ZyXEL Communications 200 Series User Manual
Unified security gateway
Hide thumbs
Also See for 200 Series:
- User manual (1133 pages) ,
- Manual (1157 pages) ,
- Reference manual (394 pages)
Related Manuals for ZyXEL Communications 200 Series
Summary of Contents for ZyXEL Communications 200 Series
- Page 1 ZyWALL USG 100/200 Series Unified Security Gateway User’s Guide Version 2.10 5/2008 Edition 1 DEFAULT LOGIN LAN1 Port IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com...
-
Page 3: About This User's Guide
It is recommended you use the web configurator to configure the ZyWALL. • Web Configurator Online Help ZyWALL USG 100/200 Series User’s Guide chapter for an overview of features available on the ZyWALL. for web browser requirements and an introduction to the main if you’re using the wizards for first time setup and you want... - Page 4 Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw ZyWALL USG 100/200 Series User’s Guide...
-
Page 5: Document Conventions
“k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. ZyWALL USG 100/200 Series User’s Guide Document Conventions... - Page 6 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Server Switch Computer Notebook computer Firewall Telephone Router ZyWALL USG 100/200 Series User’s Guide...
-
Page 7: Safety Warnings
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. This product is recyclable. Dispose of it properly. ZyWALL USG 100/200 Series User’s Guide Safety Warnings Safety Warnings... - Page 8 Safety Warnings ZyWALL USG 100/200 Series User’s Guide...
-
Page 9: Table Of Contents
SSL User Screens ... 395 SSL User Application Screens ... 401 SSL User File Sharing ... 403 L2TP VPN ... 409 L2TP VPN Example ... 415 Application Patrol ... 441 Application Patrol ... 443 ZyWALL USG 100/200 Series User’s Guide Contents Overview Contents Overview... - Page 10 Maintenance, Troubleshooting, & Specifications ... 703 File Manager ... 705 Logs ... 715 Reports ... 727 Diagnostics ... 741 Reboot ... 743 Troubleshooting ... 745 Product Specifications ... 749 Appendices and Index ... 757 ZyWALL USG 100/200 Series User’s Guide...
-
Page 11: Table Of Contents
2.3.2 SSL VPN Network Access ... 61 2.3.3 User-Aware Access Control ... 62 2.3.4 Multiple WAN Interfaces ... 62 2.3.5 Device HA ... 63 Chapter 3 Web Configurator... 65 ZyWALL USG 100/200 Series User’s Guide Table of Contents Table of Contents... - Page 12 4.8.7 VPN Advanced Wizard - Phase 2 ... 105 4.8.8 VPN Advanced Wizard - Summary ... 106 4.8.9 VPN Advanced Wizard - Finish ... 106 Chapter 5 Configuration Basics... 109 5.1 Object-based Configuration ... 109 ... 91 ZyWALL USG 100/200 Series User’s Guide...
- Page 13 6.1.1 How to Configure a WAN Ethernet Interface ... 125 6.1.2 How to Configure the OPT Interface for a Local Network ... 126 6.1.3 How to Configure Port Roles ... 128 6.2 How to Configure a Cellular Interface ... 129 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 14 7.1.1 What You Can Do in the Status Screens ... 171 7.2 The Status Screen ... 171 7.2.1 The CPU Usage Screen ... 175 7.2.2 The Memory Usage Screen ... 176 7.2.3 The Session Usage Screen ... 177 ZyWALL USG 100/200 Series User’s Guide...
- Page 15 10.5.2 Interface Wizard: WAN Type ... 215 10.5.3 Interface Wizard: Non-WAN OPT Interface Setup ... 215 10.5.4 Interface Wizard: WAN Zone and IP Address Assignment ... 216 10.5.5 Interface Wizard: WAN ISP Connection Settings ... 217 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 16 12.1.2 What You Need to Know About Policy and Static Routing ... 278 12.2 Policy Route Screen ... 279 12.2.1 Policy Route Edit Screen ... 281 12.3 IP Static Route Screen ... 283 12.3.1 Static Route Add/Edit Screen ... 284 ZyWALL USG 100/200 Series User’s Guide...
- Page 17 16.3 NAT 1:1 and NAT Loopback Examples ... 313 Chapter 17 HTTP Redirect ... 321 17.1 Overview ... 321 17.1.1 What You Can Do in the HTTP Redirect Screens ... 321 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 18 20.2.1 The VPN Connection Add/Edit (IKE) Screen ... 355 20.2.2 The VPN Connection Add/Edit Manual Key Screen ... 360 20.3 The VPN Gateway Screen ... 363 20.3.1 The VPN Gateway Add/Edit Screen ... 364 20.4 The VPN Concentrator Screen ... 369 ZyWALL USG 100/200 Series User’s Guide...
- Page 19 24.3.2 Saving a File ... 405 24.4 Creating a New Folder ... 406 24.5 Renaming a File or Folder ... 406 24.6 Deleting a File or Folder ... 407 24.7 Uploading a File ... 408 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 20 27.5 Application Patrol Statistics ... 462 27.5.1 Application Patrol Statistics: General Setup ... 462 27.5.2 Application Patrol Statistics: Bandwidth Statistics ... 463 27.5.3 Application Patrol Statistics: Protocol Statistics ... 464 Part VI: Anti-X... 467 ZyWALL USG 100/200 Series User’s Guide...
- Page 21 29.8.1 Creating or Editing a Custom Signature ... 501 29.8.2 Custom Signature Example ... 505 29.8.3 Applying Custom Signatures ... 508 29.8.4 Verifying Custom Signatures ... 508 29.9 IDP Technical Reference ... 509 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 22 32.3 Web Site Submission ... 556 Chapter 33 Anti-Spam ... 559 33.1 Overview ... 559 33.1.1 What You Can Do in the Anti-Spam Screens ... 559 33.1.2 What You Need to Know About Anti-Spam ... 559 ZyWALL USG 100/200 Series User’s Guide...
- Page 23 35.1.2 What You Need To Know About User/Groups ... 593 35.2 User Summary Screen ... 595 35.2.1 User Add/Edit Screen ... 596 35.3 User Group Summary Screen ... 598 35.3.1 Group Add/Edit Screen ... 598 35.4 Setting Screen ... 599 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 24 39.1.4 What You Can Do Using The AAA Screens ... 626 39.1.5 What You Need To Know About AAA Servers ... 626 39.2 Active Directory or LDAP Default Server Screen ... 627 39.2.1 Configuring Active Directory or LDAP Default Server Settings ... 628 ZyWALL USG 100/200 Series User’s Guide...
- Page 25 42.1.3 Example: Specifying a Web Site for Access ... 657 42.2 The SSL Application Screen ... 658 42.2.1 Creating/Editing a Web-based SSL Application Object ... 659 42.2.2 Creating/Editing a File Sharing SSL Application Object ... 660 Part IX: System... 663 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 26 43.9.1 Configuring FTP ... 695 43.10 SNMP ... 696 43.10.1 Supported MIBs ... 697 43.10.2 SNMP Traps ... 697 43.10.3 Configuring SNMP ... 698 43.11 Dial-in Management ... 699 43.11.1 Configuring Dial-in Mgmt ... 699 ZyWALL USG 100/200 Series User’s Guide...
- Page 27 46.5 The IDP Report Screen ... 733 46.6 The Anti-Spam Report Screen ... 735 46.7 The Email Daily Report Screen ... 737 Chapter 47 Diagnostics... 741 47.1 The Diagnostics Screen ... 741 ZyWALL USG 100/200 Series User’s Guide Table of Contents...
- Page 28 Appendix C Displaying Anti-Virus Alert Messages in Windows... 819 Appendix D Importing Certificates... 825 Appendix E Wireless LANs ... 831 Appendix F Open Software Announcements ... 845 Appendix G Legal Information... 873 Appendix H Customer Support... 877 Index... 883 ZyWALL USG 100/200 Series User’s Guide...
-
Page 29: List Of Figures
Figure 35 VPN Express Wizard: Step 2 ... 96 Figure 36 VPN Express Wizard: Step 3 ... 97 Figure 37 VPN Express Wizard: Step 4 ... 98 Figure 38 VPN Express Wizard: Step 6 ... 99 ZyWALL USG 100/200 Series User’s Guide... - Page 30 Figure 79 VPN > IPSec VPN > VPN Gateway > Add ... 145 Figure 80 Object > Address > Address > Add ... 145 Figure 81 VPN > IPSec VPN > VPN Connection > Add ... 146 ZyWALL USG 100/200 Series User’s Guide...
- Page 31 Figure 122 Device HA > General: Master ZyWALL Example ... 166 Figure 123 Public Server Example Network Topology ... 167 Figure 124 Creating the Address Object for the HTTP Server’s Private IP Address ... 167 ZyWALL USG 100/200 Series User’s Guide...
- Page 32 Figure 164 Interface > Cellular > Status ... 231 Figure 165 Example of a Wireless Network ... 233 Figure 166 Network > Interface > WLAN ... 234 Figure 167 Network > Interface > WLAN > Add (No Security) ... 237 ZyWALL USG 100/200 Series User’s Guide...
- Page 33 Figure 207 Network > Zone > Edit ... 301 Figure 208 Network > DDNS ... 304 Figure 209 Network > DDNS > Add ... 305 Figure 210 Network > DDNS > Status ... 308 ZyWALL USG 100/200 Series User’s Guide...
- Page 34 Figure 251 VPN > IPSec VPN > VPN Connection ... 353 Figure 252 VPN > IPSec VPN > VPN Connection > Edit (IKE) ... 356 Figure 253 VPN > IPSec VPN > VPN Connection > Manual Key > Edit ... 361 ZyWALL USG 100/200 Series User’s Guide...
- Page 35 Figure 292 File Sharing: Rename ... 407 Figure 293 File Sharing: Delete Prompt ... 407 Figure 294 File Sharing: File Upload ... 408 Figure 295 L2TP VPN Overview ... 409 Figure 296 Policy Route for L2TP VPN ... 410 ZyWALL USG 100/200 Series User’s Guide...
- Page 36 Figure 336 IP Security Policy Properties: IP Filter List > Add ... 432 Figure 337 Filter Properties: Addressing ... 433 Figure 338 Filter Properties: Protocol ... 433 Figure 339 IP Security Policy Properties: IP Filter List ... 434 ZyWALL USG 100/200 Series User’s Guide...
- Page 37 Figure 379 Anti-X > IDP > General > Add ... 487 Figure 380 Base Profiles ... 488 Figure 381 Anti-X > IDP > Profile ... 489 Figure 382 Anti-X > IDP > Profile > Edit : Group View ... 491 ZyWALL USG 100/200 Series User’s Guide...
- Page 38 Figure 423 Anti-X > Anti-Spam > General > Add ... 563 Figure 424 Anti-X > Anti-Spam > Black/White List > Black List ... 565 Figure 425 Anti-X > Anti-Spam > Black/White List > Black List (or White List) > Add ... 566 ZyWALL USG 100/200 Series User’s Guide...
- Page 39 Figure 466 Object > AAA Server > Active Directory (or LDAP) > Group > Add ... 630 Figure 467 Object > AAA Server > RADIUS > Default ... 631 Figure 468 Object > AAA Server > RADIUS > Group ... 632 ZyWALL USG 100/200 Series User’s Guide...
- Page 40 Figure 508 Personal Certificate Import Wizard 4 ... 687 Figure 509 Personal Certificate Import Wizard 5 ... 688 Figure 510 Personal Certificate Import Wizard 6 ... 688 Figure 511 Access the ZyWALL Via HTTPS ... 688 ZyWALL USG 100/200 Series User’s Guide...
- Page 41 Figure 551 Maintenance > Report > Anti-Spam: Sender IP ... 736 Figure 552 Maintenance > Report > Email Daily Report ... 738 Figure 553 Maintenance > Diagnostics ... 741 Figure 554 Maintenance > Reboot ... 743 ZyWALL USG 100/200 Series User’s Guide...
- Page 42 Figure 575 Peer-to-Peer Communication in an Ad-hoc Network ... 831 Figure 576 Basic Service Set ... 832 Figure 577 Infrastructure WLAN ... 833 Figure 578 RTS/CTS ... 834 Figure 579 WPA(2) with RADIUS Application Example ... 841 Figure 580 WPA(2)-PSK Authentication ... 842 ZyWALL USG 100/200 Series User’s Guide...
-
Page 43: List Of Tables
Table 34 Status > Memory Usage ... 177 Table 35 Status > Session Usage ... 178 Table 36 Status > VPN Status ... 179 Table 37 Status > DHCP Table ... 180 Table 38 Status > Port Statistics ... 181 ZyWALL USG 100/200 Series User’s Guide... - Page 44 Table 78 Example: Routing Table Before and After Bridge Interface br0 Is Created ... 256 Table 79 Network > Interface > Bridge ... 256 Table 80 Network > Interface > Bridge > Add ... 259 Table 81 Network > Interface > Auxiliary ... 262 ZyWALL USG 100/200 Series User’s Guide...
- Page 45 Table 121 VPN > IPSec VPN > Concentrator > Edit ... 370 Table 122 VPN > IPSec VPN > SA Monitor ... 372 Table 123 VPN Example: Matching ID Type and Content ... 376 Table 124 VPN Example: Mismatching ID Type and Content ... 376 ZyWALL USG 100/200 Series User’s Guide...
- Page 46 Table 164 Anti-X > ADP > General ... 515 Table 165 Anti-X > ADP > General > Add ... 516 Table 166 Base Profiles ... 517 Table 167 Anti-X > ADP > Profile ... 517 ZyWALL USG 100/200 Series User’s Guide...
- Page 47 Table 207 Object > Service > Service Group > Edit ... 617 Table 208 Object > Schedule ... 620 Table 209 Object > Schedule > Edit (One Time) ... 621 Table 210 Object > Schedule > Edit (Recurring) ... 622 ZyWALL USG 100/200 Series User’s Guide...
- Page 48 Table 250 Maintenance > File Manager > Firmware Package ...711 Table 251 Maintenance > File Manager > Shell Script ... 713 Table 252 Specifications: Logs ... 715 Table 253 Maintenance > Log > View Log ... 716 ZyWALL USG 100/200 Series User’s Guide...
- Page 49 Table 292 Sessions Limit Logs ... 787 Table 293 Policy Route Logs ... 787 Table 294 Built-in Services Logs ... 788 Table 295 System Logs ... 791 Table 296 Connectivity Check Logs ... 796 ZyWALL USG 100/200 Series User’s Guide...
- Page 50 Table 308 Commonly Used Services ... 815 Table 309 IEEE 802.11g ... 835 Table 310 Wireless Security Levels ... 836 Table 311 Comparison of EAP Authentication Types ... 839 Table 312 Wireless Security Relational Matrix ... 842 ZyWALL USG 100/200 Series User’s Guide...
-
Page 51: Getting Started
Getting Started Introducing the ZyWALL (53) Features and Applications (57) Web Configurator (65) Configuration Basics (109) Tutorials (125) Status (171) Registration (185) Signature Update (191) -
Page 53: Introducing The Zywall
Configure the ZyWALL USG 200’s OPT Gigabit Ethernet port as a third WAN port, an additional LAN1, WLAN, or DMZ port or a separate network. 1.2 Front Panel LEDs Figure 1 ZyWALL USG 200 Front Panel ZyWALL USG 100/200 Series User’s Guide Chapter 2 on page 57 for a more detailed overview of the... -
Page 54: Management Overview
This port has a successful link. There is no card in the slot. There is a card in the slot. Flashing The card in the slot is sending or receiving traffic. ZyWALL USG 100/200 Series User’s Guide 55). If the LED turns red again,... -
Page 55: Starting And Stopping The Zywall
Rebooting the ZyWALL Using the RESET button ZyWALL USG 100/200 Series User’s Guide DESCRIPTION A cold start occurs when you turn on the power to the ZyWALL. The ZyWALL powers up, checks the hardware, and starts the system processes. A warm start (without powering down and powering up again) occurs when... - Page 56 ZyWALL. Power off occurs when you turn off the power to the ZyWALL. The ZyWALL simply turns off. It does not stop the system processes or write cached data to local storage. ZyWALL USG 100/200 Series User’s Guide...
-
Page 57: Features And Applications
The ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restricts access by screening data packets against defined access rules. It can also inspect sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first. ZyWALL USG 100/200 Series User’s Guide... - Page 58 DNS black list (DNSBL) of IP addresses of servers that are suspected of being used by spammers. Section 29.6.2 on page 493 for a list of attacks that the ZyWALL can for more on the kinds of attacks that the ZyWALL can ZyWALL USG 100/200 Series User’s Guide Section 30.3.4 on page...
-
Page 59: Packet Flow
Ethernet -> VLAN -> Encap -> ALG -> DNAT-> Routing -> FW -> IDP -> AP-> CF -> AV -> AS -> SNAT -> BWM -> Encap -> VLAN -> Ethernet ZyWALL USG 100/200 Series User’s Guide Chapter 2 Features and Applications... -
Page 60: Interface To Interface (To/From Zywall)
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can also set up additional connections to the Internet to provide better service. Chapter 6 on page 125 ZyWALL USG 100/200 Series User’s Guide... -
Page 61: Ssl Vpn Network Access
In full tunnel mode, a virtual connection is created for remote users with private IP addresses in the same subnet as the local network. This allows them to access network resources in the same way as if they were part of the internal network. ZyWALL USG 100/200 Series User’s Guide Chapter 2 Features and Applications... -
Page 62: User-Aware Access Control
Figure 7 Applications: User-Aware Access Control 2.3.4 Multiple WAN Interfaces Set up multiple connections to the Internet on the same port, or set up multiple connections on different ports. In either case, you can balance the loads between them. ZyWALL USG 100/200 Series User’s Guide... -
Page 63: Device Ha
Figure 8 Applications: Multiple WAN Interfaces 2.3.5 Device HA Set up an additional ZyWALL as a backup gateway to ensure the default gateway is always available for the network. Figure 9 Applications: Device HA ZyWALL USG 100/200 Series User’s Guide Chapter 2 Features and Applications... - Page 64 Chapter 2 Features and Applications ZyWALL USG 100/200 Series User’s Guide...
-
Page 65: Web Configurator
2 Open your web browser, and go to http://192.168.1.1. By default, the ZyWALL automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears. ZyWALL USG 100/200 Series User’s Guide Web Configurator... -
Page 66: Figure 10 Login Screen
5 The screen above appears every time you log in using the default user name and default password. If you change the password for the default user account, this screen does not appear anymore. (Figure 11 on page 66) appears. Otherwise, the main screen ZyWALL USG 100/200 Series User’s Guide (Figure... -
Page 67: Web Configurator Main Screen
• D - status bar 3.3.1 Title Bar The title bar provides some icons in the upper right corner. ZyWALL USG 100/200 Series User’s Guide Chapter 3 Web Configurator 66) appears after you click Apply. If you click Ignore, the... -
Page 68: Navigation Panel
Use this screen to schedule anti-virus signature updates and to update signature information immediately. Use this screen to schedule IDP signature updates and to update signature information immediately. Use this screen to schedule system-protect signature updates and to update signature information immediately. ZyWALL USG 100/200 Series User’s Guide Chapter 4... - Page 69 L2TP VPN L2TP Over IPSec Use this screen to configure L2TP Over IPSec VPN settings. Session Monitor ZyWALL USG 100/200 Series User’s Guide FUNCTION Use this screen to see information about all of the ZyWALL’s interfaces and their connection status.
- Page 70 Use these screens to configure (the new) active-passive mode device HA. Use these screens to use legacy mode device HA with other ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. ZyWALL USG 100/200 Series User’s Guide...
- Page 71 Speed TELNET SNMP Dial-in Mgmt. ZyWALL USG 100/200 Series User’s Guide FUNCTION Use this screen to create and manage users. Use this screen to create and manage groups of users. Use this screen to manage default settings for all users, general settings for user sessions, and rules to force user authentication.
-
Page 72: Main Window
Use this screen to configure where and how to send daily reports and what reports to send. Use this screen to have the ZyWALL collect diagnostic information. Use this screen to restart the ZyWALL. ZyWALL USG 100/200 Series User’s Guide Chapter 7 on page 171 for more... -
Page 73: Figure 14 Warning Messages
Figure 15 CLI Messages Click Change Display Style to show or hide the index numbers for the commands (the commands are more convenient to copy and paste without the index numbers). ZyWALL USG 100/200 Series User’s Guide Chapter 3 Web Configurator... - Page 74 Click Refresh Now to update the screen. For example, if you just enabled a particular feature, you can look at the commands the web configurator generated to enable it. Close the popup window when you are done with it. See the Command Reference Guide for information about the commands. ZyWALL USG 100/200 Series User’s Guide...
