1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. ZYWALL USG 20W
  6. User manual

ZyXEL Communications ZyWALL USG 20 User Manual

Zld 2.21 support notes
Hide thumbs Also See for ZyWALL USG 20:
Table of Contents

Advertisement

Quick Links

See also: Manual
ZyWALL USG 20/20W/50
ZLD 2.21 Support Notes
Revision 1.00
August, 2010
Written by CSO

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ZyWALL USG 20

Summary of Contents for ZyXEL Communications ZyWALL USG 20

  • Page 1 ZyWALL USG 20/20W/50 ZLD 2.21 Support Notes Revision 1.00 August, 2010 Written by CSO...

  • Page 2: Table Of Contents

    6.1 Application Scenario ............................................. 45 6.2 Configuration Guide ............................................. 46 Scenario 7 — Reserving Highest Bandwidth Management Priority for VoIP Traffic ..........................55 7.1 Application Scenario ............................................. 55 7.2 Configuration Guide ............................................. 56 All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 3 10.3 Configuration Guide ........................................... 79 Scenario 11 — Quick Setup for Allowing WLAN Users to Access LAN Services (USG 20W only) ......................86 11.1 Application Scenario ........................................... 86 11.2 Configuration Guide ........................................... 87 All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 4: Scenario 1 - Connecting Your Usg To The Internet

    WAN and 3G backup through USB. This means that the USG will normally use the PPPoE interface for Internet access, and it will only resort to the 3G interface when the PPPoE interface’s connection fails. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 5: Configuration Guide

    ZLD configuration ZyNOS configuration Step 1. Click CONFIGURATION > Object > ISP Account to create an ISP Step 1. Click Network > WAN > WAN1 to open the configuration screen. account first. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 6 Step 3. Click the Apply button to save and apply the setting. Step 3. Click CONFIGURATION > Network > Interface > PPP to open the configuration page. User can click the system default rule and edit it. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 7 Step 5. When the configuration is done, click the Connect button to enable the PPPoE link. Once the connection is established, the connected icon will be displayed in front of the rule. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 8 Access Point Name (APN)  PIN code  Phone number (enter *99# if not sure what number to fill in) Step 7. Click CONFIGURATION > Network > Interface > Cellular to open the configuration page. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 9 WAN > General page to select the Active/Passive Mode to achieve the backup mechanism. Step 9. After the configuration is done, click Activate to enable the rule. And then click Connect button to enable the 3G connection. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 10 Step 11. Now both the PPPoE and 3G connection are UP. Click on CONFIGURATION > Network > Interface > Trunk to open the configuration screen. Step 12. Click the Add button to add a User Configuration rule. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 11 Active and 3G for Passive mode. Step 14. Select the User Configured Trunk rule as the default WAN trunk. Then it will work using PPPoE as primary and 3G as a backup connection. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 12: Scenario 2 - Wan Load Balancing And Customized Usage Of Wan Connection For Specific Traffic (Usg 50 Only)

    The outbound traffic sessions will be assigned to WAN1 and WAN2 according to their proportional weights. E.g., when there’s total outbound traffic of 900K, 600K will be sent out over WAN1 and 300K will be sent out over WAN2. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 13 The interface with the least outbound traffic utilization ratio will be used to send the next new session. Take the following for example: Interface Available Current measured Utilization Bandwidth Traffic Ratio WAN1 600K WAN1_ppp 512K 256K WAN2 1.6M The next outbound new session will be sent over WAN1_ppp. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 14: Customized Usage Of Wan Connection For Specific Traffic Type

    ITSP (VoIP provider). Therefore, network administrator can set the gateway to send VoIP traffic out over WAN1. Both ZyNOS ZyWALL and USG ZyWALL can achieve this application by Policy Route. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 15: Application Scenario

    WAN2 PPPoE connection. Network administrator also wants HTTP traffic sent over WAN2 PPPoE connection primarily. In case WAN2 PPPoE is down, LAN users can still surf internet over WAN1. For all other types of traffic, administrator needs the two WAN connections to share the outbound traffic load, performing load balancing. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 16: Configuration Guide

