Admin Users ............................................................................. 513
Figure 378 Object > Address > Address .............................................................................................. 516
Figure 379 Object > Address > Address > Edit .................................................................................... 516
Figure 380 Object > Address > Address Group ................................................................................... 517
Figure 381 Object > Address > Address Group > Add ......................................................................... 518
Figure 382 Object > Service > Service ................................................................................................. 522
ZyWALL USG 1000 User’s Guide
39
List of Figures
Figure 383 Object > Service > Service > Edit ....................................................................................... 523
Figure 384 Object > Service > Service Group ...................................................................................... 524
Figure 385 Object > Service > Service Group > Edit ............................................................................ 525
Figure 386 Object > Schedule .............................................................................................................. 528
Figure 387 Object > Schedule > Edit (One Time) .................................................................................529
Figure 388 Object > Schedule > Edit (Recurring) ................................................................................. 530
Figure 389 Example: Directory Service Client and Server .................................................................. 532
Figure 390 Basic Directory Structure .................................................................................................... 533
Figure 391 Object > AAA Server > Active Directory (or LDAP) > Default ........................................... 534
Figure 392 Object > AAA Server > Active Directory (or LDAP) > Group ............................................. 535
Figure 393 Object > AAA Server > Active Directory (or LDAP) > Group > Add .................................. 535
Figure 394 RADIUS Server Network Example ..................................................................................... 537
Figure 395 Object > AAA Server > RADIUS > Default ........................................................................ 537
Figure 396 Object > AAA Server > RADIUS > Group ......................................................................... 538
Figure 397 Object > AAA Server > RADIUS > Group > Add ............................................................... 538
Figure 398 Object > Auth. Method ....................................................................................................... 541
Figure 399 Object > Auth. Method > Add ............................................................................................ 542
Figure 400 Example: Using Authentication Method in VPN ................................................................ 544
Figure 401 Remote Host Certificates ................................................................................................... 547
Figure 402 Certificate Details .............................................................................................................. 548
Figure 403 Object > Certificate > My Certificates .............................................................................. 548
Figure 404 Object > Certificate > My Certificates > Add ...................................................................... 550
Figure 405 Object > Certificate > My Certificates > Edit ......................................................................553
Figure 406 Object > Certificate > My Certificates > Import ................................................................... 555
Figure 407 Object > Certificate > Trusted Certificates ......................................................................... 556
Figure 408 Object > Certificate > Trusted Certificates > Edit .............................................................. 558
Figure 409 Object > Certificate > Trusted Certificates > Import ........................................................... 561
Figure 410 Object > ISP Account ......................................................................................................... 563
Figure 411 Object > ISP Account > Edit ............................................................................................... 564
Figure 412 Object > SSL Application ................................................................................................... 567
Figure 413 Object > SSL Application > Add/Edit: Web Application .................................................... 568
Figure 414 Example: SSL Application: Specifying a Web Site for Access .......................................... 570
Figure 415 Object > SSL Application > Add/Edit: File Sharing ........................................................... 570
Figure 416 System > Host Name ......................................................................................................... 575
Figure 417 System > Date and Time .................................................................................................... 576
Figure 418 Synchronization in Process ................................................................................................ 579
Figure 419 System > Console Port Speed ........................................................................................... 580
Figure 420 System > DNS .................................................................................................................... 581
Figure 421 System > DNS > Address/PTR Record Edit ...................................................................... 583
Figure 422 System > DNS > Domain Zone Forwarder Edit ................................................................. 584
Figure 423 System > DNS > MX Record Edit ...................................................................................... 585
Figure 424 System > DNS > Service Control Rule Edit ....................................................................... 585
Figure 425 System > Language ........................................................................................................... 586
40
ZyWALL USG 1000 User’s Guide
List of Figures
Figure 426 Secure and Insecure Service Access From the WAN ........................................................ 587
Figure 427 HTTP/HTTPS Implementation ............................................................................................ 589
Figure 428 System > WWW ................................................................................................................. 590
Figure 429 System > Service Control Rule Edit ................................................................................. 592
Figure 430 Security Alert Dialog Box (Internet Explorer) ...................................................................... 593
Figure 431 Security Certificate 1 (Netscape) ........................................................................................ 594
Figure 432 Security Certificate 2 (Netscape) ........................................................................................ 594
Figure 433 Login Screen (Internet Explorer) ........................................................................................ 595
Figure 434 ZyWALL Trusted CA Screen .............................................................................................. 595
Figure 435 CA Certificate Example ...................................................................................................... 596
Figure 436 Personal Certificate Import Wizard 1 .................................................................................. 596
Figure 437 Personal Certificate Import Wizard 2 .................................................................................. 597
Figure 438 Personal Certificate Import Wizard 3 .................................................................................. 597
Figure 439 Personal Certificate Import Wizard 4 .................................................................................. 598
Figure 440 Personal Certificate Import Wizard 5 .................................................................................. 598
Figure 441 Personal Certificate Import Wizard 6 .................................................................................. 598
Figure 442 Access the ZyWALL Via HTTPS ........................................................................................ 599
Figure 443 SSL Client Authentication ................................................................................................... 599
Figure 444 Secure Web Configurator Login Screen ............................................................................. 599
Figure 445 SSH Communication Over the WAN Example ................................................................... 600
Figure 446 How SSH v1 Works Example ............................................................................................. 600
Figure 447 System > SSH .................................................................................................................... 601
Figure 448 SSH Example 1: Store Host Key ........................................................................................ 603
Figure 449 SSH Example 2: Test ........................................................................................................ 603
Figure 450 SSH Example 2: Log in ...................................................................................................... 603
Figure 451 System > Telnet .................................................................................................................. 604
Figure 452 System > FTP ..................................................................................................................... 605
Figure 453 SNMP Management Model ................................................................................................ 606
Figure 454 System > SNMP ................................................................................................................. 608
Figure 455 System > Dial-in Mgmt ..................................................................................................... 610
Figure 456 System > Vantage CNM ......................................................................................................611
Figure 457 Configuration File / Shell Script: Example ..........................................................................615
Figure 458 Maintenance > File Manager > Configuration File ............................................................ 618
Figure 459 Maintenance > File Manager > Configuration File > Copy ................................................. 619
Figure 460 Maintenance > File Manager > Configuration File > Rename ........................................... 619
Figure 461 Maintenance > File Manager > Firmware Package .......................................................... 621
Figure 462 Firmware Upload In Process .............................................................................................. 622
Figure 463 Network Temporarily Disconnected ....................................................................................622
Figure 464 Firmware Upload Error ....................................................................................................... 622
Figure 465 Maintenance > File Manager > Shell Script ...................................................................... 623
Figure 466 Maintenance > File Manager > Shell Script > Copy ........................................................... 623
Figure 467 Maintenance > File Manager > Shell Script > Rename ...................................................... 624
Figure 468 Maintenance > Log > View Log .......................................................................................... 626
ZyWALL USG 1000 User’s Guide
41
List of Figures
Figure 469 Maintenance > Log > Log Setting ...................................................................................... 628
Figure 470 Maintenance > Log > Log Setting > E-mail > Edit .............................................................. 630
Figure 471 Maintenance > Log > Log Setting > Remote Server > Edit ................................................ 633
Figure 472 Active Log Summary .......................................................................................................... 635
Figure 473 Maintenance > Report > Traffic .......................................................................................... 638
Figure 474 Maintenance > Report > Session ....................................................................................... 641
Figure 475 Maintenance > Report > Anti-Virus: Virus Name .............................................................. 642
Figure 476 Maintenance > Report > Anti-Virus: Source ...................................................................... 643
Figure 477 Maintenance > Report > Anti-Virus: Destination ............................................................... 643
Figure 478 Maintenance > Report > IDP: Signature Name ................................................................. 644
Figure 479 Maintenance > Report > IDP: Source ............................................................................... 645
Figure 480 Maintenance > Report > IDP: Destination ......................................................................... 645
Figure 481 Maintenance > Diagnostics .............................................................................................. 647
Figure 482 Maintenance > Reboot ....................................................................................................... 649
Figure 483 Windows XP: Opening the Services Window .................................................................... 707
Figure 484 Windows XP: Starting the Messenger Service .................................................................. 708
Figure 485 Windows 2000: Opening the Services Window ................................................................. 708
Figure 486 Windows 2000: Starting the Messenger Service ............................................................... 709
Figure 487 Windows 98 SE: WinPopup ............................................................................................. 709
Figure 488 WIndows 98 SE: Program Task Bar ................................................................................. 709
Figure 489 Windows 98 SE: Task Bar Properties ............................................................................ 710
Figure 490 Windows 98 SE: StartUp .................................................................................................. 710
Figure 491 Windows 98 SE: Startup: Create Shortcut .......................................................................711
Figure 492 Windows 98 SE: Startup: Select a Title for the Program ..................................................711
Figure 493 Windows 98 SE: Startup: Shortcut ................................................................................... 712
Figure 494 Security Certificate ............................................................................................................. 713
Figure 495 Login Screen ...................................................................................................................... 714
Figure 496 Certificate General Information before Import .................................................................... 714
Figure 497 Certificate Import Wizard 1 ................................................................................................. 715
Figure 498 Certificate Import Wizard 2 ................................................................................................. 715
Figure 499 Certificate Import Wizard 3 ................................................................................................. 716
Figure 500 Root Certificate Store ......................................................................................................... 716
Figure 501 Certificate General Information after Import ....................................................................... 717
42
ZyWALL USG 1000 User’s Guide