-
Page 75: Wizard Setup
This wizard creates matching ISP account settings in the ZyWALL if you use PPPoE or PPTP. This wizard also creates a WAN trunk. • VPN SETUP Use VPN SETUP to configure a VPN connection. See ZyWALL USG 100/200 Series User’s Guide Wizard Setup o open the Wizard Setup Section 4.2 on page Section 4.5 on page... -
Page 76: Installation Setup, One Isp
ISP to know what to enter in each field. Leave a field blank if you don’t have that information. Enter the Internet access information exactly as your ISP gave it to you. Figure 17 Internet Access: Step 1 ZyWALL USG 100/200 Series User’s Guide... -
Page 77: Step 1 Internet Access
4.3.1 Ethernet: Auto IP Address Assignment If you select Auto as the IP Address Assignment in the previous screen, the following screen displays. Click Next to apply the configuration settings. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup... -
Page 78: Ethernet: Static Ip Address Assignment
91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. 4.3.2 Ethernet: Static IP Address Assignment If you select Static as the IP Address Assignment, the following screen displays. Section ZyWALL USG 100/200 Series User’s Guide... -
Page 79: Step 2 Internet Access Ethernet
The ZyWALL applies the configuration settings. 4.3.3 Step 2 Internet Access Ethernet You do not configure this screen if you selected Auto as the IP Address Assignment in the previous screen. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup... -
Page 80: Figure 20 Ethernet Encapsulation: Static: Finish
You can click Next and use the following screen to perform a basic registration (see Section 4.4 on page 91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. ZyWALL USG 100/200 Series User’s Guide... -
Page 81: Pppoe: Auto Ip Address Assignment
Next Click Next to continue. The ZyWALL applies the configuration settings. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 64 characters long. characters, and it can be up to 31 characters long. Chapter 4 Wizard Setup... -
Page 82: Pppoe: Static Ip Address Assignment
91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. 4.3.5 PPPoE: Static IP Address Assignment If you select Static as the IP Address Assignment, the following screen displays. Section ZyWALL USG 100/200 Series User’s Guide... -
Page 83: Figure 23 Pppoe Encapsulation: Static
The ZyWALL uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 64 characters long. -
Page 84: Step 2 Internet Access Pppoe
DNS Server: The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you specify here) to resolve domain names for VPN, DDNS and the time server. ZyWALL USG 100/200 Series User’s Guide... -
Page 85: Pptp: Auto Ip Address Assignment
Alternatively, click Close to exit the wizard. 4.3.7 PPTP: Auto IP Address Assignment If you select Auto as the IP Address Assignment in the previous screen, the following screen displays. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup Section... -
Page 86: Figure 25 Pptp Encapsulation: Auto
This field is optional and depends on the requirements of your DSL modem. You can use alphanumeric and -_ characters, and it can be up to 31 characters long. This displays the identity of the interface you configure to connect with your ISP. ZyWALL USG 100/200 Series User’s Guide... -
Page 87: Figure 26 Pptp Encapsulation: Auto: Finish
You can click Next and use the following screen to perform a basic registration (see 4.4 on page 91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup Section... -
Page 88: Pptp: Static Ip Address Assignment
Type the (static) IP address assigned to you by your ISP. Type the subnet mask assigned to you by your ISP (if given). Type the IP address of the PPTP server. ZyWALL USG 100/200 Series User’s Guide... -
Page 89: Step 2 Internet Access Pptp
For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your broadband modem or router. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup characters, and it can be up to 31 characters... -
Page 90: Step 4 Internet Access - Finish
You can click Next and use the following screen to perform a basic registration (see 4.4 on page 91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. Section ZyWALL USG 100/200 Series User’s Guide... -
Page 91: Device Registration
UserName Check ZyWALL USG 100/200 Series User’s Guide DESCRIPTION If you select existing myZyXEL.com account, only the User Name and Password fields are available. If you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL. -
Page 92: Installation Setup, Two Internet Service Providers
The trial period starts the day you activate the trial. Click Close to exit the wizard. Click Next to save your changes back to the ZyWALL and activate the selected services. Section 4.2 on page 76 ZyWALL USG 100/200 Series User’s Guide section. -
Page 93: Figure 31 Internet Access: Step 1: First Wan Interface
After you configure the First WAN Interface, you can configure the Second WAN Interface. Click Next to continue. Figure 32 Internet Access: Step 3: Second WAN Interface After you configure the Second WAN Interface, a summary of configuration settings display for both WAN interfaces. ZyWALL USG 100/200 Series User’s Guide... -
Page 94: Internet Access Wizard Setup Complete
Click VPN SETUP in the Wizard Setup Welcome screen following screen. Use it to select which type of VPN settings you want to configure. Section 4.4 on page 91). (Figure 16 on page 76) to open the ZyWALL USG 100/200 Series User’s Guide... -
Page 95: Vpn Wizards
The VPN connection can be to another ZLD-based ZyWALL or other IPSec devices. 4.7.1 VPN Express Wizard Click the Express radio button as shown in screen. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup Figure 34 on page 95 to display the following... -
Page 96: Vpn Express Wizard - Remote Gateway
(secure gateway). Use 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address and no domain name. ), or dashes (-), but the first ), or dashes (-), but the first character cannot be a ZyWALL USG 100/200 Series User’s Guide... -
Page 97: Vpn Express Wizard - Policy Setting
Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device. You can also specify a subnet. This must match the local IP address configured on the peer IPSec device. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup... -
Page 98: Vpn Express Wizard - Summary
4.8.2 VPN Express Wizard - Summary This summary of VPN tunnel settings is read-only. Name: Identifies the VPN gateway. Secure Gateway: IP address or domain name of the peer IPSec device. Pre-Shared Key: VPN tunnel password. ZyWALL USG 100/200 Series User’s Guide... -
Page 99: Vpn Express Wizard - Finish
You can click Next and use the following screen to perform a basic registration (see 4.4 on page 91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup Section... -
Page 100: Vpn Advanced Wizard
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a PYLD_MALFORMED (payload malformed) packet if the same pre-shared key is not used on both ends. Figure 34 on page 95 to display the following ), or dashes (-), but the first ZyWALL USG 100/200 Series User’s Guide... -
Page 101: Vpn Advanced Wizard - Remote Gateway
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Figure 40 VPN Advanced Wizard: Step 3 ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup ), or dashes (-), but the first character cannot be a... -
Page 102: Vpn Advanced Wizard - Phase 1
15 seconds, the ZyWALL sends a message to the remote IPSec server. If the remote IPSec server responds, the ZyWALL transmits the data. If the remote IPSec server does not respond, the ZyWALL shuts down the IKE SA. Click Next to continue. ZyWALL USG 100/200 Series User’s Guide... -
Page 103: Figure 41 Vpn Advanced Wizard: Step 4
4.8.6.1 Phase 2 Setting Phase 2 in an IKE uses the SA that was established in phase 1 to negotiate SAs for IPSec. Figure 41 VPN Advanced Wizard: Step 4 ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup... -
Page 104: Table 20 Vpn Advanced Wizard: Step 4
To specify IP addresses on a network by their subnet mask, type the subnet mask of the LAN behind the remote gateway. Select this if you want the ZyWALL to automatically renegotiate the IPSec SA when the SA life time expires. Click Next to continue. ZyWALL USG 100/200 Series User’s Guide... -
Page 105: Vpn Advanced Wizard - Phase 2
This is a pre-shared key identifying a communicating party during a phase 1 IKE negotiation. Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL. ZyWALL USG 100/200 Series User’s Guide Chapter 4 Wizard Setup... -
Page 106: Vpn Advanced Wizard - Summary
Copy and paste the Remote Gateway CLI commands into another ZLD-based ZyWALL’s command line interface. Click Save to save the VPN rule. 4.8.9 VPN Advanced Wizard - Finish Now you can use the VPN tunnel. ZyWALL USG 100/200 Series User’s Guide... -
Page 107: Figure 43 Vpn Wizard: Step 6: Advanced
You can click Next and use the following screen to perform a basic registration (see Section 4.4 on page 91). If you want to do a more detailed registration or manage your account details, click myZyXEL.com. Alternatively, click Close to exit the wizard. ZyWALL USG 100/200 Series User’s Guide... - Page 108 Chapter 4 Wizard Setup ZyWALL USG 100/200 Series User’s Guide...
-
Page 109: Configuration Basics
If you are in a screen that uses objects, you can also usually select Create Object to open a screen where you can configure a new object. For a list of common objects, see ZyWALL USG 100/200 Series User’s Guide Configuration Basics introduces the ZyWALL’s object-based configuration. -
Page 110: Zones, Interfaces, And Physical Ports
Port roles combine physical ports into interfaces called port groups. The physical port is where you connect a cable. In configuration, you use physical ports when configuring port roles. You use interfaces and zones in configuring other features. ZyWALL USG 100/200 Series User’s Guide LAN1 WLAN DMZ ext-wlan... -
Page 111: Default Interface And Zone Configuration
Table 23 ZyWALL USG 200 Default Port, Interface, and Zone Configuration PORT INTERFACE ZONE P1, P2 wan1, wan2 P4, P5 lan1 ext-wlan ZyWALL USG 100/200 Series User’s Guide IP ADDRESS AND DHCP SETTINGS DHCP clients None, DHCP server disabled LAN1 192.168.1.1, DHCP server enabled WLAN 10.59.0.1, DHCP server... -
Page 112: Terminology In The Zywall
VPN gateway VPN connection (VPN) concentrator ZYWALL FEATURE / TERM Virtual server Policy route ZyWALL USG 100/200 Series User’s Guide SUGGESTED USE WITH DEFAULT SETTINGS Connections to the Internet Protected LAN Wireless access points Public servers (such as web, e-mail... -
Page 113: Feature Configuration Overview
VPN tunnel before you can delete the VPN tunnel. Example: This provides a simple example to show you how to configure this feature. The example is usually based on the network topology in ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics ZYWALL FEATURE / SCREEN... -
Page 114: Interface
VPN > IPSec VPN; you can also use the VPN Setup Wizard, which handles most of the prerequisites for you. Interfaces, certificates (authentication), authentication methods (extended authentication), addresses (local network, remote network, NAT), to-ZyWALL firewall, firewall Policy routes, zones, L2TP VPN ZyWALL USG 100/200 Series User’s Guide... -
Page 115: Ssl Vpn
5.4.8 Device HA To increase network reliability, device HA lets a backup ZyWALL automatically take over if a master ZyWALL fails. Device HA MENU ITEM(S) ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics 125. 125. 415. for background information. A zone is a group of interfaces and... -
Page 116: Ddns
Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), addresses (source, destination), address groups (source, destination), schedules, services, service groups Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks, interfaces NAT: addresses (translated address), services and service groups (port triggering) ZyWALL USG 100/200 Series User’s Guide... -
Page 117: Static Routes
• Leave the Access field set to Allow and the Log field set to No. The ZyWALL checks the firewall rules in order. Make sure each rule is in the correct place in the sequence. ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics... -
Page 118: Application Patrol
AppPatrol Registration, zones, Schedules, users, user groups, addresses (source, destination), address groups (source, destination). These are only used as criteria in exceptions and conditions. Anti-X > AV Registration, zones Anti-X > IDP Registration, zones ZyWALL USG 100/200 Series User’s Guide... -
Page 119: Adp
PREREQUISITES 5.4.19 Virtual Server (Port Forwarding) Use this to change the address and/or port number of packets coming in from a specified interface. This is also known as port forwarding. ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics... -
Page 120: Http Redirect
The ZyWALL’s Application Layer Gateway (ALG) allows VoIP and FTP applications to go through NAT on the ZyWALL. You can also specify additional signaling port numbers. MENU ITEM(S) Network > Virtual Server Interfaces, addresses (HOST) Network > HTTP Redirect Interfaces Network > ALG ZyWALL USG 100/200 Series User’s Guide... -
Page 121: Objects
Object > User/Group MENU ITEM(S) Addresses, address groups, schedules. The prerequisites are only used in PREREQUISITES policies to force user authentication ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics for details on users and user groups. -
Page 122: System Management And Maintenance
Policy routes, firewall, application patrol, content filter, user groups, VPN, WLAN System > DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM, Language To-ZyWALL firewall, zones, addresses, address groups, certificates (WWW, SSH, FTP, Vantage CNM), authentication methods (WWW) Maintenance > File Manager ZyWALL USG 100/200 Series User’s Guide... -
Page 123: Licensing Registration
Maintenance > Log, Report MENU ITEM(S) 5.6.6 Diagnostics The ZyWALL can generate a file containing the ZyWALL’s configuration and diagnostic information. Maintenance > Diagnostics MENU ITEM(S) ZyWALL USG 100/200 Series User’s Guide Chapter 5 Configuration Basics... - Page 124 Chapter 5 Configuration Basics ZyWALL USG 100/200 Series User’s Guide...
-
Page 125: Tutorials
Figure 46 Port Role and Ethernet Interface Configuration Example 6.1.1 How to Configure a WAN Ethernet Interface You need to assign the ZyWALL’s WAN2 a static IP address of 1.2.3.4. ZyWALL USG 100/200 Series User’s Guide for an example of configuring L2TP. Section 5.2.2 on page 111 for the default configuration). -
Page 126: How To Configure The Opt Interface For A Local Network
1 Click Network > Interface > Ethernet and the opt interface’s Edit icon. Set the IP Address to 192.168.4.1 and the Subnet Mask to 255.255.255.0. Zone to WAN and select Get Automatically as shown next. Then click More Settings. ZyWALL USG 100/200 Series User’s Guide... -
Page 127: Figure 48 Network > Interface > Ethernet > Edit Opt
Chapter 6 Tutorials Figure 48 Network > Interface > Ethernet > Edit opt 2 Set DHCP to DHCP Server and click OK. ZyWALL USG 100/200 Series User’s Guide... -
Page 128: How To Configure Port Roles
Here is how to remove port P6 from the ext-wlan interface and add it to the dmz interface. 1 Click Network > Interface > Port Role. 2 Under P6 select the dmz (DMZ) radio button and click Apply. Figure 50 Network > Interface > Port Roles (Configured) ZyWALL USG 100/200 Series User’s Guide... -
Page 129: How To Configure A Cellular Interface
3G service provider (0000 in this example). In Related Setting, keep Add this interface to Trunk to allow WAN load balance selected. Click OK. ZyWALL USG 100/200 Series User’s Guide Table 267 on page 749 lists the compatible 3G devices. In... -
Page 130: Figure 52 Network > Interface > Cellular > Edit
Figure 52 Network > Interface > Cellular > Edit 5 Go to the Status screen. The Interface Status Summary section should contain a “cellular” entry. When its connection status is “Connected” you can use the 3G connection to access the Internet. ZyWALL USG 100/200 Series User’s Guide... -
Page 131: How To Set Up A Wlan Interface
WPA or WPA2 instead of needing an external RADIUS server. For each WLAN user, set up a user account containing the user name and password the WLAN user needs to enter to connect to the wireless LAN. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials Chapter 11 on page 269. -
Page 132: How To Create The Wlan Interface
Method. The ZyWALL can use its default authentication method (the local user database) and its default certificate to authenticate the users. Configure the interface’s IP address and set it to DHCP Server. Click OK. ZyWALL USG 100/200 Series User’s Guide... -
Page 133: Figure 55 Network > Interface > Wlan > Add (Wpa/Wpa2 Security)
Chapter 6 Tutorials Figure 55 Network > Interface > WLAN > Add (WPA/WPA2 Security) Turn on the wireless LAN and click Apply. Figure 56 Network > Interface > WLAN ZyWALL USG 100/200 Series User’s Guide... -
Page 134: How To Set Up The Wireless Clients To Use The Wlan Interface
2 Add a new profile. This example uses “ZYXEL_WPA” as the name. It is also the SSID (name) of the wireless network. Select Infrastructure and click Next. Section 6.3.3.2 on page 137 instead for how to use ZyWALL USG 100/200 Series User’s Guide... -
Page 135: Figure 58 Zyxel Wireless Client > Profile
4 Set the encryption type to TKIP and the EAP type to TTLS. Configure wlan_user as the Login Name and enter the account’s password (also wlan_user in this example. In TTLS Protocol, select PAP. Click Next. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 136: Figure 60 Zyxel Wireless Client > Profile: Security Settings
5 Confirm your settings and click Save. Figure 61 ZyXEL Wireless Client > Profile: Save 6 Click Activate Now. Figure 62 ZyXEL Wireless Client > Profile: Activate 7 The ZYXEL_WPA profile displays in your list of profiles. ZyWALL USG 100/200 Series User’s Guide... -
Page 137: Figure 63 Zyxel Wireless Client > Profile: Activate
2 Name the profile (this example uses ZYXEL_WPA). In the User Info tab, configure wlan_user as the Login name. In the Password sub-tab, select Prompt for long name and password. ZyWALL USG 100/200 Series User’s Guide 143. Chapter 6 Tutorials... -
Page 138: Figure 65 Odyssey Access Client Manager > Profiles > User Info
Figure 65 Odyssey Access Client Manager > Profiles > User Info 3 Click the Authentication tab and select Validate server certificate. Figure 66 Odyssey Access Client Manager > Profiles > Authentication 4 Click the TTLS tab and select PAP. Then click OK. ZyWALL USG 100/200 Series User’s Guide... -
Page 139: Figure 67 Odyssey Access Client Manager > Profiles > Authentication
6 Enter the name of the wireless network (“ZYXEL_WPA” in this example) or click Scan to look for it. Then select Authenticate using profile and select the profile you configured (“ZYXEL_WPA” in this example). Click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 140: Figure 69 Odyssey Access Client Manager > Networks > Add
1 In Internet Explorer, click Tools > Internet Options > Content and click the Certificates button. Figure 70 Internet Explorer: Tools > Internet Options > Content Section 41.2.2 on page ZyWALL USG 100/200 Series User’s Guide 646) -
Page 141: Figure 71 Internet Explorer: Tools > Internet Options > Content > Certificates
Type setting to All Files in order to see the certificate file. Figure 72 Internet Explorer Certificate Import Wizard File Open Screen 4 When you get to the Certificate Store screen, you can just leave it at the default setting. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 142: Figure 73 Internet Explorer Certificate Import Wizard Certificate Store Screen
Trusted Root Certification Authorities tab. The values in the Issued To and Issued By fields should match those in the ZyWALL’s My Certificates screen’s Subject and Issuer fields (respectively). ZyWALL USG 100/200 Series User’s Guide... -
Page 143: Figure 75 Internet Explorer: Trusted Root Certification Authorities
6.3.3.4 How the Wireless Clients Use the WLAN Interface A login screen displays when the wireless client attempts to connect to the wireless interface. Enter the username and password and click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 144: How To Set Up An Ipsec Vpn
2 Give the VPN gateway a name (“VPN_GW_EXAMPLE”). For My Address, select Interface and wan1. For the Peer Gateway Address, select Static Address and enter 2.2.2.2 in field 1. For the Authentication, Select Pre-Shared Key and enter 12345678. Click OK. 2.2.2.2 1.2.3.4 ZyWALL USG 100/200 Series User’s Guide 172.16.1.0/24... -
Page 145: How To Set Up The Vpn Connection
4 Give the VPN connection a name (“VPN_CONN_EXAMPLE”). Under VPN Gateway select Static Site-to-site and the VPN gateway (VPN_GW_EXAMPLE). Under Policy, select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the remote. Click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 146: How To Set Up The Policy Route For The Vpn Tunnel
Figure 82 Network > Routing > Policy Route 2 Configure the policy route as shown next. This policy route applies to traffic from the LAN1 subnet. Use the VPN connection’s local and remote objects as the source address ZyWALL USG 100/200 Series User’s Guide... -
Page 147: How To Configure Security Policies For The Vpn Tunnel
UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). If you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should also allow UDP port 4500. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 148: How To Configure User-Aware Access Control
Set up the user groups and assign the users to the user groups. 1 Click Object > User/Group > Group. Click the Add icon. for more on bandwidth management. WEB SURFING WEB BANDWIDTH 200K 100K 100K Yes (M-F, 08:30~18:00) 100K ZyWALL USG 100/200 Series User’s Guide LAN1-TO-DMZ ACCESS... -
Page 149: How To Set Up User Authentication Using The Radius Server
3 Give the new authentication method object a descriptive name, and click the Add icon. Select group radius because the ZyWALL should use the specified RADIUS server for authentication. Click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials Table 31 on page... -
Page 150: How To Set Up Web Surfing Policies With Bandwidth Restrictions
Use application patrol (AppPatrol) to enforce the web surfing and MSN policies. You must have already subscribed for the application patrol service. You can subscribe using the Licensing > Registration screens or using one of the wizards. ZyWALL USG 100/200 Series User’s Guide... -
Page 151: Figure 90 Apppatrol > General
3 Click the Default policy’s Edit icon. Figure 92 AppPatrol > Common > http 4 Change the access to Drop because you do not want anyone except authorized user groups to browse the web. Click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 152: How To Set Up Msn Policies
1 Click Object > Schedule. Click the Add icon for recurring schedules. 2 Give the schedule a descriptive name. Set up the days (Monday through Friday) and the times (8:30 - 18:00) when Sales is allowed to use MSN. Click OK. ZyWALL USG 100/200 Series User’s Guide... -
Page 153: How To Set Up Firewall Rules
Click the Add icon next to it. Figure 96 Firewall > LAN1 to DMZ > Edit 2 Change the Access field to deny, and click OK. ZyWALL USG 100/200 Series User’s Guide Section 6.5.4 on page 150 to set up the appropriate policies for MSN... -
Page 154: How To Configure Load Balancing
As these connections have different bandwidth, you have decided to use the Weighted Round Robin algorithm and to send traffic to wan1 and wan2 in a 2:1 ratio. Figure 99 Trunk Example wan1: 1 Mbps wan2: 512 Kbps ZyWALL USG 100/200 Series User’s Guide... -
Page 155: How To Set Up Available Bandwidth On Ethernet Interfaces
1 Click Network > Interface > Trunk. Click the Edit icon next to WAN_TRUNK. 2 In the Load Balancing Algorithm field, select Weighted Round Robin. After the screen refreshes, enter 2 and 1 in the Weight column for wan1 and wan2, respectively. Click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 156: How To Configure Service Control
This example configures service control to block administrator HTTPS access from all zones except LAN1. 1 Click System > WWW. 2 In HTTPS Admin Service Control, click the Add icon. Chapter 43 on page 665 for more on service control. ZyWALL USG 100/200 Series User’s Guide... -
Page 157: Figure 102 System > Www
Figure 102 System > WWW 3 In the Zone field select LAN1 and click OK. Figure 103 System > WWW > Service Control Rule Edit 4 Click the new rule’s Add icon. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 158: Figure 104 System > Www (First Example Admin Service Rule Configured)
Figure 104 System > WWW (First Example Admin Service Rule Configured) 5 Set the Zone to ALL and set the Action to Deny. Click OK. Figure 105 System > WWW > Service Control Rule Edit 6 Click Apply. ZyWALL USG 100/200 Series User’s Guide... -
Page 159: How To Allow Incoming H.323 Peer-To-Peer Calls
(port forwarding) and firewall rules to have the ZyWALL forward H.323 traffic destined for WAN1 IP address 10.0.0.8 to a H.323 device located on LAN1 and using IP address 192.168.1.56. Figure 107 WAN to LAN1 H.323 Peer-to-peer Calls Example 192.168.1.56 ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials 10.0.0.8... -
Page 160: How To Turn On The Alg
1 Use Object > Address > Add to create address objects for the private and public IP addresses (WAN_IP-for-H323 and LAN_H323) as shown next. Figure 109 Create Address Objects 2 Click Network > Virtual Server > Add. 3 Configure the screen as follows and click OK. ZyWALL USG 100/200 Series User’s Guide... -
Page 161: How To Set Up A Firewall Rule For H.323
Figure 111 Firewall: WAN to LAN 1 3 Configure the screen as follows and click OK. LAN_H323 is the destination because the ZyWALL applies the virtual server to traffic before applying the firewall rule. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials... -
Page 162: How To Use Device Ha
Here is an example of using device HA (High Availability) to backup ZyWALL A (the master) with ZyWALL B. ZyWALL B automatically takes over all of A’s functions if A fails or loses its lan1 or wan1 connection. ZyWALL USG 100/200 Series User’s Guide... -
Page 163: Before You Start
(in 6.9.2 How to Configure Device HA on the Master ZyWALL 1 Log into ZyWALL A (the master ) and click Device HA > Active-Passive Mode. Click lan1’s Edit icon. ZyWALL USG 100/200 Series User’s Guide 192.168.1.1 1.1.1.1 192.168.1.1 1.1.1.1... -
Page 164: Figure 117 Device Ha > Active-Passive Mode > Edit: Master Zywall Example
Enter a Synchronization Password (“mySyncPassword” in this example) and click Apply. Figure 118 Device HA > Active-Passive Mode: Master ZyWALL Example 4 Click the General tab. Turn on device HA and click Apply. ZyWALL USG 100/200 Series User’s Guide... -
Page 165: How To Configure The Backup Zywall
4 Set the Device Role to Backup. Turn on monitoring for the wan1 and lan1 interfaces. Set the Synchronization Server Address to 192.168.1.1, the Port to 21, and the Password to “mySyncPassword”. Select Auto Synchronize and set the Interval to 60. Click Apply. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials Chapter 8... -
Page 166: How To Deploy The Backup Zywall
6.9.5 How to Check Your Device HA Setup 1 To make sure ZyWALL B copied ZyWALL A’s settings, you can log into ZyWALL B’s management IP address (192.168.1.5) and check the configuration. You can use the ZyWALL USG 100/200 Series User’s Guide... -
Page 167: How To Allow Public Access To A Server
1 Create an address object named DMZ_HTTP for the HTTP server’s private IP address of 192.168.3.7. Figure 124 Creating the Address Object for the HTTP Server’s Private IP Address 2 Create an address object named WAN2_HTTP for the wan2 public IP address of 1.1.1.2. ZyWALL USG 100/200 Series User’s Guide Chapter 6 Tutorials 1.1.1.2... -
Page 168: How To Configure A Virtual Server
• Select Add corresponding Policy Route rule for NAT Loopback to allow local users to use a domain name to access the HTTP server. See for details. Figure 126 Creating the Virtual Server NAT 1:1 Example on page 313 for details. NAT Loopback Example on page 317 ZyWALL USG 100/200 Series User’s Guide... - Page 169 Now the public can go to IP address 1.1.1.2 to access the HTTP server. If a domain name is registered for IP address 1.1.1.2, users can just go to the domain name to access the web server. ZyWALL USG 100/200 Series User’s Guide...