    Go to CONFIGURATION > Object > ISP Account, add a PPPoE account: primarily from WAN1, and WAN2 as backup. Criteria: Application: SIP Source: Choose LAN interface. Address range: 192.168.1.0~192.168.1.255 Destination: Any. Action Applies to: Matched packets. Routing Action: All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 17 Please enable SIP ALG to let this policy route apply to all VoIP traffic including setting WAN2_ppp as Passive mode. both SIP signaling and RTP (voice data). Go to Advanced > ALG, enable SIP ALG. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 18 Action Applies to: Matched packets. Routing Action: c. Use SYSTEM_DEFAULT_WAN_TRUNK to do load balancing for all other Choose WAN interface WAN2, and enable Use another interface when the traffic. specified WAN interface is not available. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 19 Please note that to make sure this policy route applies to all VoIP traffic, including both the SIP signaling and RTP (voice data), we need to enable SIP ALG. Go to Configuration > Network > ALG, enable SIP ALG. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 20 ZyXEL – ZyWALL USG Support Notes b. Add a policy route for HTTP traffic: Source: LAN1_subnet Destination: Any Service: HTTP Next Hop: Select the newly created WAN trunk WAN_Trunk_HTTP. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 21 For all other traffic, use SYSTEM_DEFAULT_WAN_TRUNK to do load balancing. Go to Configuration > Network > Interface > Trunk. Click Show Advanced Settings. Make sure Default SNAT is enabled. Select SYSTEM_DEFAULT_WAN_TRUNK in Default Trunk Selection. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 22: Scenario 3 - How To Configure Nat If You Have Internet-Facing Public Servers

    NAT mapping rule to forward the traffic from Internet side to intranet side. This feature can not only ensure service availability but also helps avoid exposing the server’s real IP address to be attacked. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 23: Configuration Guide

    User Tom can access the internal FTP server by accessing the Internet-facing WAN IP address. ZLD configuration ZyNOS configuration Step 1. Click CONFIGURATION > Network > NAT to open the configuration Step 1. Click ADVANCED > NAT > Port Forwarding to open the configuration screen. screen. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 24 Step 4. The port forwarding rule enables delivery of the access request from WAN to the internal network, but the user still needs to configure access privileges by adjusting the firewall rule. By default all WAN to LAN access is dropped. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 25 After this configuration, user can access the FTP server from WAN side. Step 6. User can create an address object for the internal FTP server for further configuration usage. Click Create new Object for this function. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 26 Destination IP address is the FTP server’s address Select FTP service (with port 20/21) to be enabled Select the allow action for matched packets After this configuration, user can access the FTP server from WAN side. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 27: Scenario 4 - Secure Site-To-Site Connections Using Ipsec Vpn

    The USG can provide secure site-to-site access between remote locations and corporate resources through the Internet. Using IPSec VPN, companies can secure connections to branch offices, partners and headquarters as the illustration below. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 28: Configuration Guide

    Encryption Algorithm: 3DES Authentication Algorithm: SHA1 Authentication Algorithm: MD5 Perfect Forward Secrecy: None Key Group: DH1 Goal to achieve: Build up the IPSec VPN tunnel between USG-50 and ZyWALL-5 UTM with the above configuration. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 29  Encryption algorithm ID Type setting (Local and Peer side)  Authentication algorithm Configure the IKE proposal   Key Group Negotiation mode  Encryption algorithm  Authentication algorithm  Key Group All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 30 ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 31 Encapsulation mode  Phase-2 settings Active protocol   Active protocol Encryption algorithm   Encapsulation mode Authentication algorithm   Encryption algorithm Perfect Forward Secrecy  Authentication algorithm  Perfect Forward Secrecy All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 32 ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 33 Click the Connect button to enable the VPN tunnel. Step 7. After the VPN tunnel is established, user can find the SA information on SECURITY > VPN > SA Monitor. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 34 VPN link. Once the tunnel is established, a connected icon will be displayedin front of the rule. Step 8. When the VPN tunnel is established, user can find the SA information on MONITOR > VPN MONITOR > IPSec. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 35: Scenario 5 - Secure Client-To-Site Connections Using Ipsec Vpn