List of Tables

List of Tables
Table 1 Front Panel LEDs ...................................................................................................................... 54
Table 2 Managing the ZyWALL: Console Port ....................................................................................... 55
Table 3 Starting and Stopping the ZyWALL ........................................................................................... 55
Table 4 Packet Flow Key ....................................................................................................................... 58
Table 5 Title Bar: Web Configurator Icons ............................................................................................. 68
Table 6 Navigation Panel Summary ...................................................................................................... 68
Table 7 Internet Access: Step 1 ............................................................................................................. 77
Table 8 Ethernet Encapsulation: Static .................................................................................................. 79
Table 9 PPPoE Encapsulation: Auto ..................................................................................................... 81
Table 10 PPPoE Encapsulation: Static .................................................................................................. 83
Table 11 PPTP Encapsulation: Auto ...................................................................................................... 86
Table 12 PPTP Encapsulation: Static .................................................................................................... 88
Table 13 Registration ............................................................................................................................. 92
Table 14 VPN Wizard: Step 1: Wizard Type .......................................................................................... 96
Table 15 VPN Express Wizard: Step 2 .................................................................................................. 97
Table 16 VPN Express Wizard: Step 3 .................................................................................................. 98
Table 17 VPN Express Wizard: Step 4 .................................................................................................. 99
Table 18 VPN Advanced Wizard: Step 2 ............................................................................................. 102
Table 19 VPN Advanced Wizard: Step 3 ............................................................................................. 104
Table 20 VPN Advanced Wizard: Step 4 ............................................................................................. 106
Table 21 VPN Advanced Wizard: Step 5 ............................................................................................. 108
Table 22 ZyWALL Terminology That is Different Than ZyNOS .............................................................112
Table 23 ZyWALL Terminology That Might Be Different Than Other Products .....................................112
Table 24 NAT: Differences Between the ZyWALL and ZyNOS .............................................................112
Table 25 Bandwidth Management: Differences Between the ZyWALL and ZyNOS .............................112
Table 26 Physical Ports, Interfaces, and Zones ...................................................................................112
Table 27 Objects .................................................................................................................................. 122
Table 28 User Types ............................................................................................................................ 122
Table 29 Interfaces and Zones Example ............................................................................................. 125
Table 30 Ethernet Interfaces Example ................................................................................................. 127
Table 31 Trunk Example ...................................................................................................................... 129
Table 32 Zones Example ..................................................................................................................... 130
Table 33 User-Aware Access Control Example ................................................................................... 140
Table 34 Status .................................................................................................................................... 158
Table 35 Status > VPN Status .............................................................................................................. 161
Table 36 Status > DHCP Table ............................................................................................................ 162
Table 37 Status > Port Statistics .......................................................................................................... 163
Table 38 Status > Current Users .......................................................................................................... 164
ZyWALL USG 1000 User’s Guide
43
List of Tables
Table 39 Licensing > Registration ........................................................................................................ 167
Table 40 Licensing > Registration > Service ....................................................................................... 168
Table 41 Licensing > Update > IDP/AppPatrol .................................................................................... 173
Table 42 Licensing > Update > System Protect ................................................................................... 175
Table 43 Ethernet, VLAN, Bridge, PPPoE/PPTP, and Virtual Interfaces Characteristics .................... 180
Table 44 Example: Routing Table Entries for Interfaces ...................................................................... 181
Table 45 Example: Routing Table Entry for a Gateway ....................................................................... 181
Table 46 Example: Assigning IP Addresses from a Pool ..................................................................... 182
Table 47 Relationships Between Different Types of Interfaces ............................................................ 184
Table 48 Network > Interface > Interface Summary ............................................................................ 186
Table 49 Network > Interface > Ethernet ............................................................................................. 189
Table 50 Network > Interface > Ethernet > Edit ................................................................................... 191
Table 51 Network > Interface > Port Grouping .................................................................................... 196
Table 52 Network > Interface > VLAN ................................................................................................. 198
Table 53 Network > Interface > VLAN > Edit ....................................................................................... 201
Table 54 Example: Bridge Table After Computer A Sends a Packet to Computer B ........................... 204
Table 55 Example: Bridge Table After Computer B Responds to Computer A .................................... 204
Table 56 Example: Routing Table Before and After Bridge Interface br0 Is Created ........................... 205
Table 57 Network > Interface > Bridge ................................................................................................ 205
Table 58 Network > Interface > Bridge > Edit ...................................................................................... 208
Table 59 Network > Interface > PPPoE/PPTP .....................................................................................212
Table 60 Network > Interface > PPPoE/PPTP > Edit .......................................................................... 214
Table 61 Network > Interface > Auxiliary ............................................................................................. 216
Table 62 Network > Interface > Add .................................................................................................... 218
Table 63 Least Load First: Example 1 ................................................................................................. 220
Table 64 Network > Interface > Trunk .................................................................................................. 222
Table 65 Network > Interface > Trunk > Edit ....................................................................................... 223
Table 66 Network > Routing > Policy Route ........................................................................................ 228
Table 67 Network > Routing > Policy Route > Edit ..............................................................................230
Table 68 Network > Routing > Static Route ......................................................................................... 233
Table 69 Network > Routing > Static Route > Edit ............................................................................... 234
Table 70 OSPF vs. RIP ........................................................................................................................ 235
Table 71 Network > Routing Protocol > RIP ........................................................................................ 237
Table 72 OSPF: Redistribution from Other Sources to Each Type of Area ......................................... 239
Table 73 Network > Routing Protocol > OSPF ....................................................................................241
Table 74 Network > Routing > OSPF > Edit ........................................................................................ 243
Table 75 Network > Zone ..................................................................................................................... 246
Table 76 Network > Zone > Edit .......................................................................................................... 247
Table 77 Network > DDNS ................................................................................................................... 251
Table 78 Network > DDNS > Edit ........................................................................................................ 252
Table 79 Network > Virtual Server ....................................................................................................... 257
Table 80 Network > Virtual Server > Edit ............................................................................................. 258
Table 81 Network > HTTP Redirect ..................................................................................................... 263
44
ZyWALL USG 1000 User’s Guide
List of Tables
Table 82 Network > HTTP Redirect > Edit ........................................................................................... 263
Table 83 Network > ALG ...................................................................................................................... 270
Table 84 Default Firewall Rules ........................................................................................................... 279
Table 85 Blocking All LAN to WAN IRC Traffic Example ..................................................................... 281
Table 86 Limited LAN to WAN IRC Traffic Example 1 ......................................................................... 282
Table 87 Limited LAN to WAN IRC Traffic Example 2 ......................................................................... 282
Table 88 Firewall .................................................................................................................................. 284
Table 89 Firewall > Edit ....................................................................................................................... 286
Table 90 VPN > IPSec VPN > VPN Connection .................................................................................. 298
Table 91 VPN > IPSec VPN > VPN Connection > Edit ........................................................................ 299
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit ................................................ 303
Table 93 VPN Example: Matching ID Type and Content ..................................................................... 310
Table 94 VPN Example: Mismatching ID Type and Content ............................................................... 310
Table 95 VPN > IPSec VPN > VPN Gateway ...................................................................................... 312
Table 96 VPN > IPSec VPN > VPN Gateway > Edit ............................................................................ 314
Table 97 VPN > IPSec VPN > Concentrator ........................................................................................ 319
Table 98 VPN > IPSec VPN > Concentrator > Edit ............................................................................. 320
Table 99 VPN > IPSec VPN > SA Monitor ........................................................................................... 321
Table 100 Objects ................................................................................................................................ 323
Table 101 VPN > SSL VPN > Access Privilege ................................................................................... 324
Table 102 VPN > SSL VPN > Access Privilege > Add/Edit ................................................................. 325
Table 103 VPN > SSL VPN > Connection Monitor .............................................................................. 327
Table 104 VPN > SSL VPN > Global Setting ....................................................................................... 328
Table 105 Remote User Screen Overview .......................................................................................... 334
Table 106 VPN > IPSec VPN > VPN Connection ................................................................................ 347
Table 107 VPN > L2TP VPN > Session Monitor .................................................................................. 348
Table 108 Configured Rate Effect ........................................................................................................ 383
Table 109 Priority Effect ....................................................................................................................... 383
Table 110 Maximize Bandwidth Usage Effect ...................................................................................... 383
Table 111 Priority and Over Allotment of Bandwidth Effect .................................................................. 384
Table 112 AppPatrol > General ............................................................................................................ 389
Table 113 AppPatrol > Common .......................................................................................................... 390
Table 114 Application Edit ................................................................................................................... 391
Table 115 Application Policy Edit ......................................................................................................... 393
Table 116 AppPatrol > Other ............................................................................................................... 396
Table 117 AppPatrol > Other > Edit ..................................................................................................... 397
Table 118 AppPatrol > Statistics: General Setup ................................................................................. 400
Table 119 AppPatrol > Statistics: Protocol Statistics ............................................................................ 401
Table 120 Common Computer Virus Types .........................................................................................403
Table 121 Anti-X > Anti-Virus > General .............................................................................................. 407
Table 122 Anti-X > Anti-Virus > General > Edit ................................................................................... 408
Table 123 Anti-X > Anti-Virus > Setting ................................................................................................411
Table 124 Anti-X > Anti-Virus > Setting > White List Add ................................................................... 412
ZyWALL USG 1000 User’s Guide
45
List of Tables
Table 125 Anti-X > Anti-Virus > Setting > Black List Add ................................................................... 413
Table 126 Anti-X > Anti-Virus > Signature ........................................................................................... 414
Table 127 Anti-X > IDP > General ....................................................................................................... 419
Table 128 Anti-X > IDP > General > Add ............................................................................................. 421
Table 129 Base Profiles ....................................................................................................................... 422
Table 130 Anti-X > IDP > Profile .......................................................................................................... 423