- Page 170 Chapter 6 Tutorials ZyWALL USG 100/200 Series User’s Guide...
-
Page 171: Status
The Status screen displays when you log into the ZyWALL or click Status. Use this screen to look at the ZyWALL’s general device information, system status, system resource usage, licensed service status, and interface status. ZyWALL USG 100/200 Series User’s Guide Section 7.2 on page 171) to see the ZyWALL’s general Section 7.2.4 on page... -
Page 172: Figure 127 Status
Click the icon to open the screen where you can upload firmware. System Status System Uptime This field displays how long the ZyWALL has been running since it last restarted or was turned on. Section 44.3 on page 710. ZyWALL USG 100/200 Series User’s Guide Section 43.2 on page 666. - Page 173 If it displays 0 days, the license has expired. If the status is not Licensed, Remaining click this to open the screen where you can activate or extend the license. See days Section 8.2 on page ZyWALL USG 100/200 Series User’s Guide 178. 179. 180. 593.
- Page 174 Up - The WLAN card is inserted, the wireless LAN feature is enabled, and the interface is enabled and functioning. 186. 186. Table 64 on page 232 for the status that can ZyWALL USG 100/200 Series User’s Guide...
-
Page 175: The Cpu Usage Screen
7.2.1 The CPU Usage Screen Use this screen to look at a chart of the ZyWALL’s recent CPU usage. To access this screen, click CPU Usage in the Status screen. ZyWALL USG 100/200 Series User’s Guide Chapter 7 Status... -
Page 176: The Memory Usage Screen
Click this to update the information in the window right away. 7.2.2 The Memory Usage Screen Use this screen to look at a chart of the ZyWALL’s recent memory (RAM) usage. To access this screen, click Memory Usage in the Status screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 177: The Session Usage Screen
7.2.3 The Session Usage Screen Use this screen to look at a chart of the ZyWALL’s recent traffic session usage. To access this screen, click Session Usage in the Status screen. ZyWALL USG 100/200 Series User’s Guide Chapter 7 Status... -
Page 178: The Vpn Status Screen
Click this to update the information in the window right away. 7.2.4 The VPN Status Screen Use this screen to look at the VPN tunnels that are currently established. To access this screen, click VPN Status in the Status screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 179: The Dhcp Table Screen
Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this screen, click the icon beside DHCP Table in the Status screen. Figure 132 Status > DHCP Table ZyWALL USG 100/200 Series User’s Guide Chapter 7 Status... -
Page 180: The Port Statistics Screen
7.2.6 The Port Statistics Screen Use this screen to look at packet statistics for each Gigabit Ethernet port. To access this screen, click Port Statistics in the Status screen. Figure 133 Status > Port Statistics ZyWALL USG 100/200 Series User’s Guide... -
Page 181: The Port Statistics Graph Screen
Use this screen to look at a line graph of packet statistics for each physical port. To access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button. ZyWALL USG 100/200 Series User’s Guide Chapter 7 Status... -
Page 182: The Current Users Screen
7.2.8 The Current Users Screen Use this screen to look at a list of the users currently logged into the ZyWALL. To access this screen, click the Number of Login Users Detail icon in the Status screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 183: The Cellular Status Detail Screen
This shows to which slot the card is connected. Service Provider This displays the name of your network service provider or Limited Service when the signal strength is too low. ZyWALL USG 100/200 Series User’s Guide Chapter 7 Status Chapter 35 on page 593. - Page 184 (Subscriber Identity Module) card. The SIM card is installed in a mobile device and used for authenticating a customer to the carrier network. IMSI is a unique 15-digit number used to identify a user on a network. ZyWALL USG 100/200 Series User’s Guide...
-
Page 185: Registration
ZyWALL’s serial number and LAN MAC address to register it. Refer to the web site’s on- line help for details. To activate a service on a ZyWALL, you need to access myZyXEL.com via that ZyWALL. ZyWALL USG 100/200 Series User’s Guide Registration Section 8.2 on page 186) to register your ZyWALL with Section 8.3 on page... -
Page 186: The Registration Screen
8.2 The Registration Screen Use this screen to register your ZyWALL with myZyXEL.com and activate a service, such as content filtering. Click Licensing > Registration in the navigation panel to open the screen as shown next. ZyWALL USG 100/200 Series User’s Guide... -
Page 187: Figure 137 Licensing > Registration
Confirm Password E-Mail Address Country Code Trial Service Activation ZyWALL USG 100/200 Series User’s Guide DESCRIPTION If you select existing myZyXEL.com account, only the User Name and Password fields are available. If you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL. -
Page 188: Figure 138 Licensing > Registration: Registered Device
You can have the ZyWALL block, block and/or log access to web sites based on these categories. Click Apply to save your changes back to the ZyWALL. ZyWALL USG 100/200 Series User’s Guide (http://... -
Page 189: The Service Screen
Count License Upgrade License Key Service License Refresh ZyWALL USG 100/200 Series User’s Guide DESCRIPTION This lists the services that available on the ZyWALL. This field displays whether a service is activated (Licensed) or not (Not Licensed) or expired (Expired). - Page 190 Chapter 8 Registration ZyWALL USG 100/200 Series User’s Guide...
-
Page 191: Signature Update
The ZyWALL does not have to reboot when you upload new signatures. 9.2 The Antivirus Update Screen Click Licensing > Update > Anti-Virus to display the following screen. ZyWALL USG 100/200 Series User’s Guide Signature Update (Section 9.2 on page Chapter 28 on page 469 for details on anti-virus. -
Page 192: Figure 140 Licensing > Update >Anti-Virus
Select this option to have the ZyWALL check for new signatures once a week on the day and at the time specified. Apply Click this button to save your changes to the ZyWALL. Reset Click this button to return the screen to its last-saved settings. ZyWALL USG 100/200 Series User’s Guide... -
Page 193: The Idp/Apppatrol Update Screen
You should select a time when your network is not busy for minimal interruption. Hourly Select this option to have the ZyWALL check for new IDP signatures every hour. ZyWALL USG 100/200 Series User’s Guide Chapter 9 Signature Update... -
Page 194: The System Protect Update Screen
IDP feature. The system-protection feature is enabled by default and can only be disabled via the commands. You do not need an IDP subscription to use the system-protection feature or to download updated system-protection signatures. ZyWALL USG 100/200 Series User’s Guide... -
Page 195: Figure 144 Licensing > Update > System Protect
Apply Click this button to save your changes to the ZyWALL. Reset Click this button to return the screen to its last-saved settings. ZyWALL USG 100/200 Series User’s Guide Chapter 9 Signature Update... -
Page 196: Figure 145 Downloading System Protect Signatures
Chapter 9 Signature Update Figure 145 Downloading System Protect Signatures Figure 146 Successful System Protect Signature Download ZyWALL USG 100/200 Series User’s Guide... -
Page 197: Network
Network Interface (199) Trunks (269) Policy and Static Routes (277) Routing Protocols (287) Zones (299) DDNS (303) Virtual Servers (309) HTTP Redirect (321) ALG (325) -
Page 199: Interface
Ethernet interfaces to tell the ZyWALL where to route packets. You can create virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Use the Trunks screens ZyWALL USG 100/200 Series User’s Guide (Section 10.2 on page 202) to see all of the ZyWALL’s interfaces (Section 10.3 on page... -
Page 200: What You Need To Know About Interfaces
• The auxiliary interface, along with an external modem, provides an interface the ZyWALL can use to dial out. This interface can be used as a backup WAN interface, for example. The auxiliary interface controls the AUX port. • Trunks manage load balancing between interfaces. ZyWALL USG 100/200 Series User’s Guide... -
Page 201: Table 46 Ethernet, Vlan, Bridge, Ppp, And Virtual Interfaces Characteristics
Table 47 Relationships Between Different Types of Interfaces INTERFACE auxiliary interface port group Ethernet interface VLAN interface bridge interface ZyWALL USG 100/200 Series User’s Guide Section 10.14 on page 261 ETHERNET ETHERNET ETHERNET wan1, wan2 lan1, ext- wlan, dmz REQUIRED PORT / INTERFACE auxiliary port... -
Page 202: The Interface Status Screen
Ethernet interfaces and port for an example of configuring a cellular (3G) interface. for an example of configuring a WLAN interface. to configure load balancing using trunks. ZyWALL USG 100/200 Series User’s Guide... -
Page 203: Figure 147 Network > Interface > Status
This field displays the name of each interface. If there is a Expand icon (plus-sign) next to the name, click this to look at the status of virtual interfaces on top of this interface. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... - Page 204 Connected - The PPPoE/PPTP interface is connected. Disconnected - The PPPoE/PPTP interface is not connected. Inactive - The PPPoE/PPTP interface is disabled. Up - The WLAN interface is enabled. Down - The WLAN interface is disabled. ZyWALL USG 100/200 Series User’s Guide...
-
Page 205: The Port Role Screen
ZyWALL's lan1, ext-wlan, or dmz IP address. 2 Use the appropriate lan1, ext-wlan, or dmz IP address to access the ZyWALL. Figure 148 Network > Interface > Port Role ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface Physical Ports... -
Page 206: The Ethernet Summary Screen
Click this button to save your changes and apply them to the ZyWALL. Click this button to change the port groups to their current configuration (last- saved values). Section 10.3 on page 205), the Ethernet interface is effectively for background information about these routing protocols. ZyWALL USG 100/200 Series User’s Guide... -
Page 207: The Ethernet Edit Screen
The OPT interface’s Edit > Configuration screen is shown here as an example. The screens for other interfaces are similar and contain a subset to the OPT interface screen’s fields. ZyWALL USG 100/200 Series User’s Guide Section 10.15 on page 263. - Page 208 • Select in which direction(s) routing information is exchanged - The ZyWALL can receive routing information, send routing information, or do both. • Set the priority used to identify the DR or BDR if one does not exist. ZyWALL USG 100/200 Series User’s Guide...
-
Page 209: Figure 150 Network > Interface > Ethernet > Edit (Opt)
Chapter 10 Interface Figure 150 Network > Interface > Ethernet > Edit (Opt) ZyWALL USG 100/200 Series User’s Guide... -
Page 210: Table 51 Network > Interface > Ethernet > Edit
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. This setting is used in WAN load balancing and bandwidth management. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60... - Page 211 This option is available for the LAN and DMZ interfaces. Click this link to lan1 Policy automatically configure a policy route to allow traffic that comes in through the Route for WAN LAN or DMZ interface to go out through the WAN. access. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface...
- Page 212 Address, manually specifying a MAC address, or cloning the MAC address of another device or computer. Select this option to have the interface use the factory assigned default MAC address. By default, the ZyWALL uses the factory assigned MAC address to identify itself. ZyWALL USG 100/200 Series User’s Guide...
- Page 213 DHCP clients. The WINS server keeps a mapping WINS Server table of the computer names on your network and the IP addresses that they are currently using. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface...
-
Page 214: Interface Wizards
OK in this screen to save your changes. Click OK to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving. Section 10.5.1 on page Section 10.5.2 on page 215. ZyWALL USG 100/200 Series User’s Guide 214. -
Page 215: Interface Wizard: Wan Type
This screen displays if you choose to not use the OPT interface for an Internet connection. Configure the OPT interface as an interface for a local network (similar to a LAN or DMZ interface). ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface Section 10.5.2 on page Section 10.5.3 on page... -
Page 216: Interface Wizard: Wan Zone And Ip Address Assignment
10.5.4 Interface Wizard: WAN Zone and IP Address Assignment Use this screen to select to which zone the interface belongs and whether is should use a fixed or dynamic IP address. Section 10.5.6 on page 219. ZyWALL USG 100/200 Series User’s Guide... -
Page 217: Interface Wizard: Wan Isp Connection Settings
10.5.5 Interface Wizard: WAN ISP Connection Settings Use this screen to configure the ISP and WAN interface settings. Figure 156 Interface Wizard: WAN ISP Connection Settings (PPTP, Static IP Shown) ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface Section 10.5.5 on page 217... -
Page 218: Table 56 Interface Wizard: Wan Isp Connection Settings
Back Click Back to return to the previous screen. Next Click Next to continue to @$./ characters, and it can be up to 31 characters long. Section 10.5.7 on page ZyWALL USG 100/200 Series User’s Guide 219. -
Page 219: Interface Wizard: Summary (Non-Wan)
WAN. WAN access Click OK to close the screen. 10.5.7 Interface Wizard: Summary (WAN) This screen displays the WAN interface’s settings. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 220: Figure 158 Interface Wizard: Summary Wan (Pptp Shown)
This shows whether or not the interface is part of the default WAN trunk for load to WAN_TRUNK balancing. for WAN load balance. Click OK to close the screen. @$./ characters, and it can be up to 31 characters long. ZyWALL USG 100/200 Series User’s Guide... -
Page 221: The Ppp Interfaces Screen
This field is a sequential value, and it is not associated with any interface. Name This field displays the name of the interface. Base Interface This field displays the interface on the top of which the PPPoE/PPTP interface ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 222: Ppp Interface Edit Screen
Dial-on-Demand PPPoE/PPTP interface. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. for details. ZyWALL USG 100/200 Series User’s Guide... -
Page 223: Figure 161 Network > Interface > Ppp > Edit > Configuration
For the OPT port, select to which zone this PPP interface belongs. For PPP interfaces on a WAN interface, this field is read-only. Base Interface This field is read-only and displays the name of the interface upon which this PPP interface is built. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... - Page 224 Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60...
- Page 225 Click this link to go to the screen where you can manually configure a policy route to associate traffic with this interface. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface...
-
Page 226: Cellular Configuration Screen (3G)
Only), also referred to as EV-DO, specification, is EVDO, or just EV, is an evolution of CDMA2000 1xRTT and enables high- speed wireless connectivity. It is also denoted as IS-856 or High Data Rate (HDR). ZyWALL USG 100/200 Series User’s Guide DATA SPEED Slow Fast... -
Page 227: Figure 162 Network > Interface > Cellular
Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide for details. Chapter 10 Interface... -
Page 228: Cellular Add/Edit Screen
To change your 3G settings, click Network > Interface > Cellular > Add (or Edit). In the pop-up window that displays, select the slot that you want to configure. The following screen displays. Figure 163 Interface > Cellular > Add ZyWALL USG 100/200 Series User’s Guide... -
Page 229: Table 63 Interface > Cellular > Add
None: No authentication for outgoing calls. CHAP - Your ZyWALL accepts CHAP requests only. PAP - Your ZyWALL accepts PAP requests only. SIM Card Setting ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60 ()+/:=?!*#@$_%- Chapter 10 Interface... - Page 230 Select this option to use the interface as part of a WAN trunk for load balancing. Click this link to go to the screen where you can manually configure a policy route to associate traffic with this interface. ZyWALL USG 100/200 Series User’s Guide...
-
Page 231: Cellular Status Screen
Click Cancel to exit this screen without saving. 10.8 Cellular Status Screen To check your 3G connection status, click Network > Interface > Cellular > Status. The following screen displays. Figure 164 Interface > Cellular > Status ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 232: Table 64 Interface > Cellular > Status
3G card you inserted and could be UMTS, UMTS/HSDPA, GPRS or EDGE when you insert a GSM 3G card, or 1xRTT, EVDO Rev.0 or EVDO Rev.A when you insert a CDMA 3G card. ZyWALL USG 100/200 Series User’s Guide... -
Page 233: Wlan Interface General Screen
Security stops unauthorized devices from using the wireless network and can protect the information that is sent in the wireless network. Click Network > Interface > WLAN to open the following screen. See for more details on wireless LANs. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface Appendix E on page... -
Page 234: Figure 166 Network > Interface > Wlan
APs. Select one of the following 100%, 50%, 25%, 12.5% or Minimum. See the product specifications for more information on your ZyWALL’s output power. This field is a sequential value, and it is not associated with any interface. ZyWALL USG 100/200 Series User’s Guide... -
Page 235: Wlan Add/Edit Screen
RADIUS server. With WPA or WPA2, users have to log into the wireless network before using it. This is called user authentication. WPA and WPA2 are also called the enterprise version of WPA). ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... - Page 236 Click Network > Interface > WLAN > Add (or Edit) to open the WLAN Edit screen. The screen varies according to the security features you select. It displays as shown next when you set the Security Type to none. ZyWALL USG 100/200 Series User’s Guide...
-
Page 237: Figure 167 Network > Interface > Wlan > Add (No Security)
Chapter 10 Interface Figure 167 Network > Interface > WLAN > Add (No Security) ZyWALL USG 100/200 Series User’s Guide... -
Page 238: Table 67 Network > Interface > Wlan > Add (No Security)
IP address is the same for all computers in the network. Click Advanced to display more settings. Click Basic to display fewer settings. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60... - Page 239 DHCP clients. The WINS server keeps a mapping table of WINS Server the computer names on your network and the IP addresses that they are currently using. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface...
-
Page 240: Figure 168 Network > Interface > Ethernet > Edit > Edit Static Dhcp Table
ZyWALL uses multicasting. Section 13.3 on page 289 for more information about OSPF. Select the area in which this interface belongs. Select None to disable OSPF in this interface. ZyWALL USG 100/200 Series User’s Guide... -
Page 241: Wlan Add/Edit Screen: Wep Security
To configure and enable WEP encryption, click Network > Interface > WLAN > Add (or Edit) to open the WLAN Edit screen. Select WEP as the Security Type. The following screen shows the WEP security fields. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 242: Wlan Add/Edit Screen: Wpa-Psk/Wpa2-Psk Security
Network > Interface > WLAN > Add (or Edit) to open the WLAN Edit screen. Select WPA-PSK or WPA2-PSK as the Security Type. The following screen shows the security fields. Figure 170 Network > Interface > WLAN > Add (WPA-PSK/WPA2-PSK Security) for information on the 802.1x fields. ZyWALL USG 100/200 Series User’s Guide... -
Page 243: Wlan Add/Edit Screen: Wpa/Wpa2 Security
WPA-Enterprise or WPA2-Enterprise as the Security Type. The following figure shows the security fields. Figure 171 Network > Interface > WLAN > Add (WPA/WPA2 Security) ZyWALL USG 100/200 Series User’s Guide reauthentication timer on the RADIUS server has priority. Chapter 10 Interface... -
Page 244: Table 70 Network > Interface > Wlan > Add (Wpa/Wpa2 Security)
Setting of the Group Key Update Timer is also supported in WPA-PSK mode. The ZyWALL default is 1800 seconds (30 minutes). for how to create authentication method objects. server, the reauthentication timer on the RADIUS server has priority. ZyWALL USG 100/200 Series User’s Guide Chapter... -
Page 245: Wlan Interface Mac Filter Screen
The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 246: Wlan Interface Station Monitor Screen
Table 73 Network > Interface > WLAN > Station Monitor LABEL DESCRIPTION Extension Select the location where the IEEE 802.11b/g is located. Slot Refresh Click this button to update the information in the screen. This is the index number of the MAC address. ZyWALL USG 100/200 Series User’s Guide... -
Page 247: Vlan Interface Screen
In this example, there are two physical networks and three departments A, B, and C. The physical networks are connected to hubs, and the hubs are connected to the router. Alternatively, you can divide the physical networks into three VLANs. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... -
Page 248: Figure 176 Example: After Vlan
VLAN interfaces, but it does not route traffic within a VLAN interface. All traffic for each VLAN interface can go through only one Ethernet interface, though each Ethernet interface can have one or more VLAN interfaces. ZyWALL USG 100/200 Series User’s Guide... -
Page 249: Configuring The Vlan Summary Screen
(DHCP). IP addresses are always static in virtual interfaces. Mask This field displays the interface’s subnet mask in dot decimal notation. ZyWALL USG 100/200 Series User’s Guide The Ethernet interface on which the VLAN interface is created. The VLAN ID. This field is blank for virtual interfaces. -
Page 250: Configuring The Vlan Add/Edit Screen
To activate or deactivate an interface, click the Active icon next to it. Make sure you click Apply to save and apply the change. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide Section... -
Page 251: Figure 178 Network > Interface > Vlan > Edit
Each field is explained in the following table. Table 75 Network > Interface > VLAN > Edit LABEL DESCRIPTION General Settings Enable Interface Select this to enable this interface. Clear this to disable this interface. Interface Properties ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface... - Page 252 If a larger packet arrives, the ZyWALL divides it into smaller fragments. Allowed values are 576 - 1500. Usually, this value is 1500. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60...