    Road warriors and telecommuters can use SSL or L2TP VPN to safely access the company network without having to install VPN software. ZyWALL USG Series provides a flexible and easy way to enable mobile employees, vendors and partners to confidentially access your network resource for better efficiency. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 36: Configuration Guide

    Authentication Algorithm: MD5 Perfect Forward Secrecy: None Key Group: DH1 Goal to achieve: Build up an IPSec VPN tunnel for mobile user’s dynamic access to USG-50 or ZyWALL-5 UTM with the above configuration. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 37 Pre-Shared Key   Authentication algorithm ID Type setting (Local and Peer side)  Key Group Configure the IKE proposal  Negotiation mode  Encryption algorithm  Authentication algorithm  Key Group All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 38 ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 39   Active protocol Encapsulation mode   Encapsulation mode Active protocol   Encryption algorithm Encryption algorithm   Authentication algorithm Authentication algorithm   Perfect Forward Secrecy Perfect Forward Secrecy All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 40 ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 41 Step 6. After setting up the network policy, user can see the IPSec VPN configuration is complete. Note that the destination is Any. Step 7. Start the ZyXEL IPSec VPN Client. Fill in the Phase-1 configuration. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 42 Step 7. Start the ZyXEL IPSec VPN Client. Fill in the Phase-1 configuration. Step 8. Configure the phase-2 parameters. Note that the USG series does not support the “Config Mode” in phase-1 advanced setting, thus users must avoid selecting it when performing configuration. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 43 Step 8. Configure the phase-2 parameters. Step 9. Because it is a dynamic rule, user MUST enable it from the VPN client. Click Open Tunnel to enable it. The icon will change to green if established successfully. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 44 Click Open Tunnel to enable it. The icon will change to green if established successfully. Step 10. When the VPN tunnel is established, user can find the SA information on MONITOR > VPN MONITOR > IPSec. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 45: Scenario 6 - Deploying Ssl Vpn For Tele-Workers To Access Company Resources (Usg 50 Only)

    NOTE: USG 50 supports RDP, VNC, WEB link application and SSL VPN full tunnel, but doesn’t support SSL VPN file-share and OWA applications so far. If the remote clients want to use file-share and OWA through SSL VPN, they can use SSL VPN full tunnel mode (Security Extender) as a workaround. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 46: Configuration Guide

    1) Tom in tele-admin group can VNC to the internal server 192.168.1.5 by SSL VPN application. 2) Chris in sales group can access company fileshare resources in the LAN subnet through SSL VPN full tunnel. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 47 Step 1. Create two local user accounts for Tom and Chris on USG50. ZyNOS ZyWALL does not support SSL VPN. Go to Configuration > Object > User/Group, add two local user accounts for Tom and Chris: All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 48 Step 2. Go to Configuration > Object > Address. Add an IP address pool for the SSL VPN full tunnel mode access (Security Extender). Step3. Go to Configuration > Object > SSL Application. Create an SSL application object for the VNC server. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 49 Step4. Go to Configuration > VPN > SSL VPN. Add an SSL VPN rule for Tom to access. Allow the user “Tom” to access this rule. Add the VNC application to SSL Application. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 50 Allow the user “Chris” to access this rule. Enable Network Extension, assign the address pool for SSL VPN clients, and select the USG internal network to allow SSL VPN clients to access. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 51 Open the USG login page. Make sure Java is installed and enabled in your browser. Use user “Tom” to log into SSL VPN. NOTE: To use the SSL VPN RDP application, user must use IE. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 52 SSL VPN is established. You can see the VNC server on the VPN portal. User can just click on the VNC application and access the VNC server. Input the correct password for VNC login, and click OK, the VNC connection will be established. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 53 Open the USG login page. Make sure Java is installed and enabled in your browser. Use user “Chris” to log into SSL VPN. Full tunnel SSL VPN (Security Extender) will be established. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 54 The client can access the LAN resources by their private IP’s as if he were in the same local network with the LAN hosts. In this example, the user can access the file share server in USG LAN subnet. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 55: Scenario 7 - Reserving Highest Bandwidth Management Priority For Voip Traffic