Table 131 Anti-X > IDP > Profile > Group View ................................................................................... 426
Table 132 Policy Types ........................................................................................................................ 427
Table 133 IDP Service Groups ............................................................................................................ 428
Table 134 Anti-X > IDP > Profile: Query View ..................................................................................... 430
Table 135 IP v4 Packet Headers ......................................................................................................... 433
Table 136 Anti-X > IDP > Custom Signatures ..................................................................................... 435
Table 137 Anti-X > IDP > Custom Signatures > Add/Edit .................................................................... 437
Table 138 ZyWALL - Snort Equivalent Terms ...................................................................................... 443
Table 139 Anti-X > ADP > General ...................................................................................................... 447
Table 140 Anti-X > ADP > General > Add ........................................................................................... 448
Table 141 Base Profiles ....................................................................................................................... 449
Table 142 Anti-X > ADP > Profile ........................................................................................................ 449
Table 143 ADP > Profile > Traffic Anomaly ......................................................................................... 456
Table 144 HTTP Inspection and TCP/UDP/ICMP Decoders ............................................................... 457
Table 145 ADP > Profile > Protocol Anomaly ...................................................................................... 461
Table 146 Anti-X > Content Filter > General ........................................................................................ 464
Table 147 Anti-X > Content Filter > General > Add .............................................................................467
Table 148 Anti-X > Content Filter > Filter Profile ................................................................................. 467
Table 149 Anti-X > Content Filter > Filter Profile > Add ....................................................................... 470
Table 150 Anti-X > Content Filter > Filter Profile > Customization ...................................................... 478
Table 151 Anti-X > Content Filter > Cache .......................................................................................... 481
Table 152 Device HA > VRRP Group .................................................................................................. 497
Table 153 Device HA > VRRP Group > Edit ........................................................................................ 498
Table 154 Network > Device HA > Synchronize .................................................................................. 501
Table 155 Types of User Accounts ...................................................................................................... 503
Table 156 LDAP/RADIUS: Keywords for User Attributes .................................................................... 504
Table 157 User/Group ......................................................................................................................... 506
Table 158 User/Group > User > Edit ................................................................................................... 507
Table 159 Reserved User Names ........................................................................................................ 508
Table 160 User/Group > Group ........................................................................................................... 508
Table 161 User/Group > Group > Add ................................................................................................. 509
Table 162 User/Group > Setting .......................................................................................................... 510
Table 163 User/Group > Setting > Force User Authentication Policy > Add/Edit ................................ 513
Table 164 Web Configurator for Non-Admin Users ............................................................................. 514
Table 165 Object > Address > Address ............................................................................................... 516
Table 166 Object > Address > Address > Edit ..................................................................................... 517
Table 167 Object > Address > Address Group ....................................................................................518
46
ZyWALL USG 1000 User’s Guide
List of Tables
Table 168 Object > Address > Address Group > Add .......................................................................... 518
Table 169 Object > Service > Service ................................................................................................. 522
Table 170 Object > Service > Service > Edit ....................................................................................... 523
Table 171 Object > Service > Service Group ...................................................................................... 524
Table 172 Object > Service > Service Group > Edit ............................................................................ 525
Table 173 Object > Schedule .............................................................................................................. 528
Table 174 Object > Schedule > Edit (One Time) .................................................................................529
Table 175 Object > Schedule > Edit (Recurring) ................................................................................. 530
Table 176 Object > AAA Server > Active Directory (or LDAP) > Default ............................................. 534
Table 177 Object > AAA Server > Active Directory (or LDAP) > Group .............................................. 535
Table 178 Object > AAA Server > Active Directory (or LDAP) > Group > Add .................................... 536
Table 179 Object > AAA Server > RADIUS > Default .......................................................................... 537
Table 180 Object > AAA Server > RADIUS > Group ........................................................................... 538
Table 181 Object > AAA Server > RADIUS > Group > Add ................................................................ 539
Table 182 Object > Auth. Method ........................................................................................................ 541
Table 183 Object > Auth. Method > Add .............................................................................................. 543
Table 184 Object > Certificate > My Certificates ................................................................................. 549
Table 185 Object > Certificate > My Certificates > Add ....................................................................... 550
Table 186 Object > Certificate > My Certificates > Edit .......................................................................553
Table 187 Object > Certificate > My Certificates > Import ................................................................... 556
Table 188 Object > Certificate > Trusted Certificates .......................................................................... 556
Table 189 Object > Certificate > Trusted Certificates > Edit ................................................................ 558
Table 190 Object > Certificate > Trusted Certificates > Import ............................................................ 561
Table 191 Object > ISP Account .......................................................................................................... 563
Table 192 Object > ISP Account > Edit ............................................................................................... 564
Table 193 Object > SSL Application .................................................................................................... 568
Table 194 Object > SSL Application > Add/Edit: Web Application ...................................................... 569
Table 195 Object > SSL Application > Add/Edit: Web Application ...................................................... 570
Table 196 System > Host Name .......................................................................................................... 575
Table 197 System > Date and Time .................................................................................................... 576
Table 198 Default Time Servers .......................................................................................................... 578
Table 199 System > Console Port Speed ............................................................................................ 580
Table 200 System > DNS .................................................................................................................... 581
Table 201 System > DNS > Address/PTR Record Edit ....................................................................... 583
Table 202 System > DNS > Domain Zone Forwarder Edit .................................................................. 584
Table 203 System > DNS > MX Record Edit .......................................................................................585
Table 204 System > DNS > Service Control Rule Edit ........................................................................ 586
Table 205 System > Language ............................................................................................................ 586
Table 206 System > WWW .................................................................................................................. 590
Table 207 Edit Service Control Rule .................................................................................................... 592
Table 208 System > SSH ..................................................................................................................... 602
Table 209 System > Telnet .................................................................................................................. 604
Table 210 System > FTP ..................................................................................................................... 605
ZyWALL USG 1000 User’s Guide
47
List of Tables
Table 211 SNMP Traps ........................................................................................................................ 607
Table 212 System > SNMP .................................................................................................................. 608
Table 213 System > Dial-in Mgmt ........................................................................................................ 610
Table 214 System > Vantage CNM .......................................................................................................611
Table 215 Configuration Files and Shell Scripts in the ZyWALL .......................................................... 616
Table 216 Maintenance > File Manager > Configuration File .............................................................. 619
Table 217 Maintenance > File Manager > Firmware Package ............................................................ 621
Table 218 Maintenance > File Manager > Shell Script ........................................................................ 623
Table 219 Specifications: Logs ............................................................................................................ 625
Table 220 Maintenance > Log > View Log .......................................................................................... 626
Table 221 Maintenance > Log > Log Setting ....................................................................................... 628
Table 222 Maintenance > Log > Log Setting > E-mail > Edit .............................................................. 631
Table 223 Maintenance > Log > Log Setting > Remote Server > Edit ................................................ 634
Table 224 Maintenance > Log > Log Setting > Active Log Summary .................................................. 635
Table 225 Maintenance > Report > Traffic ........................................................................................... 638
Table 226 Maximum Values for Reports .............................................................................................. 640
Table 227 Maintenance > Report > Session ........................................................................................ 641
Table 228 Maintenance > Report > Anti-Virus ..................................................................................... 642
Table 229 Maintenance > Report > IDP .............................................................................................. 644
Table 230 Maintenance > Diagnostics ................................................................................................. 647
Table 231 Default Login Information .................................................................................................... 657
Table 232 Hardware Specifications ..................................................................................................... 657
Table 233 Feature Specifications ......................................................................................................... 658
Table 234 Standards Referenced by Features ....................................................................................660
Table 235 Content Filter Logs .............................................................................................................. 663
Table 236 Forward Web Site Logs ...................................................................................................... 663
Table 237 Blocked Web Site Logs ....................................................................................................... 663
Table 238 User Logs ............................................................................................................................ 665
Table 239 myZyXEL.com Logs ............................................................................................................ 666
Table 240 IDP Logs ............................................................................................................................. 670
Table 241 Application Patrol Logs ....................................................................................................... 673
Table 242 IKE Logs ............................................................................................................................. 675
Table 243 IPSec Logs .......................................................................................................................... 679
Table 244 Firewall Logs ....................................................................................................................... 680
Table 245 Sessions Limit Logs ............................................................................................................ 680
Table 246 Policy Route Logs ............................................................................................................... 680
Table 247 Built-in Services Logs ......................................................................................................... 682
Table 248 System Logs ....................................................................................................................... 685
Table 249 Connectivity Check Logs .................................................................................................... 689
Table 250 Device HA Logs .................................................................................................................. 690
Table 251 Routing Protocol Logs ......................................................................................................... 693
Table 252 NAT Logs ............................................................................................................................ 695
Table 253 PKI Logs ............................................................................................................................. 696
48
ZyWALL USG 1000 User’s Guide
List of Tables
Table 254 Interface Logs ..................................................................................................................... 699
Table 255 Account Logs ...................................................................................................................... 701
Table 256 Port Grouping Logs ............................................................................................................. 701
Table 257 Force Authentication Logs .................................................................................................. 702
Table 258 File Manager Logs .............................................................................................................. 702
Table 259 Commonly Used Services ................................................................................................... 703
ZyWALL USG 1000 User’s Guide
49
List of Tables
50
ZyWALL USG 1000 User’s Guide
PART I

