Maintenance; How To Allow Management Service From Wan - ZyXEL Communications ZyWALL USG Series User Manual

These sections cover managing and maintaining the ZyWALL.
• How to Allow Management Service from WAN on page 125
• How to Use a RADIUS Server to Authenticate User Accounts based on Groups on page 128
• How to Use SSH for Secure Telnet Access on page 129
• How to Manage ZyWALL Configuration Files on page 130
• How to Manage ZyWALL Firmware on page 131
• How to Download and Upload a Shell Script on page 132
• How to Change a Power Module on page 133
• How to Save System Logs to a USB Storage Device on page 135
• How to Get the ZyWALL's Diagnostic File on page 138
• How to Capture Packets on the ZyWALL on page 139
• How to Use Packet Flow Explore for Troubleshooting on page 143

6.1 How to Allow Management Service from WAN

There are several ways that remote users can manage the ZyWALL: through WWW, SSH, Telnet,
FTP, and SNMP. HTTPS and SSH access are more secure than others. To allow the ZyWALL to be
accessed from a remote user using one of these services, make sure you do not have a service
control rule or to-ZyWALL firewall rule to block this traffic.
To allow a remote management service, you must ensure the following:
• The service is enabled in its corresponding system screen (for example, you make sure the
HTTPs service in the Configuration > System > WWW screen is enabled for it to work).
• The allowed IP address (address object) in the Service Control table should match the client IP
address.
• The IP address (address object) in the Service Control table is in the allowed zone and the
action is set to accept.
• The to-ZyWALL firewall rules allow this traffic.
The following example is used to check that administrators and users are allowed to access the
ZyWALL from the WAN using HTTPs.
6.1.1 Check Service Control
Click Configuration > System > WWW.
1
ZyWALL USG 20-2000 User's Guide
C
H A PT ER

Maintenance

6
125