- Page 253 Enter the IP address of a DHCP server for the network. Relay Server 2 This field is optional. Enter the IP address of another DHCP server for the network. These fields appear if the ZyWALL is a DHCP Server. ZyWALL USG 100/200 Series User’s Guide Chapter 10 Interface...
-
Page 254: Figure 179 Network > Interface > Ethernet > Edit > Edit Static Dhcp Table
Note: You must click OK in the Static DHCP screen and then click OK in this screen to save your changes. Click OK to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving. ZyWALL USG 100/200 Series User’s Guide... -
Page 255: Bridge Interface Screen
0B:0B:0B:0B:0B:0B and port 4 in the table. It also looks up 0A:0A:0A:0A:0A:0A in the table and sends the packet to port 2 accordingly. Table 77 Example: Bridge Table After Computer B Responds to Computer A MAC ADDRESS 0A:0A:0A:0A:0A:0A 0B:0B:0B:0B:0B:0B ZyWALL USG 100/200 Series User’s Guide PORT PORT Chapter 10 Interface... -
Page 256: Configuring The Bridge Summary Screen
230.230.230.192/26 vlan0 241.241.241.241/32 vlan1 242.242.242.242/32 wan2 250.250.250.0/23 DESCRIPTION This field is a sequential value, and it is not associated with any interface. This field displays the name of the interface. ZyWALL USG 100/200 Series User’s Guide DESTINATION vlan0 wan2... -
Page 257: Configuring The Bridge Add/Edit Screen
To access this screen, click the Add icon at the top of the Add column in the Bridge Summary screen, or click an Edit icon in the Bridge Summary screen. The following screen appears. ZyWALL USG 100/200 Series User’s Guide 263. Chapter 10 Interface... -
Page 258: Figure 182 Network > Interface > Bridge > Add
Chapter 10 Interface Figure 182 Network > Interface > Bridge > Add ZyWALL USG 100/200 Series User’s Guide... -
Page 259: Table 80 Network > Interface > Bridge > Add
More Settings/Less Click this button to display a greater or lesser number of configuration fields. Settings ZyWALL USG 100/200 Series User’s Guide ()+/:=?!*#@$_%- There is a virtual interface on top of it It is already used in a different bridge interface... - Page 260 Custom Defined - enter a static IP address. From ISP - select the DNS server that another interface received from its DHCP server. ZyWALL - the ZyWALL uses the IP address of this interface and works as a DNS relay. ZyWALL USG 100/200 Series User’s Guide...
-
Page 261: Auxiliary Interface Screen
10.14 Auxiliary Interface Screen Use the auxiliary interface as a backup WAN interface or a way to access the ZyWALL for remote management. ZyWALL USG 100/200 Series User’s Guide click OK in this screen to save your changes. Chapter 10 Interface... -
Page 262: Figure 184 Network > Interface > Auxiliary
This field is read-only and displays the zone to which the auxiliary interface belongs. Enter a description of this interface. It is not used elsewhere. You can use alphanumeric and ()+/:=?!*#@$_%- characters long. ZyWALL USG 100/200 Series User’s Guide for more on using the characters, and it can be up to 60... -
Page 263: Virtual Interface Screen
Network policies (for example, firewall rules) that apply to the underlying interface automatically apply to the virtual interface as well. ZyWALL USG 100/200 Series User’s Guide Chapter 20 on page 351) and VRRP groups (see... -
Page 264: Figure 185 Network > Interface > Bridge > Add
Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network. ZyWALL USG 100/200 Series User’s Guide characters, and it can be up to 60... -
Page 265: Interface Technical Reference
DHCP clients. You have to assign the IP address and subnet mask manually. In general, the IP address and subnet mask of each interface should not overlap, though it is possible for this to happen with DHCP clients. ZyWALL USG 100/200 Series User’s Guide lan1 wan1 DESTINATION... -
Page 266: Table 84 Example: Routing Table Entry For A Gateway
(such as the IP addresses of DNS servers) on computers in the network. This reduces the amount of manual configuration you have to do and usually uses available IP addresses more efficiently. At the time of writing, the ZyWALL does not support ingress bandwidth management. DESTINATION 200.200.200.100 ZyWALL USG 100/200 Series User’s Guide... -
Page 267: Table 85 Example: Assigning Ip Addresses From A Pool
DHCP servers (for example, a DNS server at an ISP). These other interfaces have to be DHCP clients. It is not possible for an interface to be the DHCP server and a DHCP client simultaneously. ZyWALL USG 100/200 Series User’s Guide POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 - 50.50.50.37... - Page 268 2 The second one uses Generic Routing Encapsulation (GRE, RFC 2890) to transfer information between the computers. PPTP is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. ZyWALL USG 100/200 Series User’s Guide...
-
Page 269: Trunks
You can also use trunks with policy routing to send specific traffic types through the best WAN interface for that type of traffic. ZyWALL USG 100/200 Series User’s Guide (Section 11.2 on page 272) to configure link sticking and (Section 11.2.1 on page... -
Page 270: Figure 187 Link Sticking
ZyWALL refers to the actual bandwidth provided by the ISP and the measured bandwidth refers to the bandwidth an interface is currently using. In the load balancing section, a session may refer to normal connection-oriented, UDP and SNMP2 traffic. WAN2 ZyWALL USG 100/200 Series User’s Guide . The available bandwidth... -
Page 271: Figure 188 Least Load First Example
WAN1 and WAN2 to 2 and 1 respectively. The ZyWALL assigns the traffic of two sessions to WAN1 for every session's traffic assigned to WAN2. ZyWALL USG 100/200 Series User’s Guide LOAD BALANCING INDEX... -
Page 272: The Trunk Summary Screen
Trunk screens. for more background information on trunks. for an example of how to configure load balancing. ZyWALL USG 100/200 Series User’s Guide... -
Page 273: The Trunk Edit Screen
Click this button to return the screen to its last-saved settings. 11.2.1 The Trunk Edit Screen Click Network > Interface > Trunk and then the Edit icon to open the Trunk Edit screen. ZyWALL USG 100/200 Series User’s Guide Chapter 11 Trunks Link Sticking on page 270... -
Page 274: Figure 192 Network > Interface > Trunk > Edit
ZyWALL sends new session traffic through the next interface. The traffic of existing sessions still goes through the interface on which they started. The ZyWALL uses the group member interfaces in the order that they are listed. ZyWALL USG 100/200 Series User’s Guide... -
Page 275: Trunk Technical Reference
The next queue is given an equal amount of bandwidth, and then moves to the end of the list; and so on, depending on the number of queues being used. This works in a looping fashion until a queue is empty. ZyWALL USG 100/200 Series User’s Guide Chapter 11 Trunks... - Page 276 Chapter 11 Trunks ZyWALL USG 100/200 Series User’s Guide...
-
Page 277: Policy And Static Routes
You can generally just use policy routes. You only need to use static routes if you have a large network with multiple routers where you use RIP or OSPF to propagate routing information to other routers. ZyWALL USG 100/200 Series User’s Guide... -
Page 278: What You Can Do In The Policy And Static Route Screens
See RIP and OSPF. Section 12.2 on page 279) to list and configure policy Section 12.3 on page 283) to list and configure static Chapter 13 on page 287 ZyWALL USG 100/200 Series User’s Guide for more on... -
Page 279: Policy Route Screen
IPPR follows the existing packet filtering facility of RAS in style and in implementation. Figure 194 Network > Routing > Policy Route ZyWALL USG 100/200 Series User’s Guide Chapter 12 Policy and Static Routes for related information on the policy route screens. -
Page 280: Table 89 Network > Routing > Policy Route
The ordering of your rules is important as they are applied in order of their numbering. Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... -
Page 281: Policy Route Edit Screen
Address, the ZyWALL uses the local network of the peer router that initiated an incoming dynamic IPSec tunnel as the destination address of the policy instead of your configuration here. ZyWALL USG 100/200 Series User’s Guide Chapter 12 Policy and Static Routes for an example of NAT loopback. - Page 282 This is the rule index number. for details). none means the route is active at all times if enabled. Section 37.2.1 on page 615 before using a port triggering rule. ZyWALL USG 100/200 Series User’s Guide Chapter 38 for more...
-
Page 283: Ip Static Route Screen
Click Network > Routing > Static Route to open the Static Route screen. This screen displays the configured static routes. Configure static routes to be able to use RIP or OSPF to propagate the routing information to other routers. ZyWALL USG 100/200 Series User’s Guide Chapter 12 Policy and Static Routes... -
Page 284: Static Route Add/Edit Screen
If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID. Subnet Mask Enter the IP subnet mask here. ZyWALL USG 100/200 Series User’s Guide... -
Page 285: Policy Routing Technical Reference
When the ZyWALL receives a new connection (trigger service) from the remote server, the ZyWALL forwards the traffic to the IP address of the client computer that sent the request. In the following example, you configure two services for port triggering: ZyWALL USG 100/200 Series User’s Guide Chapter 12 Policy and Static Routes... -
Page 286: Figure 198 Trigger Port Forwarding Example
(as much as they require, if there is enough available bandwidth), and then to lower priority policy routes if there is still bandwidth available. The ZyWALL distributes the available bandwidth equally among policy routes with the same priority level. ZyWALL USG 100/200 Series User’s Guide... -
Page 287: Routing Protocols
Hop count Convergence Slow Finding Out More Section 13.4 on page 295 ZyWALL USG 100/200 Series User’s Guide Routing Protocols Section 5.5 on page 121 for related information on the RIP Section 13.2 on page 288) to configure the ZyWALL to use RIP Section 13.3 on page... -
Page 288: The Rip Screen
This field is available if the Authentication is Text. Type the password for text authentication. The key can consist of alphanumeric characters and the underscore, and it can be up to 8 characters long. ZyWALL USG 100/200 Series User’s Guide... -
Page 289: The Ospf Screen
IP address. There are several types of areas. • The backbone is the transit area that routes packets between other areas. All other areas are connected to the backbone. ZyWALL USG 100/200 Series User’s Guide Chapter 13 Routing Protocols... -
Page 290: Figure 200 Ospf: Types Of Areas
Each type is really just a different role, and it is possible for one router to play multiple roles at one time. • An internal router (IR) only exchanges routing information with other routers in the same area. ZyWALL USG 100/200 Series User’s Guide... -
Page 291: Figure 201 Ospf: Types Of Routers
In some OSPF AS, it is not possible for an area to be directly connected to the backbone. In this case, you can create a virtual link through an intermediate area to logically connect the area to the backbone. This is illustrated in the following example. ZyWALL USG 100/200 Series User’s Guide NSSA STUB... -
Page 292: Configuring The Ospf Screen
To access this screen, login to the web configurator. When the main screen appears, click once on Network > Routing > OSPF to open the following screen. Figure 203 Network > Routing > OSPF Section 10.4.1 on page 207. ZyWALL USG 100/200 Series User’s Guide... -
Page 293: Ospf Area Add/Edit Screen
OSPF summary screen (see either the Add icon or an Edit icon. ZyWALL USG 100/200 Series User’s Guide If you select this for RIP, the ZyWALL advertises routes learned from RIP to Normal and NSSA areas but not to Stub areas. -
Page 294: Figure 204 Network > Routing > Ospf > Edit
This field is a sequential value, and it is not associated with a specific area. Peer Router ID Type the 32-bit ID (in IP address format) of the other ABR in the virtual link. ZyWALL USG 100/200 Series User’s Guide... -
Page 295: Routing Protocol Technical Reference
255. The ZyWALL only accepts packets if these conditions are satisfied. • The packet’s authentication ID is the same as the authentication ID of the interface that received it. ZyWALL USG 100/200 Series User’s Guide Chapter 13 Routing Protocols... - Page 296 Alternatively, you can override the default in any interface or virtual link by selecting a specific authentication method. Please see the respective interface sections for more information. ZyWALL USG 100/200 Series User’s Guide...
- Page 297 Chapter 13 Routing Protocols ZyWALL USG 100/200 Series User’s Guide...
- Page 298 Chapter 13 Routing Protocols ZyWALL USG 100/200 Series User’s Guide...
-
Page 299: Zones
Virtual interfaces are automatically assigned to the same zone as the interface on which they run. Figure 205 Example: Zones 14.1.1 What You Can Do in the Zones Screens Use the Zone screens (see ZyWALL USG 100/200 Series User’s Guide Section 14.2 on page 300) to view and edit the ZyWALL’s zones. Zones... -
Page 300: What You Need To Know About Zones
299, traffic between VLAN 2 and the Ethernet is intra- 299, traffic between VLAN 1 and the Internet is inter-zone traffic. This Figure 205 on page 299, traffic to or from computer C is extra-zone for related information on these screens. ZyWALL USG 100/200 Series User’s Guide Figure... -
Page 301: The Zone Edit Screen
DESCRIPTION Name This is the name of the zone. Block Intra-zone Select this check box to block network traffic between members in the zone. Traffic ZyWALL USG 100/200 Series User’s Guide 300), and click an Edit icon. Chapter 14 Zones... - Page 302 You cannot remove a default member interface. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. ZyWALL USG 100/200 Series User’s Guide...
-
Page 303: Ddns
Basic, Premium No-IP No-IP Peanut Hull Peanut Hull ZyWALL USG 100/200 Series User’s Guide Section 15.2 on page 304) to view a list of the configured Section 15.2.1 on page 305) to add a domain name to Section 15.2 on page... -
Page 304: The Ddns Screen
-The DDNS server checks the source IP address of the packets from the ZyWALL for the IP address to use for the domain name. custom - The IP address is static. for related information on these screens. ZyWALL USG 100/200 Series User’s Guide... -
Page 305: The Dynamic Dns Add/Edit Screen
The DDNS Add/Edit screen allows you to add a domain name to the ZyWALL or to edit the configuration of an existing domain name. Click Network > DDNS and then an Add or Edit icon to open this screen. Figure 209 Network > DDNS > Add ZyWALL USG 100/200 Series User’s Guide Chapter 15 DDNS... -
Page 306: Table 102 Network > Ddns > Add
Select Any to let the domain name be used with any interface. Select None to not use a backup address. there is an HTTP proxy server between the ZyWALL and the DDNS server. ZyWALL USG 100/200 Series User’s Guide ), or... -
Page 307: The Ddns Status Screen
When the main screen appears, click Network > DDNS > Status. The following screen appears. ZyWALL USG 100/200 Series User’s Guide there is an HTTP proxy server between the ZyWALL and the DDNS server. -
Page 308: Figure 210 Network > Ddns > Status
Click this to have the ZyWALL update the profile to the DDNS server. The ZyWALL attempts to resolve the IP address for the domain name. Refresh Click this to update the information displayed in the screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 309: Virtual Servers
Virtual server is also known as port forwarding or port translation. The virtual server changes the destination address of packets. This is also known as Destination NAT (DNAT). ZyWALL USG 100/200 Series User’s Guide Virtual Servers Section 16.2 on page... -
Page 310: The Virtual Server Screen
NAT 1:1 mapping ZyWALL USG 100/200 Series User’s Guide... -
Page 311: The Virtual Server Add/Edit Screen
Select the interface on which packets for the virtual server must be received. It can Interface be an Ethernet, VLAN, bridge, or PPPoE/PPTP interface. ZyWALL USG 100/200 Series User’s Guide Chapter 16 Virtual Servers Section 16.2 on ), or dashes (-),... - Page 312 Or you can click Policy Route to go to the screens where you can manually mapping. configure a NAT 1:1 policy route for this virtual server. Appendix B on page 815 for some common port numbers. NAT 1:1 Example on page 313 for an example of NAT 1:1. ZyWALL USG 100/200 Series User’s Guide...
-
Page 313: Nat 1:1 And Nat Loopback Examples
The firewall is enabled, so you also need to create a rule to allow traffic in from the WAN zone. Figure 214 NAT 1:1 Example Network Topology LAN1 192.168.1.21 ZyWALL USG 100/200 Series User’s Guide NAT Loopback Example on page 317 for an example of NAT loopback. 1.1.1.1 Chapter 16 Virtual Servers... -
Page 314: Figure 215 Create Address Objects
This section sets up a virtual server rule that changes the destination of SMTP traffic coming to IP address 1.1.1.1 at the ZyWALL’s wan2 interface, to the LAN1 SMTP server’s IP address (192.168.1.21). This is also called Destination NAT (DNAT) ZyWALL USG 100/200 Series User’s Guide... -
Page 315: Figure 217 Nat 1:1 Example Virtual Server
This section sets up a policy route for the traffic coming from the LAN1 SMTP server to the ZyWALL’s lan1 interface. It changes the source address from 192.168.1.21 to 1.1.1.1. This is also called Source NAT (SNAT). It sends the traffic out through the wan2 interface. ZyWALL USG 100/200 Series User’s Guide Destination 1.1.1.1 Destination 192.168.1.21... -
Page 316: Figure 219 Nat 1:1 Example Policy Route
Create a firewall rule to allow access from the WAN zone to the mail server in the LAN1 zone. Be careful of where you create the rule as firewall rules are ordered in descending priority. Source 192.168.1.1 Source 1.1.1.1 SMTP ZyWALL USG 100/200 Series User’s Guide SMTP... -
Page 317: Figure 221 Create A Firewall Rule
SMTP.com in this example) from a public DNS server and gets the SMTP server’s 1-1 NAT mapped public IP address of 1.1.1.1. ZyWALL USG 100/200 Series User’s Guide maps a public IP address to the private IP address of a xxx.LAN-SMTP.com = 1.1.1.1... -
Page 318: Figure 223 Nat Loopback Virtual Server
192.168.1.21). In this example the SMTP server also uses port 25, so the Mapped Port is set to 25. Figure 224 Create a Virtual Server 1.1.1.1 Destination 1.1.1.1 192.168.1.21 192.168.1.89 NAT 1:1 Virtual Server on page ZyWALL USG 100/200 Series User’s Guide SMTP 314, except you... -
Page 319: Figure 225 Triangle Route
NAT to traffic sent from LAN1 to the SMTP server. Even if the packets go through the ZyWALL, they only undergo layer 2 switching, not NAT. ZyWALL USG 100/200 Series User’s Guide . This creates a triangle route since the source does not Source 192.168.1.21... -
Page 320: Figure 227 Create A Policy Route
(1.1.1.1) and the LAN1 user can use the LAN1 SMTP server. Figure 228 NAT Loopback Successful Source 192.168.1.21 Source 1.1.1.1 SMTP SMTP LAN1 192.168.1.21 192.168.1.89 ZyWALL USG 100/200 Series User’s Guide... -
Page 321: Http Redirect
Figure 229 HTTP Redirect Example 17.1.1 What You Can Do in the HTTP Redirect Screens Use the HTTP Redirect screens (see redirect rules. ZyWALL USG 100/200 Series User’s Guide HTTP Redirect Section 17.2 on page 322) to display and edit the HTTP... -
Page 322: What You Need To Know About Http Redirect
To configure redirection of a HTTP request to a proxy server, click Network > HTTP Redirect. This screen displays the summary of the HTTP redirect rules. Figure 229 on page 321 for related information on these screens. ZyWALL USG 100/200 Series User’s Guide work, make sure... -
Page 323: The Http Redirect Edit Screen
Click Network > HTTP Redirect to open the HTTP Redirect screen. Then click the Add or Edit icon to open the HTTP Redirect Edit screen where you can configure the rule. Figure 231 Network > HTTP Redirect > Edit ZyWALL USG 100/200 Series User’s Guide Chapter 17 HTTP Redirect... -
Page 324: Table 107 Network > Http Redirect > Edit
Enter the port number that the proxy server uses. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. ), or dashes (-), but the first character cannot be a number. This ZyWALL USG 100/200 Series User’s Guide... -
Page 325: Alg
The ZyWALL only needs to use the ALG feature for traffic that goes through the ZyWALL’s NAT. 18.1.1 What You Can Do in the ALG Screen Use the ALG screen (Section 18.2 on page ZyWALL USG 100/200 Series User’s Guide 328) to set up SIP, H.323, and FTP ALG settings. -
Page 326: What You Need To Know About Alg
• The SIP ALG supports peer-to-peer SIP calls. The firewall (by default) allows peer to peer calls from the LAN zone to go to the WAN zone and blocks peer to peer calls from the WAN zone to the LAN zone. ZyWALL USG 100/200 Series User’s Guide... -
Page 327: Figure 234 Voip Calls From The Wan With Multiple Outgoing Calls
LAN or DMZ IP addresses go out through the same WAN IP address that calls come in on. The policy routing lets the ZyWALL correctly forward the return traffic for the calls initiated from the LAN IP addresses. ZyWALL USG 100/200 Series User’s Guide Chapter 18 ALG... -
Page 328: Before You Begin
If the ZyWALL provides an ALG for a service, you must enable the ALG in order to perform bandwidth management on that service’s traffic. for related information on these screens. for a tutorial showing how to use the ALG for peer-to-peer for ALG background/technical information. ZyWALL USG 100/200 Series User’s Guide... -
Page 329: Figure 236 Network > Alg
If you are using a custom TCP port number (not 1720) for H.323 traffic, enter it here. Port Additional H.323 If you are also using H.323 on an additional TCP port number, enter it here. Signaling port transformations ZyWALL USG 100/200 Series User’s Guide Chapter 18 ALG... -
Page 330: Alg Technical Reference
File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files. ZyWALL USG 100/200 Series User’s Guide... - Page 331 When you make a VoIP call using H.323 or SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP. ZyWALL USG 100/200 Series User’s Guide Chapter 18 ALG...
- Page 332 Chapter 18 ALG ZyWALL USG 100/200 Series User’s Guide...
-
Page 333: Firewall
Firewall Firewall (335) -
Page 335: Firewall
• Use the Firewall Edit screen (see rule. ZyWALL USG 100/200 Series User’s Guide 443) to control services using flexible/dynamic port numbers. (Section 19.2 on page 343) to enable or disable the firewall and Section 19.2.2 on page... -
Page 336: What You Need To Know About The Firewall
Traffic from the DMZ to LAN1 is dropped. Traffic from the DMZ to the WAN is allowed. Traffic from the DMZ to the WLAN is dropped. Traffic between interfaces in the DMZ is dropped. ZyWALL USG 100/200 Series User’s Guide... - Page 337 To use a service, make sure both the firewall and application patrol allow the service’s packets to go through the ZyWALL. The ZyWALL checks the firewall rules before the application patrol rules for traffic going through the ZyWALL. ZyWALL USG 100/200 Series User’s Guide Chapter 19 Firewall Chapter 43 on page 665...