Introduction

Introducing the ZyWALL (53)
Features and Applications (57)
Web Configurator (65)
Configuration Basics (111)
Tutorials (125)
Status (157)
Registration (165)
Update (171)
51
52
CHAPTER 1

Introducing the ZyWALL

This chapter gives an overview of the ZyWALL. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to start or stop the ZyWALL.

1.1 Overview and Key Default Settings

The ZyWALL is an Internet Security Gateway designed for Small and Medium Businesses (SMB). Its flexible configuration helps network administrators set up the network and enforce security policies efficiently. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for reliable, secure service.
The physical ports on the front panel of the ZyWALL are called “ge1”, “ge2”, “ge3”, and so on where “ge” stands for Gigabit Ethernet. By default “ge1” is mapped to port 1, “ge2” to port 2 and so on.
Also, by default “ge1” is the LAN interface, “ge2” and “ge3” are combined as the WAN_TRUNK. See Section 50.2 on page 652 for how to use the RESET button.
The Ethernet management interface can only be accessed from LAN side by default. The default management IP address is 192.168.1.1; the default login user name and password are “admin” and “1234” respectively.
To enable management access from the WAN, log into the web configurator, go to System > WWW, and change the default Deny to Accept in the rule in the Admin Service Control section.
You should configure the Network > Interface screens first to establish network connectivity before configuring security features such as firewall, VPN, content filtering, IDP and so on.

1.2 Front Panel LEDs

Figure 1 ZyWALL USG 1000 Front Panel
ZyWALL USG 1000 User’s Guide
53
Chapter 1 Introducing the ZyWALL
The following table describes the LEDs.
Table 1 Front Panel LEDs
LED COLOR STATUS DESCRIPTION
PWR Off The ZyWALL is turned off.
Green On The ZyWALL is turned on.
Red On There is a hardware component failure. Shut down the
SYS Green Off The ZyWALL is not ready or has failed.
AUX Green Off The AUX port is not connected.
HDD Green Off Reserved for future use. No hard disk is present. The
P1 ~ P5 Green Off There is no traffic on this port.
Orange Off There is no connection on this port.
device, wait for a few minutes and then restart the device (see Section 1.4 on page 55). If the LED turns red again, then please contact your vendor.
On The ZyWALL is ready and running.
Flashing The ZyWALL is restarting.
Flashing The AUX port is sending or receiving packets.
On The AUX port is connected.
ZyWALL can run without the hard disk.
On The hard disk is present.
Flashing The ZyWALL is accessing the hard disk.
Flashing The ZyWALL is sending or receiving packets on this port.
On This port has a successful link.

1.3 Management Overview

You can use the following ways to manage the ZyWALL.
Web Configurator
The web configurator allows easy ZyWALL setup and management using an Internet browser. This User’s Guide provides information about the web configurator.
Figure 2 Managing the ZyWALL: Web Configurator
54
ZyWALL USG 1000 User’s Guide
Chapter 1 Introducing the ZyWALL
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the ZyWALL. You can access it using remote management (for example, SSH or Telnet) or via the console port. See the Command Reference Guide for more information about the CLI.
Console Port
You can use the console port to manage the ZyWALL. You have to use CLI commands, which are explained in the Command Reference Guide.
The default settings for the console port are as follows.
Table 2 Managing the ZyWALL: Console Port
SETTING VALUE
Speed 115200 bps
Data Bits 8
Parity None
Stop Bit 1
Flow Control Off

1.4 Starting and Stopping the ZyWALL

This section explains some of the ways to start and stop the ZyWALL. These are summarized below.
Table 3 Starting and Stopping the ZyWALL
METHOD DESCRIPTION
Turning on the power button A cold start occurs when you turn on the power to the ZyWALL.
Rebooting the ZyWALL A warm start (without powering down and powering up again)
Using the RESET button If you press the RESET button, the ZyWALL sets the configuration
Using the
Turning off the power button Power off occurs when you turn off the power to the ZyWALL. The
shutdown command The shutdown command writes all cached data to disk and
The ZyWALL powers up, checks the hardware, and starts the system processes.
occurs when you use the Reboot button in the Reboot screen or when you use the cached data to disk, stops the system processes, and then does a warm start.
to its default values and then reboots.
stops the system processes. It does not turn off the power.You have to turn the power off and on manually to start the ZyWALL again. You should use this command before you turn off the ZyWALL.
ZyWALL simply turns off. It does not stop the system processes or write cached data to disk.
reboot command. The ZyWALL writes all
ZyWALL USG 1000 User’s Guide
55
Chapter 1 Introducing the ZyWALL
" It is recommended you use the shutdown command before turning off the
ZyWALL.
When you apply configuration files or running shell scripts, the ZyWALL does not stop or start the system processes. However, you might lose access to network resources temporarily while the ZyWALL is applying configuration files or running shell scripts.
56
ZyWALL USG 1000 User’s Guide
CHAPTER 2

Features and Applications

This chapter introduces the main features and applications of the ZyWALL.

2.1 Features

The ZyWALL’s security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features.
The rest of this section provides more information about the features of the ZyWALL.
High Availability
To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following:
• Multiple WAN ports and configure load balancing between these ports
• A backup Internet connection
• A backup ZyWALL in the event the master ZyWALL fails (device HA).
Virtual Private Networks (VPN)
Use IPSec, SSL, or L2TP VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. The ZyWALL also offers hub-and-spoke IPSec VPN.
Flexible Security Zones
Many security settings are made by zone, not by interface, port, or network. As a result, it is much simpler to set up and to change security settings in the ZyWALL. You can create or remove zones, and you can assign each network, VLAN, or interface to any zone.
Firewall
The ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restricts access by screening data packets against defined access rules. It can also inspect sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
ZyWALL USG 1000 User’s Guide
57
Chapter 2 Features and Applications
Intrusion Detection and Prevention (IDP)
IDP (Intrusion Detection and Protection) can detect malicious or suspicious packets and respond instantaneously. It detects pattern-based attacks in order to protect against network­based intrusions. See Section 29.8.2 on page 427 for a list of attacks that the ZyWALL can protect against. You can also create your own custom IDP rules.
Anomaly Detection and Prevention (ADP)
ADP (Anomaly Detection and Prevention) can detect malicious or suspicious packets and respond instantaneously. It can detect:
• Anomalies based on violations of protocol standards (RFCs – Requests for Comments)
• Abnormal flows such as port scans.
The ZyWALL’s ADP protects against network-based intrusions. See Section 30.8 on page 450 and Section 30.9 on page 456 for more on the kinds of attacks that the ZyWALL can protect against. You can also create your own custom ADP rules.
Bandwidth Management
Bandwidth management allows you to allocate network resources according to defined policies. This policy-based bandwidth allocation helps your network to better handle applications such as Internet access, e-mail, Voice-over-IP (VoIP), video conferencing and other business-critical applications.
Content Filter
Content filtering allows schools and businesses to create and enforce Internet access policies tailored to the needs of the organization.
You can also subscribe to category-based content filtering that allows your ZyWALL to check web sites against an external database of dynamically-updated ratings of millions of web sites. You then simply select categories to block or monitor, such as pornography or racial intolerance, from a pre-defined list.
Anti-Virus Scanner
With the anti-virus packet scanner, your ZyWALL scans files transmitting through the enabled interfaces into the network. The ZyWALL helps stop threats at the network edge before they reach the local host computers.