    Management (BWM) function to effectively manage bandwidth according to different flexible criteria. VoIP traffic is quite sensitive to delay and jitter. Therefore, in an enterprise company, VoIP traffic should usually be awarded the highest priority over all other types of traffic. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 56: Configuration Guide

    Step 1. Go to Advanced > ALG, enable SIP ALG. (If you want to use BWM to manage VoIP traffic, SIP ALG must be Step 1. Go to Configuration > Network > ALG, enable SIP ALG. enabled.) All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 57 SIP traffic bandwidth usage statistics. Step3. Go to Advanced > BW Management > Class Setup. Add Sub-Class under interface WAN1 to manage upload traffic. NOTE: You need to register IDP/App Patrol license to use App Patrol. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 58 Step 1. Go to Configuration > Network > ALG, enable SIP ALG. (Priority order: 7~1 — Highest ~ Lowest) Enable Bandwidth Filter. Service: SIP Destination: Any Source: LAN subnet Step 2. Go to Configuration > BWM, enable BWM. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 59 300Kbps in both download and upload directions. Download bandwidth budget: 300kbps. Priority: 7. (Priority order: 7~1 — Highest ~ Lowest) Enable Bandwidth Filter. Service: SIP Destination: LAN subnet Source: Any All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 60 ZyXEL – ZyWALL USG Support Notes Step4. Create a bandwidth management rule and configure Configure the rule as from WAN to LAN1 Configure the rest identically to the above rule All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 61: Scenario 8 - Reserving Highest Bandwidth Management Priority For A Superior User And Control Session Per Host

    Internet traffic, and guarantee a minimum bandwidth for his traffic. During the office hours, to prevent any user consuming too much of the company’s bandwidth, the network administrator should limit the number of sessions each user may use. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 62: Configuration Guide

    Step 1. Go to Configuration > Object > Address, add an address object for the the scheduler to Priority-Based. Enable Maximize Bandwidth Usage. manager. manager_IP: 192.168.1.50 Enable BWM on LAN. Set speed to 2000kbps (download bandwidth). Set the scheduler to Priority-Based. Enable Maximize Bandwidth Usage. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 63 Enable Bandwidth Filter Input Start Time and Stop Time, and choose the weekdays. Service: choose Custom Destination Address: Any Destination Port: 80(HTTP) Source Address: manager’s IP 192.168.1.50 Source Port: Any Protocol ID: 6(TCP) All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 64 Enable Bandwidth Filter Service: choose Custom Destination Address: manager’s IP 192.168.1.50 Destination Port: Any Step4. Configuration > App Patrol > Common. Edit the application “http”. Source Address: Any Source Port: 80(HTTP) Protocol ID: 6(TCP) All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 65 (download), and assign a bandwidth of 100kbps for outbound traffic (upload). For the definition of Inbound and Outbound, please refer to the App Patrol BWM Direction NOTE below. Set priority as the highest —1. Enable Maximize Bandwidth Usage. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 66 Inbound and Outbound. The direction Inbound and Outbound are determined with the traffic session initiation direction as reference. Inbound: From session responder to session initiator Outbound: From session initiator to session responder. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 67 Go to Configuration > Firewall > Session Limit. Enable Session Limit, and set Default Session per Host to 1000. Administrator can adjust this value according to his real network environment. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 68 Step 1. Go to Configuration > Object > Address, Add an address object for the manager. manager_IP: 192.168.1.50 Step 2. Go to Configuration > Object > Schedule. Add one recurring schedule object. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 69 ZyXEL – ZyWALL USG Support Notes Input Start Time and Stop Time, and choose the weekdays. Step3. Go to Configuration > BWM. Add a policy to manage the manager’s http traffic bandwidth. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 70 300kbps for inbound traffic (download), and assign a bandwidth of 100kbps for outbound traffic (upload). Set priority as the highest 1. Enable Maximize Bandwidth Usage. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 71: Scenario 9 - Using Zywall To Control Popular P2P Applications (Usg 50 Only)