-
Page 338: Firewall Rule Example Applications
Firewall screens. for an example of creating firewall rules as part of (Section 6.5 on page for an example of creating a firewall rule to allow H.323 SOURCE DESTINATION SCHEDULE ZyWALL USG 100/200 Series User’s Guide 148). SERVICE ACTION Deny Allow... -
Page 339: Figure 239 Limited Lan To Wan Irc Traffic Example
• The first row allows the LAN1 computer at IP address 192.168.1.7 to access the IRC service on the WAN. • The second row blocks LAN access to the IRC service on the WAN. ZyWALL USG 100/200 Series User’s Guide for information on DHCP). DESTINATION SCHEDULE... -
Page 340: Firewall Rule Configuration Example
Remember the sequence (priority) of the rules is important since they are applied in order. SOURCE DESTINATION SCHEDULE ) in the heading row to configure a new first ) in an entry to add a rule below the ZyWALL USG 100/200 Series User’s Guide SERVICE ACTION Allow Deny Allow... -
Page 341: Figure 240 Firewall Example: Select The Traveling Direction Of Traffic
Figure 242 Firewall Example: Create an Address Object 4 Select Create Object in the Service drop-down list box. 5 The screen for configuring a service object opens. Configure it as follows and click OK. ZyWALL USG 100/200 Series User’s Guide Chapter 19 Firewall... -
Page 342: Figure 243 Firewall Example: Create A Service Object
Service. Enter a description and configure the rest of the screen as follows. Click OK when you are done. Figure 244 Firewall Example: Edit a Firewall Rule 8 The firewall rule appears in the firewall rule summary. Figure 245 Firewall Example: MyService Example Rule in Summary ZyWALL USG 100/200 Series User’s Guide... -
Page 343: The Firewall Screen
Note the following. • If you enable intra-zone traffic blocking (see the chapter about zones), the firewall automatically creates (implicit) rules to deny packet passage between the interfaces in the specified zone. ZyWALL USG 100/200 Series User’s Guide Chapter 19 Firewall... -
Page 344: Figure 247 Firewall
NAT sessions. directly to LAN1 without passing through the ZyWALL. A better solution is to use virtual interfaces to put the ZyWALL and the backup gateway on separate subnets. ZyWALL USG 100/200 Series User’s Guide Chapter 16 on... - Page 345 TCP reset packet to the sender (reject) or permits the passage of packets (allow). This field shows you whether a log (and alert) is created when packets match this rule or not. ZyWALL USG 100/200 Series User’s Guide Chapter 19 Firewall...
-
Page 346: The Firewall Edit Screen
Select this check box to activate the firewall rule. From For through-ZyWALL rules, select the direction of travel of packets to which the rule applies. any means all interfaces or VPN tunnels. ZyWALL means packets destined for the ZyWALL itself. ZyWALL USG 100/200 Series User’s Guide... - Page 347 Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. ZyWALL USG 100/200 Series User’s Guide Chapter 38 on page 619 Section 35.2.1 on page 596 the field below, the user’s IP address should be within the IP address range.
- Page 348 Chapter 19 Firewall ZyWALL USG 100/200 Series User’s Guide...
-
Page 349: Vpn
IPSec VPN (351) SSL VPN (385) SSL User Screens (395) SSL User Application Screens (401) SSL User File Sharing (403) L2TP VPN (409) L2TP VPN Example (415) -
Page 351: Ipsec Vpn
ZyWALL’s VPN gateways. A VPN gateway specifies the IPSec routers at either end of a VPN tunnel and the IKE SA settings (phase 1 settings). You can also activate and deactivate each VPN gateway. ZyWALL USG 100/200 Series User’s Guide IPSec VPN Section 20.2 on page 353) to specify which VPN Section 20.2.1 on page... -
Page 352: What You Need To Know About Ipsec Vpn
Section 20.4 on page 369) to combine several Section 20.5 on page 371) to display and manage the for related information on these screens. for IPSec VPN background information. for an example of configuring IPSec VPN. ZyWALL USG 100/200 Series User’s Guide... -
Page 353: The Vpn Connection Screen
VPN > IPSec VPN screens, you need to manually create a corresponding policy route. Figure 251 VPN > IPSec VPN > VPN Connection ZyWALL USG 100/200 Series User’s Guide Chapter 10 on page 199. Chapter 41 on page 639. -
Page 354: Table 115 Vpn > Ipsec Vpn > Vpn Connection
To connect or disconnect an IPSec SA, click the Connect icon next to the VPN connection. Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. Section 20.2.2 on page 360 for more information. ZyWALL USG 100/200 Series User’s Guide Section... -
Page 355: The Vpn Connection Add/Edit (Ike) Screen
353), and click either the Add icon or an Edit icon. If you click the Add icon, you have to select a specific VPN gateway in the VPN Gateway field before the following screen appears. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN... -
Page 356: Figure 252 Vpn > Ipsec Vpn > Vpn Connection > Edit (Ike)
Chapter 20 IPSec VPN Figure 252 VPN > IPSec VPN > VPN Connection > Edit (IKE) ZyWALL USG 100/200 Series User’s Guide... -
Page 357: Table 116 Vpn > Ipsec Vpn > Vpn Connection > Edit
Phase 2 Settings Click Advanced to display more settings. Click Basic to display fewer settings. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a Section 20.2.2 on page 360 not as secure as a regular IPSec SA. - Page 358 PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. ZyWALL USG 100/200 Series User’s Guide...
- Page 359 Select the address object that represents the desired destination address. For example, this is the address object for the mail server. Protocol Select the protocol required to use this translation. Choices are: TCP, UDP, or All. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN...
-
Page 360: The Vpn Connection Add/Edit Manual Key Screen
ZyWALL confirms that you want to delete the NAT record before doing so. Click OK to save the changes. Click Cancel to discard all changes and return to the main VPN screen. 353), and click either the Add icon or an existing manual key ZyWALL USG 100/200 Series User’s Guide... -
Page 361: Figure 253 Vpn > Ipsec Vpn > Vpn Connection > Manual Key > Edit
Type a unique SPI (Security Parameter Index) between 256 and 4095. The SPI is used to identify the ZyWALL during authentication. The ZyWALL and remote IPSec router must use the same SPI. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN Section 20.2 on page 353... - Page 362 The ZyWALL ignores any characters above the minimum number of characters required by the algorithm. For example, if you enter encryption key, the ZyWALL only uses longer key. ZyWALL USG 100/200 Series User’s Guide 1234567890XYZ for a DES 12345678 . The ZyWALL still stores the...
-
Page 363: The Vpn Gateway Screen
Type a page number to go to or use the arrows to navigate the pages of entries. This field is a sequential value, and it is not associated with a specific VPN gateway. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN 12345678901234567890 1234567890123456 Section 20.3.1 on page 364... -
Page 364: The Vpn Gateway Add/Edit Screen
To activate or deactivate a VPN gateway, click the Active icon next to the gateway. Make sure you click Apply to save and apply the change. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide Section... -
Page 365: Figure 255 Vpn > Ipsec Vpn > Vpn Gateway > Edit
ZyWALL. The IP address of the ZyWALL in the IKE SA is the specified IP address or the IP address corresponding to the domain name. 0.0.0.0 is invalid. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN ), or dashes (-), but the first character... - Page 366 E-mail - the ZyWALL is identified by an e-mail address; you can use up to 31 ASCII characters including spaces, although trailing spaces are truncated. This value is only used for identification and can be any string. ZyWALL USG 100/200 Series User’s Guide...
- Page 367 This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. ZyWALL USG 100/200 Series User’s Guide There is a NAT router between the ZyWALL and remote IPSec router.
- Page 368 ZyWALL authenticates this information. Select this radio button if the ZyWALL provides a username and password to the remote IPSec router for authentication. You also have to provide the User Name and the Password. ZyWALL USG 100/200 Series User’s Guide...
-
Page 369: The Vpn Concentrator Screen
The VPN Concentrator summary screen displays the VPN concentrators in the ZyWALL. To access this screen, click VPN > IPSec VPN > Concentrator. The following screen appears. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN... -
Page 370: The Vpn Concentrator Add/Edit Screen
), or dashes (-), but the first character cannot be a number. This value is case-sensitive. This field is a sequential value, and it is not associated with a specific member in the concentrator. ZyWALL USG 100/200 Series User’s Guide for more... -
Page 371: The Sa Monitor Screen
You can use the SA Monitor screen to display and to manage active IPSec SAs. To access this screen, click VPN > IPSec VPN > SA Monitor. The following screen appears. ZyWALL USG 100/200 Series User’s Guide Section 20.2.1 on page 355. -
Page 372: Figure 260 Vpn > Ipsec Vpn > Sa Monitor
This field is displayed if the IPSec SA does not use manual keys. Click the Disconnect icon next to an IPSec SA to disconnect it. Click Refresh to update the information in the display. ZyWALL USG 100/200 Series User’s Guide Regular for more details. -
Page 373: Ipsec Vpn Background Information
SA. In main mode, this is done in steps 1 and 2, as illustrated next. Figure 261 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal ZyWALL USG 100/200 Series User’s Guide Negotiation Mode on page One or more proposals, each one consisting of:... -
Page 374: Figure 262 Ike Sa: Main Negotiation Mode, Steps 3 - 4: Dh Key Exchange
IPSec SA. In main mode, this is done in steps 3 and 4, as illustrated next. Figure 262 IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange for more information about DH key Diffie-Hellman key exchange ZyWALL USG 100/200 Series User’s Guide... -
Page 375: Figure 263 Ike Sa: Main Negotiation Mode, Steps 5 - 6: Authentication
You have to create (and distribute) a pre-shared key. The ZyWALL and remote IPSec router use it in the authentication process, though it is not actually transmitted or exchanged. The ZyWALL and the remote IPSec router must use the same pre-shared key. ZyWALL USG 100/200 Series User’s Guide Step 5: pre-shared key... -
Page 376: Table 123 Vpn Example: Matching Id Type And Content
Local ID content: 1.1.1.2 Peer ID type: E-mail Peer ID content: tom@yourcompany.com REMOTE IPSEC ROUTER Local ID type: IP Local ID content: 1.1.1.2 Peer ID type: E-mail Peer ID content: tom@yourcompany.com ZyWALL USG 100/200 Series User’s Guide 376, the ZyWALL and... -
Page 377: Figure 264 Vpn/Nat Example
The extra header may be UDP port 500 or UDP port 4500, depending on the standard(s) the ZyWALL and remote IPSec router support. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN Active Protocol... -
Page 378: Regular Expressions In Searching Ipsec Sas
“abc” and ending in “123” matches, no matter how many characters are in between. The whole VPN connection or policy name has to match if you do not use a question mark or asterisk. ZyWALL USG 100/200 Series User’s Guide... -
Page 379: Ipsec Sa Overview
ZyWALL and remote IPSec router (for example, for remote management), not between computers on the local and remote networks. The ZyWALL and remote IPSec router must use the same encapsulation. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN... -
Page 380: Figure 265 Vpn: Transport And Tunnel Mode Encapsulation
This section provides more information about IPSec SA in your ZyWALL. IP Header Data Header IP Header AH/ESP Header Header IP Header AH/ESP IP Header Header IKE SA Proposal on page ZyWALL USG 100/200 Series User’s Guide Data Data Header 373),... - Page 381 (for example, mail) from the remote network to a specific computer (like the mail server) in the local network. Each kind of translation is explained below. The following example is used to help explain each one. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN...
-
Page 382: Figure 266 Vpn Example: Nat For Inbound And Outbound Traffic
382, you can configure this kind of translation if you want to forward mail from the remote network to the mail server in the local network (A). Figure 266 on Figure 266 on ZyWALL USG 100/200 Series User’s Guide... - Page 383 • Mapped Port - the translated destination port or range of destination ports. The original port range and the mapped port range must be the same size. ZyWALL USG 100/200 Series User’s Guide Chapter 20 IPSec VPN Figure 266 on...
- Page 384 Chapter 20 IPSec VPN ZyWALL USG 100/200 Series User’s Guide...
-
Page 385: Ssl Vpn
URL. You do not have to install additional client software on the remote user computers for access. Figure 267 Network Access Mode: Reverse Proxy ZyWALL USG 100/200 Series User’s Guide SSL VPN Section 21.2 on page 387) to Section 21.3 on page... -
Page 386: Figure 268 Network Access Mode: Full Tunnel Mode
Configure address objects for the IP addresses of the DNS and WINS servers that the ZyWALL sends to the VPN connection users. Configure an address object to specify which network segment users are allowed to access through a VPN connection. ZyWALL USG 100/200 Series User’s Guide... -
Page 387: The Ssl Access Privilege Screen
To create a new or edit an existing SSL access policy, click the Add or Edit icon in the Access Privilege screen. ZyWALL USG 100/200 Series User’s Guide for related information on these screens. for how to establish an SSL VPN connection to the... -
Page 388: Figure 270 Vpn > Ssl Vpn > Access Privilege > Add/Edit
Any security rules or settings configured for the SSL_VPN security zone will also apply to this SSL access policy . Enter additional information about this SSL access policy. You can enter up to 31 characters (“0-9”, “a-z”, “A-Z”, “-” and “_”). ZyWALL USG 100/200 Series User’s Guide... -
Page 389: The Ssl Connection Monitor Screen
Use this screen to do the following: • View a list of users currently logged in through VPN SSL. ZyWALL USG 100/200 Series User’s Guide Section 35.2.1 on page 596 for details). for more information. -
Page 390: The Ssl Global Setting Screen
This field displays the number of bytes transmitted by the ZyWALL on this connection. Click the icon to terminate the connection of the user and delete corresponding session information from the ZyWALL. Click Refresh to update this screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 391: Figure 272 Vpn > Ssl Vpn > Global Setting
Click Apply to save the changes and/or start the logo file upload process. Reset Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide graphic should use a resolution of 127 x 57 pixels to avoid distortion when displayed. The ZyWALL automatically resizes a graphic of a different resolution to 127 x 57 pixels. -
Page 392: How To Upload A Custom Logo
3 Click Login. 4 SSL VPN connection starts. This may take several minutes depending on your network connection. Once the connection is up, you should see the client portal screen. The following shows an example. ZyWALL USG 100/200 Series User’s Guide... -
Page 393: Figure 274 Ssl Vpn Client Portal Screen Example
Login screen. Clear the Login to SSL VPN check box and try logging in again. For more information on user portal screens, refer to Chapter 22 on page 395. ZyWALL USG 100/200 Series User’s Guide... - Page 394 Chapter 21 SSL VPN ZyWALL USG 100/200 Series User’s Guide...
-
Page 395: Ssl User Screens
Here are the browser and computer system requirements for remote user access. • Windows 2000 and Windows XP • Internet Explorer 5.5 and above (for IE7, JRE 1.6 must be enabled) • Netscape 7.2 and above ZyWALL USG 100/200 Series User’s Guide SSL User Screens Internet Internet... -
Page 396: Remote User Login
1 Open a web browser and enter the web site address or IP address of the ZyWALL. For example, “http://sslvpn.mycompany.com”. Figure 276 Enter the Address in a Web Browser 2 Click OK or Yes if a security screen displays. for how to configure SSL VPN on the ZyWALL. ZyWALL USG 100/200 Series User’s Guide Appendix D on... -
Page 397: Figure 277 Login Security Screen
If a certificate warning screen displays, click OK, Yes or Continue. Figure 279 Java Needed Message 6 The following status screen displays indicating the progress of the secure SSL VPN connection setup. ZyWALL USG 100/200 Series User’s Guide Chapter 22 SSL User Screens... -
Page 398: The Ssl Vpn User Screens
Available resource links vary depending on the configuration your network administrator made. 22.3 The SSL VPN User Screens This section describes the main elements in the remote user screens. Figure 281 Remote User Screen for a screen example. ZyWALL USG 100/200 Series User’s Guide... -
Page 399: Bookmarking The Zywall
2 A prompt window displays. Click OK to continue. Figure 283 Logout: Prompt 3 An information screen displays to indicate that the SSL VPN connection is about to terminate. ZyWALL USG 100/200 Series User’s Guide Chapter 22 SSL User Screens... -
Page 400: Figure 284 Logout: Connection Termination Progress
Chapter 22 SSL User Screens Figure 284 Logout: Connection Termination Progress ZyWALL USG 100/200 Series User’s Guide... -
Page 401: Ssl User Application Screens
Microsoft Outlook Web Access (OWA). To access a web-based application, simply click a link in the Application screen to display the web screen in a separate browser window. Figure 285 Application ZyWALL USG 100/200 Series User’s Guide... - Page 402 Chapter 23 SSL User Application Screens ZyWALL USG 100/200 Series User’s Guide...
-
Page 403: Ssl User File Sharing
24.2 The Main File Sharing Screen The first File Sharing screen displays the name(s) of the shared folder(s) available. The following figure shows an example with one file share. ZyWALL USG 100/200 Series User’s Guide... -
Page 404: Opening A File Or Folder
3 If an access user name and password are required, a screen displays as shown in the following figure. Enter the account information and click Login to continue. Figure 287 File Sharing: Enter Access User Name and Password ZyWALL USG 100/200 Series User’s Guide... -
Page 405: Downloading A File
After you have opened a file in a web browser, you can save a copy of the file by clicking File > Save As and following the on-screen instructions. ZyWALL USG 100/200 Series User’s Guide Chapter 24 SSL User File Sharing... -
Page 406: Creating A New Folder
Make sure the length of the folder name does not exceed the maximum allowed on the file server. Figure 290 File Sharing: Save a Word File 24.5 Renaming a File or Folder To rename a file or folder, click the Rename icon next to the file/folder. ZyWALL USG 100/200 Series User’s Guide... -
Page 407: Deleting A File Or Folder
To delete a file or folder, click the Delete icon next to the file/folder and then OK in a prompt screen that displays. Figure 293 File Sharing: Delete Prompt ZyWALL USG 100/200 Series User’s Guide Chapter 24 SSL User File Sharing... -
Page 408: Uploading A File
4 After the file is uploaded successfully, you should see the name of the file and a message in the screen. Figure 294 File Sharing: File Upload Uploading a file with the same name and file extension replaces the existing file on the file server. No warning message is displayed. ZyWALL USG 100/200 Series User’s Guide... -
Page 409: L2Tp Vpn
At the time of writing the L2TP remote user must have a public IP address in order for L2TP VPN to work (the remote user cannot be behind a NAT router or a firewall). ZyWALL USG 100/200 Series User’s Guide L2TP VPN IPSec VPN Tunnel L2TP Tunnel Section 25.2 on page... -
Page 410: Figure 296 Policy Route For L2Tp Vpn
(L2TP_POOL in the following figure). • Set the next hop to be the VPN tunnel that you are using for L2TP. Figure 296 Policy Route for L2TP VPN LAN_SUBNET Chapter 20 on page L2TP_POOL ZyWALL USG 100/200 Series User’s Guide... -
Page 411: L2Tp Vpn Screen
Select the pool of IP addresses that the ZyWALL uses to assign to the L2TP VPN clients. Select Create Object to configure a new pool of IP addresses. ZyWALL USG 100/200 Series User’s Guide for related information on these screens. -
Page 412: L2Tp Vpn Session Monitor Screen
Click Cancel to start configuring this screen afresh. DESCRIPTION This is the index number of a current L2TP VPN session. This field displays the remote user’s user name. ZyWALL USG 100/200 Series User’s Guide Chapter 40 on page 635 Section 35.2.1 on page 596... - Page 413 This field displays the public IP address that the remote user is using to connect to the Internet. Disconnect Click the Disconnect icon next to an L2TP VPN connection to disconnect it. Refresh Click Refresh to update the information in the display. ZyWALL USG 100/200 Series User’s Guide Chapter 25 L2TP VPN...
- Page 414 Chapter 25 L2TP VPN ZyWALL USG 100/200 Series User’s Guide...