2.2 Packet Flow

The following is the key used to describe the packet flow in the ZyWALL.
Table 4 Packet Flow Key
Ethernet The interface on which the packet is received or sent
VLAN Virtual LAN
Encap The PPPoE or PPTP encapsulation used
58
ALG Application Layer Gateway
ZyWALL USG 1000 User’s Guide
Chapter 2 Features and Applications
Table 4 Packet Flow Key
AC Application Classifier is the Application Protocol (AP) layer-7 classifier.
DNAT Destination NAT
Routing Routing includes policy routes, interface routing, static routes and load balancing
for example.
FW Firewall (Through ZyWALL)
zFW Firewall (To ZyWALL)
IDP Intrusion Detection & Protection
ADP Anomaly Detection and Protection
AP Application Patrol
CF Content Filtering
SNAT Source NAT
IPSec D/E VPN Decryption/Encryption
BWM Bandwidth Management
RM Remote Management (System)
AV Anti-Virus
2.2.1 Interface to Interface (Through ZyWALL)
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV­> AP -> CF -> SNAT -> BWM -> Encap -> VLAN -> Ethernet
2.2.2 Interface to Interface (To/From ZyWALL)
To: Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT -> Routing -> zFW -> ADP -> RM From: RM -> Routing -> BWM -> Encap -> VLAN -> Ethernet
2.2.3 Interface to Interface (From VPN Tunnel)
This example shows the flow from a VPN tunnel though the ZyWALL, not to the ZyWALL or to another VPN tunnel (VPN concentrator).
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> zFW -> IPSec D -> ALG
-> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV -> AP -> CF -> -> SNAT -> BWM ­> Encap -> VLAN -> Ethernet
2.2.4 Interface to Interface (To VPN Tunnel)
This example shows the flow to a VPN tunnel from a source other than the ZyWALL or another VPN tunnel (VPN concentrator).
ZyWALL USG 1000 User’s Guide
59
Chapter 2 Features and Applications
Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV
-> AP -> CF -> SNAT -> IPSec E -> Routing -> BWM -> Encap -> VLAN -> Ethernet

2.3 Applications

These are some example applications for your ZyWALL. See also Chapter 6 on page 125 for configuration tutorial examples.
2.3.1 VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also set up additional connections to the Internet to provide better service.
Figure 3 Applications: VPN Connectivity
2.3.2 SSL VPN Network Access
You can configure the ZyWALL to provide SSL VPN network access to remote users. There are two SSL VPN network access modes: reverse proxy and full tunnel.
2.3.2.1 Reverse Proxy Mode
In reverse proxy mode, the ZyWALL is a proxy that acts on behalf of the local network servers (such as your web and mail servers). As the final destination, the ZyWALL appears to be the server to remote users. This provides an added layer of protection for your internal servers.
60
ZyWALL USG 1000 User’s Guide
With reverse proxy mode, remote users can easily access any web-based applications on the local network by clicking on links or entering the provided URL. You do not have to install additional client software on the remote user computers for access.
Figure 4 Network Access Mode: Reverse Proxy
2.3.2.2 Full Tunnel Mode
In full tunnel mode, a virtual connection is created for remote users with private IP addresses in the same subnet as the local network. This allows them to access network resources in the same way as if they were part of the internal network.
Figure 5 Network Access Mode: Full Tunnel Mode
Chapter 2 Features and Applications
2.3.3 User-Aware Access Control
Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it.
ZyWALL USG 1000 User’s Guide
61
Chapter 2 Features and Applications
Figure 6 Applications: User-Aware Access Control
2.3.4 Multiple WAN Interfaces
Set up multiple connections to the Internet on the same port, or set up multiple connections on different ports. In either case, you can balance the loads between them.
Figure 7 Applications: Multiple WAN Interfaces
2.3.5 Device HA
Set up an additional ZyWALL as a backup gateway to ensure the default gateway is always available for the network.
62
ZyWALL USG 1000 User’s Guide
Figure 8 Applications: Device HA
Chapter 2 Features and Applications
ZyWALL USG 1000 User’s Guide
63
Chapter 2 Features and Applications
64
ZyWALL USG 1000 User’s Guide
CHAPTER 3

Web Configurator

The ZyWALL web configurator allows easy ZyWALL setup and management using an Internet browser.

3.1 Web Configurator Requirements

In order to use the web configurator, you must
• Use Internet Explorer 6.0 or later, Netscape Navigator 7.2 or later, or Firefox 1.0.7 or later
• Allow pop-up windows (blocked by default in Windows XP Service Pack 2)
• Enable JavaScripts (enabled by default)
• Enable Java permissions (enabled by default)
• Enable cookies
The recommended screen resolution is 1024 x 768 pixels.

3.2 Web Configurator Access

1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide. 2 Open your web browser, and go to http://192.168.1.1. By default, the ZyWALL
automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
ZyWALL USG 1000 User’s Guide
65
Chapter 3 Web Configurator
Figure 9 Login Screen
3 Type the user name (default: “admin”) and password (default: “1234”).
If your account is configured to use an ASAS authentication server, use the OTP (One­Time Password) token to generate a number. Enter it in the One-Time Password field. The number is only good for one login. You must use the token to generate a new number the next time you log in.
4 Click Login. If you logged in using the default user name and password, the Update
Admin Info screen (Figure 10 on page 66) appears. Otherwise, the main screen (Figure
11 on page 67) appears.
Figure 10 Update Admin Info Screen
66
ZyWALL USG 1000 User’s Guide
Chapter 3 Web Configurator
5 The screen above appears every time you log in using the default user name and default
password. If you change the password for the default user account, this screen does not appear anymore.
Follow the directions in this screen. If you change the default password, the Login screen (Figure 9 on page 66) appears after you click Apply. If you click Ignore, the main screen appears.
Figure 11 Main Screen
A
C
B
D