    Patrol function can examine passing traffic in real time, detect traffic service type, and take corresponding actions according to the configuration in App Patrol. For example, to improve network productivity efficiency, network administrator can set App Patrol to block P2P traffic in office hours, and limit its speed with bandwidth management out of office hours. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 72: Configuration Guide

    In Active option, check all the traffic to LAN, DMZ and WAN check boxes to have the IM/P2P traffic between LAN zone users and the remote users under control. c. Click the Apply button to save the above settings. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 73 IDP/App Patrol license. Step 2. Control Thunder application. Enable Application Patrol, and enable BWM. a. In IDP->Signature, click on Switch to query view to search for the specified signatures and set them up optionally. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 74 Step3. Switch to Configuration > App Patrol > Peer to Peer. Edit the P2P b. Use the “Thunder” keyword to search for and list any signatures related to services you need to control. In this example, we will edit the thunder “thunder”. application. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 75 Assign the lowest priority —7 for it. blocking the Thunder packets by selecting Drop Packet in the Action field. Also remember to check the Active check box to activate the signatures. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 76 We can enable Log to check which user tries to violate the rule. Check the created policies. Make sure their order lists as below: NOTE: You need to register an IDP license to use the IDP function. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 77: Scenario 10 - Deploying Content Filtering To Manage Employee Browsing Behavior

    These unsafe websites should also be avoided. So the network administrator needs to make policies to prevent these undesirable types of browsing. ZyXEL Content Filtering service, including its Safe Browsing service, is tailored to help network administrator to handle these requirements. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 78: Introduction To Zsb (Zyxel Safe Browsing)

    At other times outside of office hours, the restrictions for employees can be removed. The employees may access all websites except for unsafe websites. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 79: Configuration Guide

    Enable External Database Content Filtering and set the action for matched web pages to “Block and Log”. Enter the message to display when a website is blocked. E.g. “This website is restricted. Please contact administrator.” All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 80 Step 2. Go to SECURITY > CONTENT FILTER > Policy. Step 3. Go to Configuration > Anti-X > Content Filter > Filter Profile. Add a Insert an access policy. profile. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 81 Set action When Category Server is Unavailable to “Warn and Log”. Check all the unsafe categories, and leave all the managed categories as unchecked. Click the External icon to edit the external categories. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 82 Set action for Unrated Web Pages to “Warn and Log”. Set action When Category Server is Unavailable to “Warn and Log”. Check all the unsafe categories. Check the managed categories that you don’t want employees to surf during office hours. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 83 Add an access policy for all the crew outside of office hours. Schedule: none. Address: select the address object LAN subnet. Filter Profile: select the profile “allow_all_websites” created in the Profile page. User/Group: Any All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 84 Filter Profile: select the “for_employee” profile created in the Profile page. User/Group: Any Add an access policy for the manager. Schedule: none (all the time) Address: manager’s IP address Filter Profile: select the profile “allow_all_websites” created in Profile page. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 85 ZyXEL – ZyWALL USG Support Notes Check the created policies. Make sure their order lists as below: All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 86: Scenario 11 - Quick Setup For Allowing Wlan Users To Access Lan Services (Usg 20W Only)

    WLAN to LAN and also from LAN to WLAN. To streamline the configuration process, the administrator can simply relocate the WLAN users and the server on LAN side into the same security group to give them identical properties. The steps below will show you how to realize this. All contents copyright (c) 2010 ZyXEL Communications Corporation.

  • Page 87: Configuration Guide

    ZLD configuration ZyNOS configuration Step 1. Click WIRELESS > Wi-Fi > Wireless Card to open the configuration Step 1. Click CONFIGURATION > Network > Interface > WLAN to open the screen. configuration screen. All contents copyright (c) 2010 ZyXEL Communications Corporation.
  • Page 88 Step 3. Configure this SSID to belong to the LAN zone. With both the WLAN users and the LAN server belonging to the same security zone, the WLAN users will be able to access the LAN service even without modifying the firewall policy. All contents copyright (c) 2010 ZyXEL Communications Corporation.

This manual is also suitable for:

Zywall usg 50Zywall usg 2000

Table of Contents