-
Page 415: L2Tp Vpn Example
26.2 Configuring the Default L2TP VPN Gateway Example 1 Click VPN > Network > IPSec VPN > VPN Gateway to open the screen that lists the VPN gateways. Click the Default_L2TP_VPN_GW entry’s Edit icon. ZyWALL USG 100/200 Series User’s Guide L2TP VPN Example 172.16.1.2 192.168.10.10~192.168.10.20... -
Page 416: Configuring The Default L2Tp Vpn Connection Example
Figure 301 VPN > IPSec VPN > VPN Gateway (Enable) 26.3 Configuring the Default L2TP VPN Connection Example 1 Click VPN > Network > IPSec VPN to open the screen that lists the VPN connections. Click the Default_L2TP_VPN_Connection’s Edit icon. ZyWALL USG 100/200 Series User’s Guide... -
Page 417: Figure 302 Vpn > Ipsec Vpn > Vpn Connection > Edit
0.0.0.0. It is named L2TP_HOST in this example. 3 Click the Default_L2TP_VPN_Connection entry’s Enable icon and click Apply to turn on the entry. Figure 303 VPN > IPSec VPN > VPN Connection (Enable) ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 418: Configuring The L2Tp Vpn Settings Example
L2TP-test has been created. • The other fields are left to the defaults in this example, click Apply. 26.5 Configuring the Policy Route for L2TP Example 1 Click Routing > Add to open the following screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 419: Configuring L2Tp Vpn In Windows Xp And 2000
In Windows XP do the following to establish an L2TP VPN connection. 1 Click Start > Control Panel > Network Connections > New Connection Wizard. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example Section 26.1 on page... -
Page 420: Figure 306 New Connection Wizard: Network Connection Type
3 Select Connect to the network at my workplace and click Next. Figure 306 New Connection Wizard: Network Connection Type 4 Select Virtual Private Network connection and click Next. Figure 307 New Connection Wizard: Network Connection 5 Type L2TP to ZyWALL as the Company Name. ZyWALL USG 100/200 Series User’s Guide... -
Page 421: Figure 308 New Connection Wizard: Connection Name
7 Enter the domain name or WAN IP address configured as the My Address in the VPN gateway configuration that the ZyWALL is using for L2TP VPN (172.16.1.2 in this example). ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 422: Figure 310 New Connection Wizard: Vpn Server Selection
Figure 310 New Connection Wizard: VPN Server Selection 172.16.1.2 8 Click Finish. 9 The Connect L2TP to ZyWALL screen appears. Click Properties > Security. Figure 311 Connect L2TP to ZyWALL 10 Click Security, select Advanced (custom settings) and click Settings. ZyWALL USG 100/200 Series User’s Guide... -
Page 423: Figure 312 Connect L2Tp To Zywall: Security
Select Unencrypted password (PAP) and clear all of the other check boxes. Click OK. Figure 313 Connect ZyWALL L2TP: Security > Advanced 12 Click IPSec Settings. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 424: Figure 314 L2Tp To Zywall Properties > Security
14 Click Networking. Select L2TP IPSec VPN as the Type of VPN. Click OK. Figure 316 L2TP to ZyWALL Properties: Networking 15 Enter the user name and password of your ZyWALL account. Click Connect. ZyWALL USG 100/200 Series User’s Guide... -
Page 425: Configuring L2Tp In Windows 2000
L2TP client. 26.6.2.1 Editing the Windows 2000 Registry In Windows 2000, you need to create a registry entry and restart the computer to have it use pre-shared keys. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 426: Figure 320 Starting The Registry Editor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parame ters. Figure 321 Registry Key 4 Right-click Parameters and select New > DWORD Value. Figure 322 New DWORD Value 5 Enter ProhibitIpSec as the name. And make sure the Data displays as 0’s. ZyWALL USG 100/200 Series User’s Guide... -
Page 427: Figure 323 Prohibitipsec Dword Value
Figure 324 Run mmc 2 Click Console > Add/Remove Snap-in. Figure 325 Console > Add/Remove Snap-in 3 Click Add > IP Security Policy Management >Add > Finish. Click Close > OK. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 428: Figure 326 Add > Ip Security Policy Management > Finish
4 Right-click IP Security Policies on Local Machine and click Create IP Security Policy. Click Next in the welcome screen. Figure 327 Create IP Security Policy 5 Name the IP security policy L2TP to ZyWALL, and click Next. ZyWALL USG 100/200 Series User’s Guide... -
Page 429: Figure 328 Ip Security Policy: Name
Figure 329 IP Security Policy: Request for Secure Communication 7 Leave the Edit Properties check box selected and click Finish. Figure 330 IP Security Policy: Completing the IP Security Policy Wizard ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 430: Figure 331 Ip Security Policy Properties > Add
Figure 331 IP Security Policy Properties > Add 9 Select This rule does not specify a tunnel and click Next. Figure 332 IP Security Policy Properties: Tunnel Endpoint 10 Select All network connections and click Next. ZyWALL USG 100/200 Series User’s Guide... -
Page 431: Figure 333 Ip Security Policy Properties: Network Type
11 Select Use this string to protect the key exchange (preshared key), type password in the text box, and click Next. Figure 334 IP Security Policy Properties: Authentication Method 12 Click Add. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 432: Figure 335 Ip Security Policy Properties: Ip Filter List
ZyWALL’s WAN IP address (172.16.1.2 in this example) in the IP Address field. Make certain the Mirrored. Also match packets with the exact opposite source and destination addresses check box is selected and click Apply. ZyWALL USG 100/200 Series User’s Guide... -
Page 433: Figure 337 Filter Properties: Addressing
UDP from port 1701. Select To any port. Click Apply, OK, and then Close. Figure 338 Filter Properties: Protocol 16 Select ZyWALL WAN_IP and click Next. ZyWALL USG 100/200 Series User’s Guide . 16 Chapter 26 L2TP VPN Example... -
Page 434: Figure 339 Ip Security Policy Properties: Ip Filter List
17 Select Require Security and click Next. Then click Finish and Close. Figure 340 IP Security Policy Properties: IP Filter List 18 In the Console window, right-click L2TP to ZyWALL and select Assign. Figure 341 Console: L2TP to ZyWALL Assign ZyWALL USG 100/200 Series User’s Guide... -
Page 435: Figure 342 Start New Connection Wizard
3 Enter the domain name or WAN IP address configured as the My Address in the VPN gateway configuration that the ZyWALL is using for L2TP VPN. Click Next. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 436: Figure 344 New Connection Wizard: Destination Address
172.16.1.2 4 Select For all users and click Next. Figure 345 New Connection Wizard: Connection Availability 5 Name the connection L2TP to ZyWALL and click Finish. Figure 346 New Connection Wizard: Naming the Connection ZyWALL USG 100/200 Series User’s Guide... -
Page 437: Figure 347 Connect L2Tp To Zywall
8 Select Optional encryption allowed (connect even if no encryption) and the Allow these protocols radio button. Select Unencrypted password (PAP) and clear all of the other check boxes. Click OK. Click Yes if a screen pops up. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... -
Page 438: Figure 349 Connect L2Tp To Zywall: Security > Advanced
Click OK. Figure 350 Connect L2TP to ZyWALL: Networking 10 Enter your user name and password and click Connect. It may take up to one minute to establish the connection and register on the network. ZyWALL USG 100/200 Series User’s Guide... -
Page 439: Figure 351 Connect L2Tp To Zywall
ZyWALL (192.168.10.10-192.168.10.20). Figure 353 L2TP to ZyWALL Status: Details 13 Access a server or other network resource behind the ZyWALL to make sure your access works. ZyWALL USG 100/200 Series User’s Guide Chapter 26 L2TP VPN Example... - Page 440 Chapter 26 L2TP VPN Example ZyWALL USG 100/200 Series User’s Guide...
-
Page 441: Application Patrol
Application Patrol Application Patrol (443) -
Page 443: Application Patrol
It also lets you open the Other Configuration Add/Edit screen to create new conditions or edit existing ones. • Use the Statistics screen (see and statistics for each protocol. ZyWALL USG 100/200 Series User’s Guide Application Patrol Section 27.2 on page 451) to enable and disable Section 27.3.1 on page... -
Page 444: What You Need To Know About Application Patrol
When you allow an application, you can restrict the bandwidth it uses or even the bandwidth that particular features in the application (like voice, video, or file sharing) use. This restriction may be ineffective in certain cases, however, such as using MSN to send files via P2P. ZyWALL USG 100/200 Series User’s Guide... -
Page 445: Figure 354 Lan1 To Wan Connection And Packet Directions
• Outbound traffic is limited to 200 kbps. The connection initiator is on LAN1 so outbound means the traffic traveling from LAN1 to the WAN. Each of the WAN zone’s two interfaces can send the limit of 200 kbps of traffic. ZyWALL USG 100/200 Series User’s Guide Connection Outbound... -
Page 446: Figure 355 Lan 1To Wan, Outbound 200 Kbps, Inbound 500 Kbps
1000 kbps, but the WAN is set to a maximum outgoing speed of 1000 kbps. You configure policy A for server A’s traffic and policy B for server B’s traffic. Inbound 500 kbps ZyWALL USG 100/200 Series User’s Guide... -
Page 447: Figure 356 Bandwidth Management Behavior
200 kbps plus 250 kbps for a total of 450 kbps. Table 135 Maximize Bandwidth Usage Effect POLICY CONFIGURED RATE MAX. B. U. PRIORITY 300 kbps 200 kbps ZyWALL USG 100/200 Series User’s Guide 1000 kbps 1000 kbps 1000 kbps ACTUAL RATE ACTUAL RATE... -
Page 448: Application Patrol Bandwidth Management Examples
1 Gbps connections, but it must be the lowest priority and limited so it does not interfere with SIP and HTTP traffic. ACTUAL RATE 999 kbps 1 kbps for related information on these screens. for an example of how to set up web surfing policies with ZyWALL USG 100/200 Series User’s Guide... -
Page 449: Figure 357 Application Patrol Bandwidth Management Example
• Highest priority (1). Set policies for other applications to lower priorities so the SIP traffic always gets the best treatment. • Enable maximize bandwidth usage so the SIP traffic can borrow unused bandwidth. ZyWALL USG 100/200 Series User’s Guide SIP: WAN to Any Outbound: 200 Kbps... -
Page 450: Figure 358 Sip Any To Wan Bandwidth Management Example
DMZ FTP server (outbound) but only 100 kbps for downloads (inbound). • Third highest priority (3). • Disable maximize bandwidth usage since you do not want to give FTP more bandwidth. Outbound: 200 kbps Inbound: 200 kbps Outbound: 200 kbps Inbound: 500 kbps ZyWALL USG 100/200 Series User’s Guide... -
Page 451: Application Patrol General Screen
27.2 Application Patrol General Screen Use this screen to enable and disable application patrol. It also lists the registration status and details about the signature set the ZyWALL is using. ZyWALL USG 100/200 Series User’s Guide Outbound: 300 kbps Inbound: 100 kbps... -
Page 452: Figure 362 Apppatrol > General
This field displays whether you applied for a trial application (Trial) or registered a Type service with your iCard’s PIN number (Standard). None displays when the service is not activated. for how to register. Section 27.3.1 on page 454 ZyWALL USG 100/200 Series User’s Guide... -
Page 453: Application Patrol Applications
This field displays the name of the application. Default Access This field displays what the ZyWALL does with packets for this application. Choices are: forward, drop, and reject. ZyWALL USG 100/200 Series User’s Guide Chapter 27 Application Patrol Section 27.3.1 on page 454... -
Page 454: The Application Patrol Edit Screen
Auto - the ZyWALL identifies this application by matching the IP payload with the application’s pattern(s). Service Ports - the ZyWALL identifies this application by looking at the destination port in the IP header. ZyWALL USG 100/200 Series User’s Guide... - Page 455 In this case the traffic is automatically treated as being set to the lowest priority (7) regardless of this field’s configuration. ZyWALL USG 100/200 Series User’s Guide the list. While this sequence does not affect the functionality, you might improve the performance of the ZyWALL by putting more common conditions at the top of the list.
-
Page 456: The Application Patrol Policy Edit Screen
Select this check box to turn on this policy for the application. Port Use this field to specify a specific port number to which to apply this policy. Type zero, if this policy applies for every port number. ZyWALL USG 100/200 Series User’s Guide... - Page 457 If the sum of the bandwidths for routes using the same next hop is higher than the actual transmission speed, lower priority traffic may not be sent if higher priority traffic uses all of the actual bandwidth. ZyWALL USG 100/200 Series User’s Guide Chapter 27 Application Patrol Chapter 38 on page 619 for details).
-
Page 458: The Other Applications Screen
You can also control the bandwidth used by these other applications.This screen also allows you to add, edit, and remove conditions to this default policy. Click AppPatrol > Other to open the Other (applications) screen. for more on logs. ZyWALL USG 100/200 Series User’s Guide Chapter 45 on... -
Page 459: Figure 366 Apppatrol > Other
Reject - the ZyWALL does not route the packets and notifies the client of its decision. ZyWALL USG 100/200 Series User’s Guide Section 27.4.1 on page 460 the list. While this sequence does not affect the functionality, you might improve the performance of the ZyWALL by putting more common conditions at the top of the list. -
Page 460: The Other Applications Add/Edit Screen
The Other Configuration Add/Edit screen allows you to create a new condition or edit an existing one. To access this screen, go to the Other Protocol screen (see 458), and click either the Add icon or an Edit icon. Chapter 45 on page 715 Section 27.4 on page ZyWALL USG 100/200 Series User’s Guide... -
Page 461: Figure 367 Apppatrol > Other > Edit
Configure these fields to set the amount of bandwidth the application can use. Management These fields only apply when Access is set to forward. ZyWALL USG 100/200 Series User’s Guide Chapter 27 Application Patrol Chapter 38 on page 619 for details). Otherwise, select... -
Page 462: Application Patrol Statistics
Click AppPatrol > Statistics to open the following screen. 27.5.1 Application Patrol Statistics: General Setup Use the top of the AppPatrol > Statistics screen to configure what to display. Chapter 45 on page 715 for more information. ZyWALL USG 100/200 Series User’s Guide... -
Page 463: Application Patrol Statistics: Bandwidth Statistics
ZyWALL sends to the initiator of the connection. • A dotted line represents a protocol’s outgoing bandwidth usage. This is the protocol’s traffic that the ZyWALL sends out from the initiator of the connection. ZyWALL USG 100/200 Series User’s Guide Chapter 27 Application Patrol... -
Page 464: Application Patrol Statistics: Protocol Statistics
IP payload. Matched Service This is how much of the application’s traffic the ZyWALL identified by examining Ports Connection OSI level-3 information such as IP addresses and port numbers. Rule This is a protocol’s rule. ZyWALL USG 100/200 Series User’s Guide... - Page 465 This is how much of the application’s traffic the ZyWALL has discarded and notified Data (KB) the client that the traffic was rejected (in kilobytes). This traffic was rejected because it matched a policy set to “reject”. ZyWALL USG 100/200 Series User’s Guide Chapter 27 Application Patrol...
- Page 466 Chapter 27 Application Patrol ZyWALL USG 100/200 Series User’s Guide...
-
Page 467: Anti-X
Anti-X Anti-Virus (469) IDP (483) ADP (513) Content Filtering (531) Content Filter Reports (551) Anti-Spam (559) -
Page 469: Anti-Virus
• Use the Black/White List screen (blocked) and white (allowed) lists of virus file patterns. • Use the Signature screen information about signatures. ZyWALL USG 100/200 Series User’s Guide Anti-Virus (Section 28.2 on page 471) to turn anti-virus on or off, set up (Section 28.3 on page... -
Page 470: Chapter 28 Anti-Virus
The un-infected portion of the file before a virus pattern was matched still goes through. 5 If the send alert message function is enabled, the ZyWALL sends an alert to the file’s intended destination computer(s). for details. ZyWALL USG 100/200 Series User’s Guide... -
Page 471: Before You Begin
28.2 Anti-Virus Summary Screen Click Anti-X > Anti-Virus to display the configuration screen as shown next. ZyWALL USG 100/200 Series User’s Guide Appendix C on page 819 if your Windows computer does not for related information on these screens. -
Page 472: Figure 372 Anti-X > Anti-Virus > General
HTTP applies to traffic using TCP ports 80, 8080 and 3128. SMTP applies to traffic using TCP port 25. POP3 applies to traffic using TCP port 110. IMAP4 applies to traffic using TCP port 143. ZyWALL USG 100/200 Series User’s Guide... -
Page 473: Anti-Virus Policy Add Or Edit Screen
Click Reset to start configuring this screen again. 28.2.1 Anti-Virus Policy Add or Edit Screen Click the Add or Edit icon in the Anti-X > Anti-Virus > General screen to display the configuration screen as shown next. ZyWALL USG 100/200 Series User’s Guide Chapter 28 Anti-Virus... -
Page 474: Figure 373 Anti-X > Anti-Virus > General > Add
Select this check box to set the ZyWALL to send a message alert to files’ intended user(s) using Microsoft Windows computers connected to the to interface. Refer to Appendix C on page 819 if your Windows computer does not display the alert messages. ZyWALL USG 100/200 Series User’s Guide... -
Page 475: Anti-Virus Black List
Click Anti-X > Anti-Virus > Black/White List to display the screen shown next. Use the Black List screen to set up the Anti-Virus black (blocked) list of virus file patterns. ZyWALL USG 100/200 Series User’s Guide does NOT decompress any ZIP file(s) within a ZIP file. -
Page 476: Anti-Virus Black List Or White List Add/Edit
To delete an entry, click the entry’s Remove icon. The web configurator confirms that you want to delete the entry. Click Apply to save your changes. Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide... -
Page 477: Anti-Virus White List
Use the Black/White List screen to set up Anti-Virus black (blocked) and white (allowed) lists of virus file patterns. ZyWALL USG 100/200 Series User’s Guide Use up to 80 characters. Alphanumeric characters, underscores ( ), question marks (?) and asterisks (*) are allowed. -
Page 478: Signature Searching
To delete an entry, click the entry’s Remove icon. The web configurator confirms that you want to delete the entry. Click Apply to save your changes. Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide Section 28.4 on Section 28.4 on page 476... -
Page 479: Figure 377 Anti-X > Anti-Virus > Signature: Search By Severity
Click a signature’s name to see details about the virus. This is the IDentification number of the anti-virus signature. Click the ID column header to sort your search results in ascending or descending order according to the ID. ZyWALL USG 100/200 Series User’s Guide Chapter 28 Anti-Virus... -
Page 480: Anti-Virus Technical Reference
This makes it harder for an anti-virus scanner to detect or intercept it. A polymorphic virus can also belong to any of the virus types discussed above. ZyWALL USG 100/200 Series User’s Guide... - Page 481 • NAV scanners stops virus threats at the network edge before they enter or exit a network. • NAV scanners reduce computing loading on computers as the read-time data traffic inspection is done on a dedicated security device. ZyWALL USG 100/200 Series User’s Guide Chapter 28 Anti-Virus...
- Page 482 Chapter 28 Anti-Virus ZyWALL USG 100/200 Series User’s Guide...
-
Page 483: Idp
For example, apply the default LAN_IDP profile to any traffic going to the LAN zone in order to protect your LAN computers. ZyWALL USG 100/200 Series User’s Guide (Section 29.2 on page 484) to turn IDP on or off, (Section 29.3 on page... -
Page 484: Before You Begin
ZyWALL can protect against. for how to create your own custom IDP signatures. Chapter 14 on page 299 ZyWALL USG 100/200 Series User’s Guide Section 8.2 on page for more information. -
Page 485: Figure 378 Anti-X > Idp > General
Priority From, To IDP Profile ZyWALL USG 100/200 Series User’s Guide DESCRIPTION You must register for IDP service in order to use packet inspection signatures. If you don’t have a standard license, you can register for a once-off trial one. -
Page 486: Configuring Idp Policies
This field displays the date and time the set was released. Click this link to go to the screen you can use to download signatures from the update server. Click Apply to save your changes. Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide... -
Page 487: Introducing Idp Profiles
The ZyWALL comes with several base profiles. You use base profiles to create new profiles. In the Anti-X > IDP > Profile screen, click the Add icon to display the following screen. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Select this check box to turn on this IDP profile to traffic direction binding. -
Page 488: The Profile Summary Screen
Signatures with a very low or low severity level (less than or equal to two) are disabled. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide... -
Page 489: Creating New Profiles
If Internet Explorer opens a warning screen about a script making Internet Explorer run slowly and the computer maybe becoming unresponsive, just click No to continue. ZyWALL USG 100/200 Series User’s Guide Table 154 on page 488) and then click OK to go to the profile... -
Page 490: Profiles: Packet Inspection
Select Anti-X > IDP > Profile and then add a new or edit an existing profile select. Packet inspection signatures examine the contents of a packet for malicious data. It operates at layer- 4 to layer-7. 29.6.1 Profile > Group View Screen ZyWALL USG 100/200 Series User’s Guide... -
Page 491: Figure 382 Anti-X > Idp > Profile > Edit : Group View
Chapter 29 IDP Figure 382 Anti-X > IDP > Profile > Edit : Group View ZyWALL USG 100/200 Series User’s Guide... -
Page 492: Table 156 Anti-X > Idp > Profile > Group View
Select this option to have the ZyWALL send an alert when a packet matches a signature(s). ), or dashes (-), but the first character cannot be a number. This value ZyWALL USG 100/200 Series User’s Guide Table 157 on page 493 for a... -
Page 493: Policy Types
After you enter a chat (or chat room), any room member can type a message that will appear on the monitors of all the other participants. SPAM Spam is unsolicited “junk” e-mail sent to large numbers of people to promote products or services. ZyWALL USG 100/200 Series User’s Guide Chapter 29 IDP... -
Page 494: Idp Service Groups
Web attacks refer to attacks on web servers such as IIS (Internet Information Services). WEB_MISC WEB_IIS WEB_ATTACKS TFTP SNMP SMTP POP3 POP2 NNTP NETBIOS MISC_DDOS MISC_BACKDOOR ZyWALL USG 100/200 Series User’s Guide WEB_FRONTPAGE TELNET RSERVICES MYSQL MISC... -
Page 495: Profile > Query View Screen
In the query view screen, you can search for signatures by criteria such as name, ID, severity, attack type, vulnerable attack platforms, service category, log options or actions. ZyWALL USG 100/200 Series User’s Guide ICMP Figure 382 on page 491... -
Page 496: Figure 384 Anti-X > Idp > Profile: Query View
Table 157 on page Table 158 on page 494 Table 156 on page 492 for action details. Hold down the [Ctrl] key Table 156 on page 492 ZyWALL USG 100/200 Series User’s Guide 492). Hold down 493). Attack types for option... -
Page 497: Query Example
This example shows a search with these criteria: • Severity: severe and high • Attack Type: DDoS • Platform: Windows 2000 and Windows XP computers • Service: Any • Actions: Any Figure 385 Query Example Search Criteria ZyWALL USG 100/200 Series User’s Guide Chapter 29 IDP... -
Page 498: Introducing Idp Custom Signatures
You need some knowledge of packet headers and attack types to create your own custom signatures. 29.7.1 IP Packet Header These are the fields in an Internet Protocol (IP) version 4 packet header. ZyWALL USG 100/200 Series User’s Guide... -
Page 499: Figure 387 Ip V4 Packet Headers
Protocol Header Checksum Source IP Address Destination IP Address ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The value 4 indicates IP version 4. IP Header Length is the number of 32 bit words forming the total length of the header (usually five). -
Page 500: Configuring Custom Signatures
Timestamp (have each router record its IP address and time), End of IP List and No IP Options. Padding is used as a filler to ensure that the IP packet is a multiple of 32 bits. ZyWALL USG 100/200 Series User’s Guide... -
Page 501: Creating Or Editing A Custom Signature
Try to write signatures that target a vulnerability, for example a certain type of traffic on certain operating systems, instead of a specific exploit. ZyWALL USG 100/200 Series User’s Guide is ‘custom.rules’. If you import a file named ‘custom.rules’, then all custom signatures on the ZyWALL are overwritten with the new file. -
Page 502: Figure 389 Anti-X > Idp > Custom Signatures > Add/Edit
Chapter 29 IDP Figure 389 Anti-X > IDP > Custom Signatures > Add/Edit ZyWALL USG 100/200 Series User’s Guide... -
Page 503: Table 162 Anti-X > Idp > Custom Signatures > Add/Edit
Select the check box, select Equal, Smaller or Greater and then type in a number. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a Table 156 on page 492 for a list of IDP service groups. - Page 504 ICMP fields when they communicate. The longer a payload option is, the more exact the match, the faster the signature processing. Therefore, if possible, it is recommended to have at least one payload option in your signature. ZyWALL USG 100/200 Series User’s Guide...