3.3 Web Configurator Main Screen

As illustrated in Figure 11 on page 67, the main screen is divided into these parts:
A - title bar
B - navigation panel
C - main window
D - status bar
3.3.1 Title Bar
The title bar provides some icons in the upper right corner.
ZyWALL USG 1000 User’s Guide
67
Chapter 3 Web Configurator
The icons provide the following functions.
Table 5 Title Bar: Web Configurator Icons
ICON DESCRIPTION
Help: Click this icon to open the help page for the current screen.
Wizards: Click this icon to open one of the web configurator wizards. See Chapter 4
on page 75 for more information.
Console: Click this icon to open the console in which you can use the command line interface (CLI).
Site Map: Click this icon to display the site map for the web configurator. You can use the site map to go directly to any menu item or any tab in the web configurator.
About: Click this icon to display basic information about the ZyWALL.
Logout: Click this icon to log out of the web configurator.
3.3.2 Navigation Panel
Use the menu items on the navigation panel to open screens to configure ZyWALL features. The following tables describe each menu item.
Table 6 Navigation Panel Summary
LINK TAB FUNCTION
Status Use this screen to look at the ZyWALL’s general device information, system
Licensing
Registration Registration Use this screen to register the device and activate trial services.
Service Use this screen to look at the licensed service status and to upgrade licensed
Update IDP/AppPatrol Use this screen to schedule IDP signature updates and to update signature
System Protect Use this screen to schedule ADP signature updates and to update signature
Anti-Virus Use this screen to schedule anti-virus signature updates and to update
Network
Interface Interface
Summary
Ethernet Use this screen to manage Ethernet interfaces and virtual Ethernet
Port Grouping Use this screen to configure physical port groups.
VLAN Use this screen to create and manage VLAN interfaces and virtual VLAN
Bridge Use this screen to create and manage bridges and virtual bridge interfaces.
PPPoE/PPTP Use this screen to create and manage PPPoE/PPTP interfaces.
Auxiliary Use this screen to manage the AUX port.
Trunk Use this screen to create and manage trunks for load balancing and link HA.
status, system resource usage, licensed service status, and interface status.
services.
information immediately.
information immediately.
signature information immediately.
Use this screen to see information about all of the ZyWALL’s interfaces and their connection status.
interfaces.
interfaces.
68
ZyWALL USG 1000 User’s Guide
Chapter 3 Web Configurator
Table 6 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Routing Policy Route Use this screen to create and manage routing policies.
Static Route Use this screen to create and manage IP static routing information.
RIP Use this screen to configure device-level RIP settings.
OSPF Use this screen to configure device-level OSPF settings, including areas and
virtual links.
Zone Use this screen to configure zones used to define various policies.
DDNS Use this screen to define and manage domain names and DDNS servers.
Virtual Server
HTTP Redirect
ALG Use this screen to configure SIP, H.323, and FTP pass-through settings.
Firewall Use this screen to create and manage level-3 traffic rules.
VPN VPN Connection Use this screen to configure IPSec tunnels.
IPSec VPN VPN Connection Use this screen to configure IPSec tunnels.
VPN Gateway Use this screen to configure IKE tunnels.
Concentrator Use this screen to configure VPN concentrators (hub-and-spoke VPN).
SA Monitor Use this screen to monitor current IPSec VPN tunnels.
SSL VPN Access Privilege Use this screen to configure SSL VPN access rights for users and groups.
Connection Monitor
Global Setting Use this screen to configure the ZyWALL’s SSL VPN settings that apply to all
L2TP VPN L2TP Over IPSec Use this screen to configure L2TP Over IPSec VPN settings.
Session Monitor Use this screen to monitor current L2TP Over IPSec VPN sessions.
AppPatrol General Use this screen to enable or disable traffic management by application and
Common Use this screen to manage traffic of the most commonly used web, file
Instant Messenger
Peer to Peer Use this screen to manage peer-to-peer traffic.
VoIP Use this screen to manage VoIP traffic.
Streaming Use this screen to manage streaming traffic.
Other Use this screen to manage other kinds of traffic.
Statistics Use this screen to view bandwidth usage and traffic statistics for the protocols
Anti-X
Anti-Virus Summary Use this screen to activate AV scanning on the interface(s), specify actions
Setting Use this screen to configure AV settings like the white and black lists.
Signature Use these screens to search for signatures by signature name or attributes
Use this screen to set up and manage port forwarding rules.
Use this screen to set up and manage HTTP redirection rules.
Use this screen to monitor current SSL VPN connection.
connections.
see registration and signature information.
transfer and e-mail protocols.
Use this screen to manage instant messenger traffic.
that the ZyWALL is managing.
when a virus is detected, and view registration and signature information.
and configure how the ZyWALL uses them.
ZyWALL USG 1000 User’s Guide
69
Chapter 3 Web Configurator
Table 6 Navigation Panel Summary (continued)
LINK TAB FUNCTION
IDP General Use this screen to look at and manage IDP bindings.
Profile Use this screen to create and manage IDP profiles.
Custom Signatures
ADP General Use this screen to look at and manage ADP bindings.
Profile Use this screen to create and manage ADP profiles.
Content Filter
Device HA VRRP Group Use this screen to define and configure virtual groups of redundant routers.
Object
User/Group User Use this screen to create and manage users.
Address Address Use this screen to create and manage host, range, and network (subnet)
Service Service Use this screen to create and manage TCP and UDP services.
Schedule Use this screen to create one-time and recurring schedules.
AAA Server Active Directory-
Auth. Method
Certificate My Certificates Use this screen to create and manage the ZyWALL’s certificates.
ISP Account Use this screen to create and manage ISP account information for PPPoE/
SSL Application
System
General Use this screen to create and manage content filter policies.
Filtering Profile Use this screen to create and manage the detailed filtering rules for content
Cache Use this screen to manage the URL cache in the ZyWALL.
Synchronize Use this screen to manage synchronization of ZyWALL configuration
Group Use this screen to create and manage groups of users.
Setting Use this screen to manage default settings for all users, general settings for
Address Group Use this screen to create and manage groups of addresses.
Service Group Use this screen to create and manage groups of services.
Default
Active Directory­Group
LDAP-Default Use this screen to configure the default LDAP settings.
LDAP-Group Use this screen to create and manage groups of LDAP servers.
RADIUS-Default Use this screen to configure the default RADIUS settings.
RADIUS-Group Use this screen to create and manage groups of RADIUS servers.
Trusted Certificates
Use this screen to create, import, or export custom signatures.
filtering policies.
between master routers and backup routers in virtual groups of redundant routers.
user sessions, and rules to force user authentication.
addresses.
Use this screen to configure the default Active Directory settings.
Use this screen to create and manage groups of Active Directory servers.
Use this screen to create and manage ways of authenticating users.
Use this screen to import and manage certificates from trusted sources.
PPTP interfaces.
Use this screen to create SSL web application or file sharing objects.
70
ZyWALL USG 1000 User’s Guide
Chapter 3 Web Configurator
Table 6 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Host Name Use this screen to configure the system and domain name for the ZyWALL.
Date/Time Use this screen to configure the current date, time, and time zone in the
Console Speed
DNS Use this screen to configure the DNS server and address records for the
WWW Use this screen to configure HTTP, HTTPS, and general authentication.
SSH Use this screen to configure the SSH server and SSH service settings for the
TELNET Use this screen to configure the telnet server settings for the ZyWALL.
FTP Use this screen to configure the FTP server settings for the ZyWALL.
SNMP Use this screen to configure SNMP communities and services.
Dial-in Mgmt. Use this screen to configure settings for an out of band management
Vantage CNM
Language Use this screen to select the language of the ZyWALL’s web configurator
Maintenance
File Manager Configuration File Use this screen to manage and upload configuration files for the ZyWALL.
Firmware Package
Shell Script Use this screen to manage and run shell script files for the ZyWALL.
Log View Log Use this screen to look at log entries.
Log Setting Use this screen to configure the system log, e-mail logs, and remote syslog
Report Traffic Use this screen to collect traffic information and display basic reports about it.
Session Use this screen to display the status of all current sessions.
Anti-Virus Use this screen to collect and display statistics on the viruses that the
IDP Use this screen to collect and display statistics on the intrusions that the
Diagnostics Use this screen to have the ZyWALL collect diagnostic information.
Reboot Use this screen to restart the ZyWALL.
ZyWALL.
Use this screen to set the console speed.
ZyWALL.
ZyWALL.
connection through a modem connected to the AUX port.
Use this screen to configure and allow your ZyWALL to be managed by the Vantage CNM server.
screens.
Use this screen to look at the current firmware version and to upload firmware.
servers.
ZyWALL has detected.
ZyWALL has detected.
3.3.3 Main Window
The main window shows the screen you select in the menu. It is discussed in the rest of this document.
Right after you log in, the Status screen is displayed. See Chapter 7 on page 157 for more information about the Status screen.
ZyWALL USG 1000 User’s Guide
71
Chapter 3 Web Configurator
3.3.4 Message Bar
Check the message bar when you click Apply or OK to verify that the configuration has been updated.
Figure 12 Message Bar
3.3.4.1 Warning Messages
Click the up arrow to view the ZyWALL’s current warning messages. These warning messages display in a popup window, such as the following.
Figure 13 Warning Messages
Click Refresh Now to update the screen. Close the popup window when you are done with it.
Click Clear Warning Message to remove the current warning messages from the window.
3.3.4.2 CLI Messages
Click CLI to look at the CLI commands sent by the web configurator. These commands appear in a popup window, such as the following.
72
ZyWALL USG 1000 User’s Guide
Figure 14 CLI Messages
Chapter 3 Web Configurator
Click Change Display Style to show or hide the index numbers for the commands (the commands are more convenient to copy and paste without the index numbers).
Click Refresh Now to update the screen. For example, if you just enabled a particular feature, you can look at the commands the web configurator generated to enable it. Close the popup window when you are done with it.
See the Command Reference Guide for information about the commands.
ZyWALL USG 1000 User’s Guide
73
Chapter 3 Web Configurator
74
ZyWALL USG 1000 User’s Guide
CHAPTER 4

Wizard Setup

This chapter provides information on configuring the Wizard setup screens in the web configurator. See the feature-specific chapters in this User’s Guide for background information.

4.1 Wizard Setup Overview

" Use the wizards only for initial configuration starting from the default
configuration.
The web configurator's setup wizards help you configure Internet and VPN connection settings.
" Changes you make in an installation or VPN wizard may not be applied if you
have already changed the ZyWALL’s configuration.
In the ZyWALL web configurator, click the Wizard icon to open the Wizard Setup Welcome screen. The following summarizes the wizards you can select:
• INSTALLATION SETUP, ONE ISP
Click this link to open a wizard to set up a single Internet connection for Gigabit Ethernet port 2. This wizard creates matching ISP account settings in the ZyWALL if you use PPPoE or PPTP. See Section 4.2 on page 76.
• INSTALLATION SETUP, TWO ISP
Click this link to open a wizard to set up Internet connections for Gigabit Ethernet (ge) interfaces 2 and 3. See Section 4.5 on page 93. You can connect one interface to one ISP (or network) and connect the other to a second ISP (or network). You can use the second WAN connection for load balancing to increase overall network throughput or as a backup to enhance network reliability (see Section 11.3 on page 219 for more on load balancing).
This wizard creates matching ISP account settings in the ZyWALL if you use PPPoE or PPTP. This wizard also creates a WAN trunk.
• VPN SETUP
ZyWALL USG 1000 User’s Guide
75
Chapter 4 Wizard Setup
Use VPN SETUP to configure a VPN connection. See Section 4.6 on page 95.
Figure 15 Wizard Setup Welcome

4.2 Installation Setup, One ISP

The wizard screens vary depending on what encapsulation type you use. Refer to information provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have that information.
" Enter the Internet access information exactly as your ISP gave it to you.
76
ZyWALL USG 1000 User’s Guide
Figure 16 Internet Access: Step 1
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 7 Internet Access: Step 1
LABEL DESCRIPTION
ISP Parameters
Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet.
Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your ISP.
WAN IP Address Assignments
WAN Interface This is the interface you are configuring for Internet access.
Zone Select the security zone to which you want this interface and Internet connection to
IP Address Assignment
Next Click Next to continue.
belong.
Select Auto If your ISP did not assign you a fixed IP address. Select Static If the ISP assigned a fixed IP address.

4.3 Step 1 Internet Access

Encapsulation: Choose the Ethernet option when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your ISP.
WAN Interface: This is the interface you are configuring for Internet access.
Zone: Select the security zone to which you want this interface and Internet connection to
belong.
ZyWALL USG 1000 User’s Guide
77
Chapter 4 Wizard Setup
IP Address Assignment: Select Auto If your ISP did not assign you a fixed IP address. Select Static If the ISP assigned a fixed IP address.
4.3.1 Ethernet: Auto IP Address Assignment
If you select Auto as the IP Address Assignment in the previous screen, the following screen displays. Click Next to apply the configuration settings.
Figure 17 Ethernet Encapsulation: Auto: Finish
You have set up your ZyWALL to access the Internet.
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.
4.3.2 Ethernet: Static IP Address Assignment
If you select Static as the IP Address Assignment, the following screen displays.
78
ZyWALL USG 1000 User’s Guide
Figure 18 Ethernet Encapsulation: Static
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 8 Ethernet Encapsulation: Static
LABEL DESCRIPTION
ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
WAN IP Address Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will
IP Address Enter the IP address that your ISP gave you. This should be a static, public IP
IP Subnet Mask Enter the subnet mask for the IP address.
Gateway IP Address
First DNS Server Second DNS
Server
Next Click Next to continue.
belong.
address.
Enter the IP address of the router through which this WAN connection will send traffic (the default gateway).
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
Enter the DNS server IP addresses.
The ZyWALL applies the configuration settings.
ZyWALL USG 1000 User’s Guide
79
Chapter 4 Wizard Setup
4.3.3 Step 2 Internet Access Ethernet
You do not configure this screen if you selected Auto as the IP Address Assignment in the previous screen.
" Enter the Internet access information exactly as given to you by your ISP.
WAN Interface: This is the number of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address.
Gateway IP Address: Enter the IP address of the router through which this WAN connection
will send traffic (the default gateway).
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
Figure 19 Ethernet Encapsulation: Static: Finish
You have set up your ZyWALL to access the Internet.
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
80
ZyWALL USG 1000 User’s Guide
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.
4.3.4 PPPoE: Auto IP Address Assignment
If you select Auto as the IP Address Assignment in the previous screen, the following screen displays after you click Next.
Figure 20 PPPoE Encapsulation: Auto
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 9 PPPoE Encapsulation: Auto
LABEL DESCRIPTION
ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
Service Name Type the PPPoE service name given to you by your ISP. PPPoE uses a service
name to identify and reach the PPPoE server. You can use alphanumeric and ­_
User Name Type the user name given to you by your ISP. You can use alphanumeric and -
_
Password Type the password associated with the user name above. Use up to 64 ASCII
Retype to Confirm
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
ZyWALL USG 1000 User’s Guide
characters except the [] and ?. This field can be blank.
Type your password again for confirmation.
@$./ characters, and it can be up to 64 characters long.
@$./ characters, and it can be up to 31 characters long.
81
Chapter 4 Wizard Setup
Table 9 PPPoE Encapsulation: Auto (continued)
LABEL DESCRIPTION
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
WAN IP Address Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will
IP Address The ISP will assign your WAN IP address automatically
Next Click Next to continue.
The ZyWALL applies the configuration settings.
Figure 21 PPPoE Encapsulation: Auto: Finish
from the PPPoE server. The default time is 100 seconds.
belong.
You have set up your ZyWALL to access the Internet.
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.
4.3.5 PPPoE: Static IP Address Assignment
If you select Static as the IP Address Assignment, the following screen displays.
82
ZyWALL USG 1000 User’s Guide
Figure 22 PPPoE Encapsulation: Static
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 10 PPPoE Encapsulation: Static
LABEL DESCRIPTION
ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
Service Name Type the PPPoE service name given to you by your ISP. PPPoE uses a service
User Name Type the user name given to you by your ISP. You can use alphanumeric and -
Password Type the password associated with the user name above. Use up to 64 ASCII
Retype to Confirm
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
WAN IP Address Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection will
IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
name to identify and reach the PPPoE server. You can use alphanumeric and ­_
@$./ characters, and it can be up to 64 characters long.
@$./ characters, and it can be up to 31 characters long.
_
characters except the [] and ?. This field can be blank.
Type your password again for confirmation.
from the PPPoE server. The default time is 100 seconds.
belong.
ZyWALL USG 1000 User’s Guide
83
Chapter 4 Wizard Setup
Table 10 PPPoE Encapsulation: Static (continued)
LABEL DESCRIPTION
First DNS Server Second DNS
Server
Next Click Next to continue.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
4.3.6 Step 2 Internet Access PPPoE
" Enter the Internet access information exactly as given to you by your ISP.
4.3.6.1 ISP Parameters
Type the PPPoE Service Name from your service provider.
Type the User Name given to you by your ISP.
Type the Password associated with the user name.
Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPPoE server.
4.3.6.2 WAN IP Address Assignments
You do not configure this section if you selected Auto as the IP Address Assignment in the previous screen.
WAN Interface: This is the number of the interface that will connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and
vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
84
ZyWALL USG 1000 User’s Guide
Figure 23 PPPoE Encapsulation: Static: Finish
You have set up your ZyWALL to access the Internet.
Chapter 4 Wizard Setup
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.
4.3.7 PPTP: Auto IP Address Assignment
If you select Auto as the IP Address Assignment in the previous screen, the following screen displays.
ZyWALL USG 1000 User’s Guide
85
Chapter 4 Wizard Setup
Figure 24 PPTP Encapsulation: Auto
The following table describes the labels in this screen.
Tabl e 11 PPTP Encapsulation: Auto
LABEL DESCRIPTION
ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
User Name Type the user name given to you by your ISP. You can use alphanumeric and -
_
@$./ characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [] and ?. This field can be blank.
Retype to Confirm Type your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically
disconnects from the PPTP server.
PPTP Configuration
Base Interface This displays the identity of the Ethernet interface you configure to connect with a
Base IP Address Type the (static) IP address assigned to you by your ISP.
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Type the IP address of the PPTP server.
modem or router.
86
ZyWALL USG 1000 User’s Guide
Chapter 4 Wizard Setup
Tabl e 11 PPTP Encapsulation: Auto (continued)
LABEL DESCRIPTION
Connection ID Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your DSL modem.
You can use alphanumeric and -_ long.
WAN IP Address Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection
will belong.
IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
First DNS Server Second DNS
Server
Next Click Next to continue.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order to access it.
: characters, and it can be up to 31 characters
The ZyWALL applies the configuration settings.
Figure 25 PPTP Encapsulation: Auto: Finish
You have set up your ZyWALL to access the Internet.
ZyWALL USG 1000 User’s Guide
87
Chapter 4 Wizard Setup
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.
4.3.8 PPTP: Static IP Address Assignment
If you select Static as the IP Address Assignment, the following screen displays.
Figure 26 PPTP Encapsulation: Static
88
The following table describes the labels in this screen.
Table 12 PPTP Encapsulation: Static
LABEL DESCRIPTION
ISP Parameters
Encapsulation This displays the type of Internet connection you are configuring.
ZyWALL USG 1000 User’s Guide
Chapter 4 Wizard Setup
Table 12 PPTP Encapsulation: Static (continued)
LABEL DESCRIPTION
User Name Type the user name given to you by your ISP. You can use alphanumeric and -
_
@$./ characters, and it can be up to 31 characters long.
Password Type the password associated with the user name above. Use up to 64 ASCII
characters except the [] and ?.
Retype to Confirm Type your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically
disconnects from the PPTP server.
PPTP Configuration
Base Interface This displays the identity of the Ethernet interface you configure to connect with a
modem or router.
Base IP Address Type the (static) IP address assigned to you by your ISP.
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Type the IP address of the PPTP server.
Connection ID Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your DSL modem.
You can use alphanumeric and -_ long. This field can be blank.
WAN IP Address Assignments
WAN Interface This displays the identity of the interface you configure to connect with your ISP.
Zone This field displays to which security zone this interface and Internet connection
will belong.
IP Address Enter your WAN IP address in this field.
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The ZyWALL uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
First DNS Server Second DNS
Server
Next Click Next to continue.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order to access it.
: characters, and it can be up to 31 characters
4.3.9 Step 2 Internet Access PPTP
" Enter the Internet access information exactly as given to you by your ISP.
4.3.9.1 ISP Parameters
Type the User Name given to you by your ISP.
ZyWALL USG 1000 User’s Guide
89
Chapter 4 Wizard Setup
Type the Password associated with the user name.
Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPTP server.
4.3.9.2 PPTP Configuration
Base Interface: This is the identity of the Ethernet interface you configure to connect with a modem or router.
Type a Base IP Address (static) assigned to you by your ISP.
Type the IP Subnet Mask assigned to you by your ISP (if given).
Server IP: Type the IP address of the PPTP server.
Type a Connection ID or connection name. It must follow the “c:id” and “n:name” format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your broadband modem or router.
4.3.9.3 WAN IP Address Assignments
You do not configure this section if you selected Auto as the IP Address Assignment in the previous screen.
WAN Interface: This is the connection type on the interface you are configuring to connect with your ISP.
Zone: This is the security zone to which this interface and Internet connection will belong.
IP Address: Enter your (static) public IP address.
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and
vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.
The ZyWALL applies the configuration settings.
Figure 27 PPTP Encapsulation: Static: Finish
90
ZyWALL USG 1000 User’s Guide
Chapter 4 Wizard Setup
4.3.10 Step 4 Internet Access - Finish
You have set up your ZyWALL to access the Internet.
" If you have not already done so, you can register your ZyWALL with
myZyXEL.com and activate trials of services like IDP.
You can click Next and use the following screen to perform a basic registration (see Section
4.4 on page 91). If you want to do a more detailed registration or manage your account details,
click myZyXEL.com.
Alternatively, click Close to exit the wizard.