-
Page 505: Custom Signature Example
As an example, say you want to create a signature for the ‘Microsoft Windows Plug-and-Play Service Remote Overflow (MS-05-39)’ attack. Search the Security Focus web site and you will find it uses the NetBIOS service in established TCP connections to a server using port 445. ZyWALL USG 100/200 Series User’s Guide Chapter 29 IDP... -
Page 506: Figure 390 Custom Signature Example Pattern 1
Figure 392 Custom Signature Example Patterns 3 and 4 The final custom signature should look like as shown in the following figure. If the attack occurs, check the logs for a log of your custom signature. This indicates the signature works correctly. ZyWALL USG 100/200 Series User’s Guide... -
Page 507: Figure 393 Example Custom Signature
Chapter 29 IDP Figure 393 Example Custom Signature ZyWALL USG 100/200 Series User’s Guide... -
Page 508: Applying Custom Signatures
The Note column displays ACCESS FORWARD when no action is configured for the signature. It displays ACCESS DENIED if you configure the signature action to drop the packet. The destination port is the service port (NetBIOS in this case) that the attack tries to exploit. ZyWALL USG 100/200 Series User’s Guide... -
Page 509: Idp Technical Reference
The text up to the first parenthesis is the rule header and the section enclosed in parenthesis contains the rule options. The words before the colons in the rule options section are the option keywords. ZyWALL USG 100/200 Series User’s Guide Chapter 29 IDP... -
Page 510: Table 163 Zywall - Snort Equivalent Terms
SNORT EQUIVALENT TERM fragbits fragoffset ipopts sameip (In Snort rule header) flow flags window (In Snort rule header) (In Snort rule header) itype icode icmp_id icmp_seq (Snort rule options) dsize offset distance content nocase uricontent ZyWALL USG 100/200 Series User’s Guide... - Page 511 Chapter 29 IDP Not all Snort functionality is supported in the ZyWALL. ZyWALL USG 100/200 Series User’s Guide...
- Page 512 Chapter 29 IDP ZyWALL USG 100/200 Series User’s Guide...
-
Page 513: Adp
Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new firmware. ZyWALL USG 100/200 Series User’s Guide (Section 30.2 on page 514) to turn anomaly detection on or (Section 30.3 on page... -
Page 514: Before You Begin
Table 166 on page 517 for details on ADP base profiles. for ADP prerequisites for IDP information. for IDP-related term definitions. for background information on these screens. Chapter 14 on page 299 for more information. ZyWALL USG 100/200 Series User’s Guide... -
Page 515: Configuring Adp Policies
Click Anti-X > ADP > General and then an Add or Edit icon to display the following screen. Use this screen to apply an ADP profile to a traffic direction. Figure 397 Anti-X > ADP > General > Add ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Select this check box to enable traffic anomaly and protocol anomaly detection. -
Page 516: The Profile Summary Screen
Select an ADP profile to apply to the entry’s traffic direction. Configure the ADP profiles in the ADP profile screens. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide... -
Page 517: Configuring The Adp Profile Summary Screen
When you’re satisfied that they have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you configure appropriate actions to be taken when a packet matches a rule. ZyWALL USG 100/200 Series User’s Guide Chapter 30 ADP... -
Page 518: Traffic Anomaly Profiles
OK or Save to save the changes before selecting the Traffic Anomaly tab. Table 166 on page 517) and then click OK to go to the ZyWALL USG 100/200 Series User’s Guide... -
Page 519: Figure 400 Profiles: Traffic Anomaly
Chapter 30 ADP Figure 400 Profiles: Traffic Anomaly ZyWALL USG 100/200 Series User’s Guide... -
Page 520: Protocol Anomaly Profiles
Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder where each category reflects the packet type inspected. ), or dashes (-), but the first character cannot be a number. This ZyWALL USG 100/200 Series User’s Guide Chapter 45 on page 715... -
Page 521: Protocol Anomaly Configuration
Protocol Anomaly tab. If you made changes to other screens belonging to this profile, make sure you have clicked OK or Save to save the changes before selecting the Protocol Anomaly tab. ZyWALL USG 100/200 Series User’s Guide Chapter 30 ADP... -
Page 522: Figure 401 Profiles: Protocol Anomaly
Chapter 30 ADP Figure 401 Profiles: Protocol Anomaly ZyWALL USG 100/200 Series User’s Guide... -
Page 523: Technical Reference
An attacker scans device(s) to determine what types of network protocols or services a device supports. One of the most common port scanning tools in use today is Nmap. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a number. This value... - Page 524 These are some filtered port scan examples. • TCP Filtered Portscan • TCP Filtered Decoy Portscan • UDP Filtered Portscan • IP Filtered Portscan • UDP Filtered Decoy • IP Filtered Decoy Portscan Portscan ZyWALL USG 100/200 Series User’s Guide...
-
Page 525: Figure 402 Smurf Attack
ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. ZyWALL USG 100/200 Series User’s Guide • UDP Filtered Portsweep • IP Filtered Portsweep •... -
Page 526: Figure 403 Tcp Three-Way Handshake
ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down. ZyWALL USG 100/200 Series User’s Guide... -
Page 527: Table 170 Http Inspection And Tcp/Udp/Icmp Decoders
ATTACK NON-RFC-DEFINED-CHAR ATTACK NON-RFC-HTTP- DELIMITER ATTACK ZyWALL USG 100/200 Series User’s Guide 520) DESCRIPTION This rule deals with non-RFC standard of tab for a space delimiter. Apache uses this, so if you have an Apache server, you need to enable this option. - Page 528 20 bytes.This may cause some applications to crash. This is when a UDP packet is sent which has a UDP length field of greater than the actual packet length. This may cause some applications to crash. ZyWALL USG 100/200 Series User’s Guide...
- Page 529 HEADER ATTACK TRUNCATED-HEADER ATTACK TRUNCATED-TIMESTAMP- HEADER ATTACK ZyWALL USG 100/200 Series User’s Guide DESCRIPTION This is when a UDP packet is sent which has a UDP datagram length of less the UDP header length. This may cause some applications to crash.
- Page 530 Chapter 30 ADP ZyWALL USG 100/200 Series User’s Guide...
-
Page 531: Content Filtering
The ZyWALL can block access to particular categories of web site content, such as pornography or racial intolerance. • Restrict Web Features ZyWALL USG 100/200 Series User’s Guide Content Filtering (Section 31.2 on page 533) to configure global content filtering (Section 31.4 on page... -
Page 532: Before You Begin
Service) or trial (Licensing > Registration > Registration) service before you can use external database content filtering (in the Anti-X > Content Filter > Filter Profiles > Categories). for related information on these screens. for content filtering background/technical information. ZyWALL USG 100/200 Series User’s Guide www.zyxel.com.tw/... -
Page 533: Content Filter General Screen
Block web access when no policy is applied Address Schedule User ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Select this check box to enable the content filter. Select this check box to have the ZyWALL collect category-based content filtering statistics. - Page 534 Standard displays if you have successfully registered the ZyWALL and activated the service. Trial displays if you have successfully registered the ZyWALL and activated the trial service subscription. ZyWALL USG 100/200 Series User’s Guide Chapter 31 on page 536 Chapter 32...
-
Page 535: Content Filter Policy Add Or Edit Screen
Select any to have the content filter policy apply to all of the web access requests that the ZyWALL receives from any user. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION This link appears if you have not registered for the service or only have the trial registration. -
Page 536: Content Filter Profile Screen
All other entries below the new entry are pushed down. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. for how to register. Chapter 32 on page 551 ZyWALL USG 100/200 Series User’s Guide for details). -
Page 537: Figure 408 Anti-X > Content Filter > Filter Profile > Add
Name Enable Content Filter Category Service Matched Web Pages ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Enter a descriptive name for this content filtering profile name. You may use 1-31 alphanumeric characters, underscores( first character cannot be a number. This value is case-sensitive. - Page 538 These depictions are not necessarily sexual in intent or effect, but may include pages containing nude paintings or photo galleries of artistic nature. This category also includes nudist or naturist pages that contain pictures of nude individuals. ZyWALL USG 100/200 Series User’s Guide...
- Page 539 Hacking Phishing Arts/Entertainment Business/Economy ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Selecting this category excludes pages that promote or offer the sale alcohol/tobacco products, or provide the means to create them. It also includes pages that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco.
- Page 540 ZyWALL USG 100/200 Series User’s Guide...
- Page 541 Reference Open Image/Media Search Chat/Instant Messaging Email Blogs/Newsgroups ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Selecting this category excludes pages that sponsor or provide information on computers, technology, the Internet and technology- related organizations and companies. Selecting this category excludes pages that support searching the Internet, indices, and directories.
- Page 542 This includes pages that discuss or promote camping, gardening, and collecting. Selecting this category excludes pages that promote or provide opportunity for travel planning, including finding and making travel reservations, vehicle rentals, descriptions of travel destinations, or promotions for hotels or casinos. ZyWALL USG 100/200 Series User’s Guide...
-
Page 543: Content Filter Customization Screen
(blocked) web site addresses. You can also block web sites based on whether the web site’s address contains a keyword. Use this screen to add or remove specific sites or keywords from the filter list. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Selecting this category excludes pages that provide information on or promote vehicles, boats, or aircraft, including pages that support online purchase of vehicles or parts. -
Page 544: Figure 409 Anti-X > Content Filter > Filter Profile > Customization
ActiveX is a tool for building dynamic and active web pages and distributed object applications. When you visit an ActiveX web site, ActiveX controls are downloaded to your browser, where they remain in case you visit the site again. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but... - Page 545 Delete Blocked URL Keywords Add Blocked URL Keyword Blocked URL Keywords ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Java is a programming language and development environment for building downloadable Web components or Internet and intranet business applications of all kinds.
-
Page 546: Content Filter Cache Screen
Click OK to save your changes back to the ZyWALL. Click Cancel to exit this screen without saving your changes. for how to submit a web site that has been incorrectly ZyWALL USG 100/200 Series User’s Guide... -
Page 547: Figure 410 Anti-X > Content Filter > Cache
Type a page number to go to or use the arrows to navigate the pages of entries. This is the index number of a categorized web site address record. ZyWALL USG 100/200 Series User’s Guide Chapter 31 Content Filtering... -
Page 548: Content Filter Technical Reference
ZyWALL to reflect changes in the external content filtering database. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... - Page 549 The web site’s address and category are then stored in the ZyWALL’s content filter cache. ZyWALL USG 100/200 Series User’s Guide Chapter 31 Content Filtering Section 31.7 on page...
- Page 550 Chapter 31 Content Filtering ZyWALL USG 100/200 Series User’s Guide...
-
Page 551: Content Filter Reports
Alternatively, you can also view content filtering reports during the free trial (up to 30 days). 1 Go to http://www.myZyXEL.com. 2 Fill in your myZyXEL.com account information and click Submit. Figure 412 myZyXEL.com: Login ZyWALL USG 100/200 Series User’s Guide on how to create a myZyXEL.com account, register your device... -
Page 552: Figure 413 Myzyxel.com: Welcome
552). Figure 413 myZyXEL.com: Welcome 4 In the Service Management screen click Content Filter in the Service Name field to open the Blue Coat login screen. Figure 414 myZyXEL.com: Service Management Figure 414 ZyWALL USG 100/200 Series User’s Guide... -
Page 553: Figure 415 Blue Coat: Login
Figure 416 Blue Coat Content Filter Reports Main Screen 8 Select items under Global Reports or Single User Reports to view the corresponding reports. ZyWALL USG 100/200 Series User’s Guide Chapter 32 Content Filter Reports (Figure 414 on page 552). -
Page 554: Figure 417 Blue Coat: Report Home
Run Report.The screens vary according to the report type you selected in the Report Home screen. 10 A chart and/or list of requested web site categories display in the lower half of the screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 555: Figure 418 Global Report Screen Example
Chapter 32 Content Filter Reports Figure 418 Global Report Screen Example 11 You can click a category in the Categories report or click URLs in the Report Home screen to see the URLs that were requested. ZyWALL USG 100/200 Series User’s Guide... -
Page 556: Web Site Submission
1 Log into the content filtering reports web site (see 2 In the Web Filter Home screen (see open the Web Page Review Process screen shown next. Section 32.2 on page Figure 416 on page 553), click Site Submissions to ZyWALL USG 100/200 Series User’s Guide 551). -
Page 557: Figure 420 Web Page Review Process Screen
Chapter 32 Content Filter Reports Figure 420 Web Page Review Process Screen 3 Type the web site’s URL in the field and click Submit to have the web site reviewed. ZyWALL USG 100/200 Series User’s Guide... - Page 558 Chapter 32 Content Filter Reports ZyWALL USG 100/200 Series User’s Guide...
-
Page 559: Anti-Spam
If an e-mail does not match any of the white list entries, the ZyWALL checks it against the black list entries. The ZyWALL classifies an e-mail that ZyWALL USG 100/200 Series User’s Guide Anti-Spam (Section 33.3 on page... - Page 560 ZyWALL can check the routing addresses of e-mail against DNSBLs and classify an e-mail as spam if it was sent or forwarded by a computer with an IP address in the DNSBL. Here’s how the ZyWALL uses DNSBLs. ZyWALL USG 100/200 Series User’s Guide...
-
Page 561: Before You Begin
Click Anti-X > Anti-Spam to open the Anti-Spam General screen. Use this screen to turn the anti-spam feature on or off and manage anti-spam policies. You can also select the action the ZyWALL takes when the mail sessions threshold is reached. ZyWALL USG 100/200 Series User’s Guide Not spam. IPs: a.b.c.d w.x.y.z... -
Page 562: Figure 422 Anti-X > Anti-Spam > General
The anti-spam policy has the ZyWALL scan e-mail traffic that is going to this zone from the From zone. Protocol These are the protocols of traffic to scan for spam. SMTP applies to traffic using TCP port 25. POP3 applies to traffic using TCP port 110. ZyWALL USG 100/200 Series User’s Guide... -
Page 563: The Anti-Spam Policy Add Or Edit Screen
Figure 423 Anti-X > Anti-Spam > General > Add ZyWALL USG 100/200 Series User’s Guide Chapter 33 Anti-Spam... -
Page 564: The Anti-Spam Black List Screen
Select forward with tag to add a spam tag to an POP3 spam mail’s mail subject and send it on to the destination. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide... -
Page 565: The Anti-Spam Black Or White List Add/Edit Screen
33.4.1 The Anti-Spam Black or White List Add/Edit Screen In the anti-spam Black List or White List screen, click the Add icon or an Edit icon to display the following screen. ZyWALL USG 100/200 Series User’s Guide Chapter 33 Anti-Spam... -
Page 566: Figure 425 Anti-X > Anti-Spam > Black/White List > Black List (Or White List) > Add
For example, if you want the entry to check the “Received:” header for a specific mail server’s domain, enter the mail server’s domain here. Section 33.4.2 on page 567 Section 33.4.2 on page 567 for more details. ZyWALL USG 100/200 Series User’s Guide Section 33.4.2 on page 567 for more for more details. -
Page 567: Regular Expressions In Black Or White List Entries
Enable White List Select this check box to have the ZyWALL forward e-mail that matches (an Checking active) white list entry without doing any more anti-spam checking on that individual e-mail. ZyWALL USG 100/200 Series User’s Guide Chapter 33 Anti-Spam... -
Page 568: The Dnsbl Screen
To delete an entry, click the entry’s Remove icon. The web configurator confirms that you want to delete the entry. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide Section 33.4.1 Section 33.4.1 on page 565... -
Page 569: Figure 427 Anti-X > Anti-Spam > Dnsbl
This is the IP of the last server that forwarded the mail. Actions when Query Use this section to set what the ZyWALL does if the queries to the DNSBL Timeout domains time out. ZyWALL USG 100/200 Series User’s Guide Chapter 33 Anti-Spam... -
Page 570: The Dnsbl Add/Edit Screen
To delete an entry, click the entry’s Remove icon. The web configurator confirms that you want to delete the entry. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... -
Page 571: The Anti-Spam Status Screen
These are the DNSBLs the ZyWALL uses to check sender and relay IP addresses in e-mails. Total Queries This is the total number of DNS queries the ZyWALL has sent to this DNSBL. ZyWALL USG 100/200 Series User’s Guide Chapter 33 Anti-Spam... - Page 572 No Response DESCRIPTION This is the average for how long it takes to receive a reply from this DNSBL. This is how many DNS queries the ZyWALL sent to this DNSBL without receiving a reply. ZyWALL USG 100/200 Series User’s Guide...
-
Page 573: Device Ha
Device HA Device HA (575) -
Page 575: Device Ha
Active-passive mode is recommended for general failover deployments. • The ZyWALLs must all support and be set to use the same device HA mode (either active- passive or legacy). ZyWALL USG 100/200 Series User’s Guide Device HA (Section 34.2 on page 576) to configure device HA global (Section 34.3.1 on page... -
Page 576: Before You Begin
HA mode the ZyWALL is set to use along with a summary of the monitored interfaces. for related information on these screens. for device HA background/technical information. for an example of using device HA. ZyWALL USG 100/200 Series User’s Guide... -
Page 577: Figure 431 Device Ha > General
ZyWALL can take over all of the master ZyWALL’s functions. Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide Chapter 34 Device HA... -
Page 578: The Active-Passive Mode Screen
Figure 433 Cluster IDs for Multiple Virtual Routers Monitored Interfaces in Active-Passive Mode Device HA You can select which interfaces device HA monitors. If a monitored interface on the ZyWALL loses its connection, device HA has the backup ZyWALL take over. ZyWALL USG 100/200 Series User’s Guide... -
Page 579: Configuring Active-Passive Mode Device Ha
The Device HA Active-Passive Mode screen lets you configure general active-passive mode device HA settings, view and manage the list of monitored interfaces, and synchronize backup ZyWALLs. To access this screen, click Device HA > Active-Passive Mode. ZyWALL USG 100/200 Series User’s Guide 192.168.1.1 192.168.1.5 192.168.1.1... -
Page 580: Figure 435 Device Ha > Active-Passive Mode
ZyWALLs. If you have multiple ZyWALL virtual routers on your network, use a different cluster ID for each virtual router. Section 34.4 on page 582 same virtual router (same cluster ID). ZyWALL USG 100/200 Series User’s Guide for more... - Page 581 If you leave this field blank in a backup ZyWALL, it cannot synchronize from the master ZyWALL. ZyWALL USG 100/200 Series User’s Guide Authentication Types on page 295 for more information about authentication Chapter 34 Device HA...
-
Page 582: Configuring An Active-Passive Mode Monitored Interface
IP address should be in the same subnet as the interface IP address. Subnet Mask Enter the subnet mask of the interface’s management IP address. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide... -
Page 583: The Legacy Mode Screen
The Device HA Legacy Mode screen lets you configure general legacy mode HA settings including link monitoring, configure the VRRP group and synchronize backup ZyWALLs. To access this screen, click Device HA > Legacy Mode. ZyWALL USG 100/200 Series User’s Guide Chapter 34 Device HA... -
Page 584: Figure 437 Device Ha > Legacy Mode
This is the interface’s IP address and subnet mask in the virtual router. / Netmask Management IP / This field displays the management IP address and subnet mask of an interface. Netmask Table 189 on page 586 for more ZyWALL USG 100/200 Series User’s Guide... -
Page 585: The Legacy Mode Add/Edit Screen
• You can only have one active VRRP group for each virtual router (VR ID). The Device HA Legacy Mode Add or Edit screen lets you configure a VRRP group. To access this screen, click Device HA > Legacy Mode > Add (or Edit). ZyWALL USG 100/200 Series User’s Guide Chapter 34 Device HA... -
Page 586: Figure 438 Device Ha > Legacy Mode > Add
The backup interface with the highest value takes over the role of the master interface if the master interface becomes unavailable. The priority must be between 1 and 254. (The master interface has priority 255.) same virtual router (same VR ID). ZyWALL USG 100/200 Series User’s Guide... -
Page 587: Device Ha Technical Reference
Virtual Router ID (VR ID). In the example below, ZyWALL A and ZyWALL B are part of virtual router 10 with IP address 192.168.10.254. ZyWALL USG 100/200 Series User’s Guide Authentication Types on page 295 for more information about authentication... -
Page 588: Figure 439 Example: Vrrp, Normal Operation
Synchronization During synchronization, the master ZyWALL sends the following information to the backup ZyWALL. • Startup configuration file (startup-config.conf) • AV signatures • IDP and application patrol signatures 192.168.10.112 Figure 439 on page 588). ZyWALL USG 100/200 Series User’s Guide... - Page 589 VRRP group. The backup applies the entire configuration if it is different from the backup’s current configuration. ZyWALL USG 100/200 Series User’s Guide Chapter 34 Device HA...
- Page 590 Chapter 34 Device HA ZyWALL USG 100/200 Series User’s Guide...
-
Page 591: Objects
VIII Objects User/Group (593) Addresses (607) Services (613) Schedules (619) AAA Server (625) Authentication Method (635) Certificates (639) SSL Application (657) -
Page 593: User/Group
Perform basic diagnostics (CLI) Access Users User Access network services Browse user-mode commands (CLI) ZyWALL USG 100/200 Series User’s Guide User/Group Section 35.2 on page 595) provides a summary of all user accounts. Section 35.3 on page 598) provides a summary of all user groups. - Page 594 ABILITIES Access network services External User Account Chapter 39 on page 625 Chapter 40 on page ZyWALL USG 100/200 Series User’s Guide LOGIN METHOD(S) for more 635, respectively.) for a list of attributes and...
-
Page 595: User Summary Screen
The User screen provides a summary of all user accounts. To access this screen, login to the web configurator, and click Object > User/Group. ZyWALL USG 100/200 Series User’s Guide Section 35.4.2 on page 603 for related information on these screens. -
Page 596: User Add/Edit Screen
• Reserved user names are listed in the following table. Table 192 Reserved User Names • • debug • ldap-users • admin • • devicehaecived • • • mail ZyWALL USG 100/200 Series User’s Guide • • daemon • games • halt • news • nobody... -
Page 597: Figure 442 User/Group > User > Edit
Renew button on their screen. If you allow access users to renew time automatically (see on their screen as well. In this case, the session is automatically renewed before the lease time expires. ZyWALL USG 100/200 Series User’s Guide radius-users • root •... -
Page 598: User Group Summary Screen
The Group Add/Edit screen allows you to create a new user group or edit an existing one. To access this screen, go to the Group screen (see Add icon or an Edit icon. Section 35.3.1 on page 598 Section 35.3 on page 598), and click either the ZyWALL USG 100/200 Series User’s Guide... -
Page 599: Setting Screen
ZyWALL before it routes traffic for them. To access this screen, login to the web configurator, and click Object > User/Group > Setting. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a number. This Chapter 35 User/Group... -
Page 600: Figure 445 Object > User/Group > Setting
Select this check box if you want to set a limit on the number of simultaneous logins by non-admin users. If you do not select this, access users can login as many times as they want as long as they use different IP addresses. ZyWALL USG 100/200 Series User’s Guide... - Page 601 Total Policy Policy per page Page x of x Schedule ZyWALL USG 100/200 Series User’s Guide DESCRIPTION This field is effective when Limit ... for access account is checked. Type the maximum number of simultaneous logins by each access user.