4.4 Device Registration

Use this screen to register your ZyWALL with myZXEL.com and activate trial periods of subscription security features if you have not already done so.
" You must be connected to the Internet to register.
This screen displays a read-only user name and password if the ZyWALL is already registered. It also shows which trial services are activated (if any). You can still select the unchecked trial service(s) to activate it after registration. Use the Registration > Service screen to update your service subscription status.
ZyWALL USG 1000 User’s Guide
91
Chapter 4 Wizard Setup
Figure 28 Registration
The following table describes the labels in this screen.
Table 13 Registration
LABEL DESCRIPTION
Device Registration If you select existing myZyXEL.com account, only the User Name and
Password fields are available.
new myZyXEL.com account
existing myZyXEL.com account
UserName Enter a user name for your myZyXEL.com account. The name should be
Check Click this button to check with the myZyXEL.com database to verify the user
Password Enter a password of between six and 20 alphanumeric characters (and the
Confirm Password Enter the password again for confirmation.
E-Mail Address Enter your e-mail address. You can use up to 80 alphanumeric characters
Country Code Select your country from the drop-down box list.
Trial Service Activation You can try a trial service subscription. After the trial expires, you can buy an
IDP/AppPatrol Anti-Virus Content Filter
If you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL.
If you already have an account at myZyXEL.com, select this option and enter your user name and password in the fields below to register your ZyWALL.
from six to 20 alphanumeric characters (and the underscore). Spaces are not allowed.
name you entered has not been used.
underscore). Spaces are not allowed.
(periods and the underscore are also allowed) without spaces.
iCard and enter the license key in the Registration Service screen to extend the service.
Select the check box to activate a trial. The trial period starts the day you activate the trial.
92
ZyWALL USG 1000 User’s Guide
Chapter 4 Wizard Setup
Table 13 Registration (continued)
LABEL DESCRIPTION
Close Click Close to exit the wizard.
Next Click Next to save your changes back to the ZyWALL and activate the
Figure 29 Registration: Registered Device
selected services.

4.5 Installation Setup, Two Internet Service Providers

This wizard allows you to configure two interfaces for Internet access through either two different Internet Service Providers (ISPs) or two different accounts with the same ISP.
The configuration of the following screens is explained in Section 4.2 on page 76 section. Configure the First WAN Interface and click Next.
ZyWALL USG 1000 User’s Guide
93
Chapter 4 Wizard Setup
Figure 30 Internet Access: Step 1: First WAN Interface
After you configure the First WAN Interface, you can configure the Second WAN Interface. Click Next to continue.
Figure 31 Internet Access: Step 3: Second WAN Interface
94
After you configure the Second WAN Interface, a summary of configuration settings display for both WAN interfaces.
ZyWALL USG 1000 User’s Guide
Figure 32 Internet Access: Finish
Chapter 4 Wizard Setup
" You can register your ZyWALL with myZyXEL.com and activate trials of
services like IDP.
Use the myZyXEL.com link if you do already have a myZyXEL.com account. If you already have a myZyXEL.com account, you can click Next and use the following screen to register your ZyWALL and activate service trials (see Section 4.4 on page 91).
Alternatively, click Close to exit the wizard.
4.5.1 Internet Access Wizard Setup Complete
Well done! You have successfully set up your ZyWALL to access the Internet.

4.6 VPN Setup

The VPN wizard creates corresponding VPN connection and VPN gateway settings, a policy route and address objects that you can use later in configuring more VPN connections or other features.
ZyWALL USG 1000 User’s Guide
95
Chapter 4 Wizard Setup
Click VPN SETUP in the Wizard Setup Welcome screen (Figure 15 on page 76) to open the following screen. Use it to select which type of VPN settings you want to configure.
Figure 33 VPN Wizard: Wizard Type
The following table describes the labels in this screen.
Table 14 VPN Wizard: Step 1: Wizard Type
LABEL DESCRIPTION
Express Use this wizard to create a VPN connection with another ZLD-based ZyWALL using
Advanced Use this wizard to configure detailed VPN security settings such as using certificates.
Next Click Next to continue.

4.7 VPN Wizards

A VPN (Virtual Private Network) tunnel is a secure connection to another computer or network.
Use the Express wizard to create a VPN connection with another ZLD-based ZyWALL using a pre-shared key and default security settings.
Use the Advanced wizard to configure detailed VPN security settings such as using certificates. The VPN connection can be to another ZLD-based ZyWALL or other IPSec devices.
a pre-shared key and default security settings.
The VPN connection can be to another ZLD-based ZyWALL or other IPSec device.
96
ZyWALL USG 1000 User’s Guide
4.7.1 VPN Express Wizard
Click the Express radio button as shown in Figure 33 on page 96 to display the following screen.
Figure 34 VPN Express Wizard: Step 2
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 15 VPN Express Wizard: Step 2
LABEL DESCRIPTION
Name Type the name used to identify this VPN connection (and VPN gateway). You may
Secure Gateway
Pre-Shared Key
Next Click Next to continue.
use 1-31 alphanumeric characters, underscores( character cannot be a number. This value is case-sensitive.
Enter the WAN IP address or domain name of the remote IPSec router (secure gateway) to identify the remote IPSec router by its IP address or a domain name. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address.
Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0­9", "A-F") characters. Precede hexadecimal characters with “0x”.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a PYLD_MALFORMED (payload malformed) packet if the same pre-shared key is not used on both ends.
_), or dashes (-), but the first

4.8 VPN Express Wizard - Remote Gateway

The Remote Gateway policy identifies the IPSec devices at either end of a VPN tunnel.
ZyWALL USG 1000 User’s Guide
97
Chapter 4 Wizard Setup
Name: Type the name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters, underscores( number. This value is case-sensitive.
Secure Gateway: Enter the WAN IP address or domain name of the remote IPSec router (secure gateway). Use 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address and no domain name.
Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same password. Use 8 to 31 case-sensitive ASCII characters or 16 to 62 hexadecimal (“0-9”, “A-F”) characters. Proceed hexadecimal characters with “0x”.
Figure 35 VPN Express Wizard: Step 3
_), or dashes (-), but the first character cannot be a
98
The following table describes the labels in this screen.
Table 16 VPN Express Wizard: Step 3
LABEL DESCRIPTION
Local Policy (IP/Mask)
Remote Policy (IP/Mask)
Next Click Next to continue.
Type a static local IP address that corresponds to the remote IPSec router's configured remote IP address (the remote IP address of the other ZyWALL).
To specify IP addresses on a network by their subnet mask, type the subnet mask of the LAN behind your ZyWALL.
Type a static local IP address that corresponds to the remote IPSec router's configured local IP address (the local IP address of the other ZyWALL).
To specify IP addresses on a network by their subnet mask, type the subnet mask of the LAN behind the remote gateway.
ZyWALL USG 1000 User’s Guide
4.8.1 VPN Express Wizard - Policy Setting
The Policy Setting specifies which devices can use the VPN tunnel. Local and remote IP addresses must be static.
Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also specify a subnet. This must match the remote IP address configured on the peer IPSec device.
Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device. You can also specify a subnet. This must match the local IP address configured on the peer IPSec device.
Figure 36 VPN Express Wizard: Step 4
Chapter 4 Wizard Setup
The following table describes the labels in this screen.
Table 17 VPN Express Wizard: Step 4
LABEL DESCRIPTION
Summary
Name This is the name of the VPN connection (and VPN gateway).
Secure Gateway
Pre-Shared Key
Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.
Remote Policy
ZyWALL USG 1000 User’s Guide
This is the WAN IP address or domain name of the remote IPSec router. If this field displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.
This is a pre-shared key identifying a communicating party during a phase 1 IKE negotiation.
This is a (static) IP address and Subnet Mask on the network behind the remote IPSec router.
99
Chapter 4 Wizard Setup
Table 17 VPN Express Wizard: Step 4 (continued)
LABEL DESCRIPTION
Configuration for Remote Gateway
Save Click Save to store the VPN settings on your ZyWALL.
These commands set the matching VPN connection settings for the remote gateway. If the remote gateway is a ZLD-based ZyWALL, you can copy and paste this list into its command line interface in order to configure it for the VPN tunnel.
You can also use a text editor to save these commands as a shell script file with a “.zysh” filename extension. Then you can use the file manager to run the script in order to configure the VPN connection.
See the commands reference guide for details on the commands displayed in this list.
4.8.2 VPN Express Wizard - Summary
This summary of VPN tunnel settings is read-only.
Name: Identifies the VPN gateway policy.
Secure Gateway: IP address or domain name of the peer IPSec device.
Pre-Shared Key: VPN tunnel password.
Local Policy: IP address and subnet mask of the computers on the network behind your
ZyWALL that can use the tunnel.
Remote Policy: IP address and subnet mask of the computers on the network behind the peer IPSec device that can use the tunnel.
You can copy and paste the Configuration for Remote Gateway commands into another ZLD-based ZyWALL’s command line interface.
Figure 37 VPN Express Wizard: Step 6
100
ZyWALL USG 1000 User’s Guide
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use