-
Page 602: Force User Authentication Policy Add/Edit Screen
To activate or deactivate a condition, click the Active icon next to the condition. Make sure you click Apply to save and apply the change. Click Apply to save the changes. Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide... -
Page 603: User Aware Login Example
Instead, when access users log in to the ZyWALL (forced in the screen as shown in on page 600 or otherwise), the following screen appears. Figure 447 Web Configurator for Non-Admin Users ZyWALL USG 100/200 Series User’s Guide Chapter 35 User/Group Chapter 38 on page 619 for details). -
Page 604: User /Group Technical Reference
CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR User Type. Possible Values: admin, limited-admin, user, guest. Lease Time. Possible Values: 1-1440 (minutes). Reauthentication Time. Possible Values: 1-1440 (minutes). ZyWALL USG 100/200 Series User’s Guide Section 35.2.1 on page 596) Section 35.4 on page 599) 599.) Access users can... - Page 605 Extract the user names from the LDAP or RADIUS server, and create a shell script that creates the user accounts. See Chapter 44 on page 705 for more information about shell scripts. ZyWALL USG 100/200 Series User’s Guide...
- Page 606 Chapter 35 User/Group ZyWALL USG 100/200 Series User’s Guide...
-
Page 607: Addresses
The Address screen provides a summary of all addresses in the ZyWALL. To access this screen, click Object > Address > Address. ZyWALL USG 100/200 Series User’s Guide Addresses (Section 36.2 on page 607) provides a summary of all addresses in (Section 36.3 on page... -
Page 608: Address Add/Edit Screen
Address screen (see the Add icon or an Edit icon. Figure 451 Object > Address > Address > Edit Section 36.2.1 on page 608 Section 36.2 on page 607), and click either ZyWALL USG 100/200 Series User’s Guide... -
Page 609: Address Group Summary Screen
Object > Address > Address Group. Figure 452 Object > Address > Address Group ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a based on an interface’s IP address, subnet, or gateway if the interface’s IP address settings change. -
Page 610: Address Group Add/Edit Screen
This field displays the description of each address group, if any. You can use up to 60 characters, punctuation marks, and spaces. Section 36.3.1 on page 610 ), or dashes (-), but the first character cannot be a number. This ZyWALL USG 100/200 Series User’s Guide Section 36.3 on page... - Page 611 The order of members is not important. To remove members, select them and click the left arrow. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide Chapter 36 Addresses...
- Page 612 Chapter 36 Addresses ZyWALL USG 100/200 Series User’s Guide...
-
Page 613: Services
Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. ZyWALL USG 100/200 Series User’s Guide (Section 37.2 on page 614) to view and configure the ZyWALL’s (Section 37.2 on page... -
Page 614: The Service Summary Screen
To access this screen, log in to the web configurator, and click Object > Service > Service. Figure 454 Object > Service > Service for related information on these screens. for a list of commonly-used services. ZyWALL USG 100/200 Series User’s Guide... -
Page 615: The Service Add/Edit Screen
If you fill in one of these fields, the service uses that port. If Ending Port you fill in both fields, the service uses the range of ports. ZyWALL USG 100/200 Series User’s Guide Chapter 37 Services Section 37.2 on page... -
Page 616: The Service Group Summary Screen
Group Add/Edit screen appears. To delete a service group, click on the Remove icon next to the service group. The web configurator confirms that you want to delete the service group. Section 37.3.1 on page 617 ZyWALL USG 100/200 Series User’s Guide... -
Page 617: The Service Group Add/Edit Screen
Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide ), or dashes (-), but the first character cannot be a number. This Chapter 37 Services... - Page 618 Chapter 37 Services ZyWALL USG 100/200 Series User’s Guide...
-
Page 619: Schedules
Finding Out More • See Section 5.5 on page 121 • See Section 43.3 on page 666 ZyWALL USG 100/200 Series User’s Guide Schedules (Section 38.2 on page 620) to see a list of all schedules (Section 38.2.1 on page (Section 38.2.2 on page... -
Page 620: The Schedule Summary Screen
To delete a schedule, click the Remove icon next to the schedule. The web configurator confirms that you want to delete the schedule before doing so. Section 38.2.1 on page 621 for more information as well. ZyWALL USG 100/200 Series User’s Guide... -
Page 621: The One-Time Schedule Add/Edit Screen
Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide Chapter 38 Schedules Section 38.2 on page ), or dashes (-), but the first character... -
Page 622: The Recurring Schedule Add/Edit Screen
The Hour and Minute fields are both required. To set all day (24 hours), configure the stop hour to 23 and minute to 59. Weekly Section 38.2 on page ), or dashes (-), but the first character ZyWALL USG 100/200 Series User’s Guide... - Page 623 Select each day of the week the recurring schedule is effective. Click OK to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide Chapter 38 Schedules...
- Page 624 Chapter 38 Schedules ZyWALL USG 100/200 Series User’s Guide...
-
Page 625: Aaa Server
In essence, RADIUS authentication allows you to validate a large number of users from a central location. ZyWALL USG 100/200 Series User’s Guide AAA Server Chapter 40 on page... -
Page 626: Asas
You create and store user profile and login information on the external server. • RADIUS (Section 39.2.1 on (Section 39.4 on page 631) to configure ZyWALL USG 100/200 Series User’s Guide... -
Page 627: Active Directory Or Ldap Default Server Screen
A base DN specifies a directory. A base DN usually contains information such as the name of an organization, a domain name and/or country. For example, o=MyCompany, c=UK where o means organization and c means country. ZyWALL USG 100/200 Series User’s Guide for an example of how to set up user authentication using a Sprint... -
Page 628: Configuring Active Directory Or Ldap Default Server Settings
AD or LDAP server. In this case, user authentication fails. The search timeout occurs when either the user information is not in the LDAP server or the server is down. ZyWALL USG 100/200 Series User’s Guide zywallAdmin as the user name. -
Page 629: Active Directory Or Ldap Group Summary Screen
Click Object > AAA Server > Active Directory (or LDAP) > Group to display the Active Directory (or LDAP) > Group screen. Click the Add icon or an Edit icon to display the configuration fields. ZyWALL USG 100/200 Series User’s Guide Chapter 39 AAA Server... -
Page 630: Figure 466 Object > Aaa Server > Active Directory (Or Ldap) > Group > Add
Specify the URI (Uniform Resource Identifier) of an AD or LDAP server. You can enter the IP address (in dotted decimal notation) or the fully qualified domain name (FQDN; up to 63 alphanumerical characters) of the AD or LDAP server. ZyWALL USG 100/200 Series User’s Guide o=ZyXEL, c=US as the user name. -
Page 631: Configuring A Default Radius Server
Search timeout occurs when either the user information is not in the RADIUS server or the RADIUS server is down. Apply Click Apply to save the changes. Reset Click Reset to start configuring this screen again. ZyWALL USG 100/200 Series User’s Guide Chapter 39 AAA Server... -
Page 632: Configuring A Group Of Radius Servers
Click Object > AAA Server > RADIUS > Group to display the RADIUS > Group screen. Click the Add icon or an Edit icon to display the configuration fields. Figure 469 Object > AAA Server > RADIUS > Group > Add ZyWALL USG 100/200 Series User’s Guide... -
Page 633: Table 216 Object > Aaa Server > Radius > Group > Add
Click Add to add a new RADIUS server. You can add up to four RADIUS member servers. Click Delete to remove a RADIUS server. Click OK to save the changes. Cancel Click Cancel to discard the changes. ZyWALL USG 100/200 Series User’s Guide Chapter 39 AAA Server... - Page 634 Chapter 39 AAA Server ZyWALL USG 100/200 Series User’s Guide...
-
Page 635: Authentication Method
3 Select Server Mode and select an authentication method object from the drop-down list box. 4 Click OK to save the settings. ZyWALL USG 100/200 Series User’s Guide (Section 40.2 on page 636) to view authentication (Section 40.3 on page... -
Page 636: Viewing Authentication Method Objects
Method List This field displays the authentication method(s) for this entry. Add icon Click Add to add a new entry. Click Edit to edit the settings of an entry. Click Delete to remove an entry. ZyWALL USG 100/200 Series User’s Guide... -
Page 637: Creating An Authentication Method Object
You can NOT select two server objects of the same type. 7 Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. Figure 472 Object > Auth. Method > Add ZyWALL USG 100/200 Series User’s Guide Chapter 40 Authentication Method... -
Page 638: Table 218 Object > Auth. Method > Add
Click Edit to edit the settings of an entry. Click Delete to delete an entry. Click OK to save the changes. Cancel Click Cancel to discard the changes. Chapter 39 on page 625 for more information). ZyWALL USG 100/200 Series User’s Guide... -
Page 639: Certificates
4 Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the ZyWALL USG 100/200 Series User’s Guide Certificates Section 41.2 on page 642... - Page 640 A PKCS #7 file is used to transfer a public key certificate. The private key is not included. The ZyWALL currently allows the importation of a PKS#7 file that contains a single certificate. ZyWALL USG 100/200 Series User’s Guide...
-
Page 641: Verifying A Certificate
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. ZyWALL USG 100/200 Series User’s Guide for related information on these screens. for certificate background information. -
Page 642: The My Certificates Screen
When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates. This field displays the certificate index number. The certificates are listed in alphabetical order. ZyWALL USG 100/200 Series User’s Guide... -
Page 643: The My Certificates Add Screen
Click Object > Certificate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the ZyWALL create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates... -
Page 644: Figure 476 Object > Certificate > My Certificates > Add
@ symbol, periods and the underscore. Identify the organizational unit or department to which the certificate owner belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore. ZyWALL USG 100/200 Series User’s Guide... - Page 645 Enrollment Protocol CA Server Address CA Certificate ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Identify the company or group to which the certificate owner belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore.
-
Page 646: The My Certificates Edit Screen
For the reference number, use 0 to 99999999. For the key, use up to 31 of the following characters. a-zA-Z0- 9;|`~!@#$%^&*()_+\{}':,./<>=- Click OK to begin certificate or certification request generation. Click Cancel to quit and return to the My Certificates screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 647: Figure 477 Object > Certificate > My Certificates > Edit
“Not trusted” in this field if any certificate on the path has expired or been revoked. Refresh Click Refresh to display the certification path. Certificate These read-only fields display detailed information about the certificate. Information ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates... - Page 648 You can copy and paste a certificate into an e-mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). ZyWALL USG 100/200 Series User’s Guide...
-
Page 649: The My Certificates Import Screen
The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces from the certificate’s filename before you can import it. Figure 478 Object > Certificate > My Certificates > Import ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates... -
Page 650: The Trusted Certificates Screen
With self-signed certificates, this is the same information as in the Subject field. This field displays the date that the certificate becomes applicable. ZyWALL USG 100/200 Series User’s Guide... -
Page 651: The Trusted Certificates Edit Screen
ZyWALL to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates... -
Page 652: Figure 480 Object > Certificate > Trusted Certificates > Edit
(along with the end entity’s own certificate). The ZyWALL does not trust the end entity’s certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked. ZyWALL USG 100/200 Series User’s Guide... - Page 653 Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm). ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates...
-
Page 654: The Trusted Certificates Import Screen
Save. Click OK to save your changes back to the ZyWALL. You can only change the name. Click Cancel to quit and return to the Trusted Certificates screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 655: Certificates Technical Reference
ZyWALL only gets information on the certificates that it needs to verify, not a huge list. When the ZyWALL requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown” response. ZyWALL USG 100/200 Series User’s Guide Chapter 41 Certificates... - Page 656 Chapter 41 Certificates ZyWALL USG 100/200 Series User’s Guide...
-
Page 657: Ssl Application
42.1.3 Example: Specifying a Web Site for Access This example shows you how to create a web-based application for an internal web site. The address of the web site is http://info with web page encryption. ZyWALL USG 100/200 Series User’s Guide SSL Application (Section 42.2 on page 658) to view the ZyWALL’s... -
Page 658: The Ssl Application Screen
To add an object, click the Add icon at the top of the column. To edit an object, click the Edit icon next to the object. To delete an object, click the Remove icon next to the object. ZyWALL USG 100/200 Series User’s Guide... -
Page 659: Creating/Editing A Web-Based Ssl Application Object
If a link contains a file that is not within this domain, then remote users cannot access Preview Click Preview to access the URL you specified in a new IE web browser. ZyWALL USG 100/200 Series User’s Guide when you click Apply. The ZyWALL will also automatically delete the space(s). -
Page 660: Creating/Editing A File Sharing Ssl Application Object
Select File Sharing to create a file share application for VPN SSL. File Sharing Name Enter a descriptive name to identify this object. You can enter up to 31 characters (“0- 9”, “a-z”, “A-Z”, “-” and “_”). ZyWALL USG 100/200 Series User’s Guide... - Page 661 Click Cancel to discard the changes and return to the main SSL Application Configuration screen. You must then configure the shared folder on the file server for remote access. Refer to the document that comes with your file server. ZyWALL USG 100/200 Series User’s Guide Chapter 42 SSL Application...
- Page 662 Chapter 42 SSL Application ZyWALL USG 100/200 Series User’s Guide...
-
Page 663: System
System System (665) -
Page 665: System
• Connect an external serial modem to the AUX port to provide a management connection in case the ZyWALL’s other WAN connections are down. Use the System > Dial-in Mgmt. screen (Figure 524 on page ZyWALL USG 100/200 Series User’s Guide System (Figure 486 on page 666) to configure a unique... -
Page 666: Host Name
ZyWALL get the date and time from a time server. (Figure 525 on page 701) to allow your ZyWALL to be managed (Figure 526 on page 702) to set a language for the ZyWALL USG 100/200 Series User’s Guide... -
Page 667: Figure 487 System > Date And Time
Enter the IP address or URL of your time server. Check with your ISP/network Address administrator if you are unsure of this information. ZyWALL USG 100/200 Series User’s Guide When the ZyWALL starts up. When you click Apply or Synchronize Now in this screen. -
Page 668: Pre-Defined Ntp Time Servers List
For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... -
Page 669: Time Server Synchronization
4 As an option you can select the Enable Daylight Saving check box to adjust the ZyWALL clock for daylight savings. 5 Under Time and Date Setup, enter a Time Server Address 6 Click Apply. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System (Table 231 on page 669). -
Page 670: Console Port Speed
NOT the Console in the ZyWALL web configurator Status screen. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide Table 2 on page 55 for default... -
Page 671: Configuring The Dns Screen
The ZyWALL uses this default record if the domain zone that needs to be resolved does not match any of the other domain zone forwarder records. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System Table 234 on page 674... - Page 672 This is the object name of the IP address(es) with which the computer is allowed or denied to send DNS queries. Table 235 on page 675 Table 236 on page 675 for information on the fields. ZyWALL USG 100/200 Series User’s Guide for information on...
-
Page 673: Address Record
43.5.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/PTR record. Figure 491 System > DNS > Address/PTR Record Edit ZyWALL USG 100/200 Series User’s Guide Table 237 on page 676 for information on the fields. -
Page 674: Domain Zone Forwarder
Underscores are not allowed. Enter the IP address of the host in dotted decimal notation. Click OK to save your customized settings and exit this screen. Click Cancel to exit this screen without saving ZyWALL USG 100/200 Series User’s Guide... -
Page 675: Mx Record
Enter the domain name where the mail is destined for. IP Address/FQDN Enter the IP address or fully qualified domain name of a mail server that handles the mail for the domain specified in the field above. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 676: Adding A Dns Service Control Rule
WAN. HTTPS and SSH access are secure. HTTP, Telnet, and dial-in management access are not secure. DESCRIPTION Click OK to save your customized settings and exit this screen. Click Cancel to exit this screen without saving ZyWALL USG 100/200 Series User’s Guide... -
Page 677: Service Access Limitations
Each user is also forced to log in the ZyWALL for authentication again when the reauthentication time expires. You can change the timeout settings in the User/Group screens. ZyWALL USG 100/200 Series User’s Guide for related information on these screens. for more on To-ZyWALL firewall rules. -
Page 678: Https
2 HTTP connection requests from a web browser go to port 80 (by default) on the ZyWALL’s web server. Figure 496 HTTP/HTTPS Implementation If you disable HTTP in the WWW screen, then the ZyWALL blocks all HTTP connection attempts. Chapter 41 on page 639 ZyWALL USG 100/200 Series User’s Guide for more... -
Page 679: Configuring Www
Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ZyWALL web configurator using secure HTTPs connections. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... - Page 680 ZyWALL (to log into SSL VPN for example). You can also specify the IP addresses from which the users can access the ZyWALL. Section 43.6.6.5 on page 684 Table 239 on page 682 for information on the fields. ZyWALL USG 100/200 Series User’s Guide on importing...
-
Page 681: Service Control Rules
Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service control rule. Figure 498 System > Service Control Rule Edit ZyWALL USG 100/200 Series User’s Guide Table 239 on page 682 for information on the fields. -
Page 682: Https Example
You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 499 Security Alert Dialog Box (Internet Explorer) ZyWALL USG 100/200 Series User’s Guide... -
Page 683: Figure 500 Security Certificate 1 (Netscape)
• The issuing certificate authority of the ZyWALL’s HTTPS server certificate is not one of the browser’s trusted certificate authorities. The issuing certificate authority of the ZyWALL's factory default certificate is the ZyWALL itself since the certificate is a self- signed certificate. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 684: Figure 502 Login Screen (Internet Explorer)
ZyWALL’s Trusted CA web configurator screen). Figure 503 ZyWALL Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). 825for details. ZyWALL USG 100/200 Series User’s Guide... -
Page 685: Figure 504 Ca Certificate Example
Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 686: Figure 505 Personal Certificate Import Wizard 1
2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 506 Personal Certificate Import Wizard 2 3 Enter the password given to you by the CA. ZyWALL USG 100/200 Series User’s Guide... -
Page 687: Figure 507 Personal Certificate Import Wizard 3
Place all certificates in the following store and choose a different location. Figure 508 Personal Certificate Import Wizard 4 5 Click Finish to complete the wizard and begin the import process. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 688: Figure 509 Personal Certificate Import Wizard 5
2 When Authenticate Client Certificates is selected on the ZyWALL, the following screen asks you to select a personal certificate to send to the ZyWALL. This screen displays even if you only have a single certificate as in the example. ZyWALL USG 100/200 Series User’s Guide... -
Page 689: Ssh
In the following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the ZyWALL for a management session. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 690: How Ssh Works
After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. ZyWALL USG 100/200 Series User’s Guide... -
Page 691: Ssh Implementation On The Zywall
Select the certificate whose corresponding private key is to be used to identify the Certificate ZyWALL for SSH connections. You must have certificates already configured in the My Certificates screen (Click My Certificates and see details). ZyWALL USG 100/200 Series User’s Guide Chapter 43 System Chapter 41 on page 639... -
Page 692: Secure Telnet Using Ssh Examples
3 A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 517 SSH Example 1: Store Host Key Enter the password to log in to the ZyWALL. The CLI screen displays next. Table 239 on page 682 for information on the fields. ZyWALL USG 100/200 Series User’s Guide... -
Page 693: Telnet
Click System > TELNET to configure your ZyWALL for remote Telnet access. Use this screen to specify from which zones Telnet can be used to manage the ZyWALL. You can also specify from which IP addresses the access can come. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 694: Ftp
FTP client. Please see for more information about firmware and configuration files. Table 239 on page 682 for information on the fields. ZyWALL USG 100/200 Series User’s Guide Chapter 44 on page 705... -
Page 695: Configuring Ftp
Action This displays whether the computer with the IP address specified above can access the ZyWALL zone(s) configured in the Zone field (Accept) or not (Deny). ZyWALL USG 100/200 Series User’s Guide Chapter 43 System Chapter 41 on page 639... -
Page 696: Snmp
SNMP management operation. Figure 522 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. Table 239 on page 682 for information on the fields. ZyWALL USG 100/200 Series User’s Guide... -
Page 697: Supported Mibs
Table 243 SNMP Traps OBJECT LABEL Cold Start linkDown linkUp authenticationFailure ZyWALL USG 100/200 Series User’s Guide OBJECT ID DESCRIPTION 1.3.6.1.6.3.1.1.5.1 This trap is sent when the ZyWALL is turned on or an agent restarts. 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. -
Page 698: Configuring Snmp
This is the object name of the IP address(es) with which the computer is allowed or denied to access. Action This displays whether the computer with the IP address specified above can access the ZyWALL zone(s) configured in the Zone field (Accept) or not (Deny). ZyWALL USG 100/200 Series User’s Guide... -
Page 699: Dial-In Management
43.11.1 Configuring Dial-in Mgmt Click System > Dial-in Mgmt to display the following screen. Configure this screen for dial- in management connections. ZyWALL USG 100/200 Series User’s Guide Table 239 on page 682 for information on the fields. Chapter 43 System... -
Page 700: Vantage Cnm
Note: Consult the manual of your external serial modem connected to your ZyWALL’s auxiliary port for specific AT commands. Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... -
Page 701: Figure 525 System > Vantage Cnm
Vantage CNM server’s certificate. In order to do this you need to import the Vantage CNM server’s public key (certificate) into the ZyWALL’s trusted certificates. Vantage Select the Vantage CNM server’s certificate. This applies when you enable HTTPS Certificate authentication. ZyWALL USG 100/200 Series User’s Guide Chapter 43 System... -
Page 702: Language Screen
Click Apply to save your changes back to the ZyWALL. Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide... -
Page 703: Maintenance, Troubleshooting, & Specifications
Maintenance, Troubleshooting, & Specifications File Manager (705) Logs (715) Reports (727) Diagnostics (741) Reboot (743) Troubleshooting (745) Product Specifications (749) -
Page 705: File Manager
When you run a shell script, the ZyWALL only applies the commands that it contains. Other settings do not change. ZyWALL USG 100/200 Series User’s Guide File Manager Section 44.2 on page 707) to store and name Section 44.3 on page... -
Page 706: Figure 527 Configuration File / Shell Script: Example
“!” to have the ZyWALL exit sub command mode. Shell Scripts (.zysh) • Goes into CLI Privilege mode. • Runs the commands in the shell script. Figure 527 on page 706 as a shell script because the first ZyWALL USG 100/200 Series User’s Guide... -
Page 707: The Configuration File Screen
Use the Configuration File screen to store, run, and name configuration files. You can also download configuration files from the ZyWALL to your computer and upload configuration files from your computer to the ZyWALL. ZyWALL USG 100/200 Series User’s Guide Chapter 44 File Manager setenv stop-... -
Page 708: Figure 528 Maintenance > File Manager > Configuration File
Figure 528 Maintenance > File Manager > Configuration File Do not turn off the ZyWALL while configuration file upload is in progress. command. The ZyWALL ignores any errors in the ZyWALL USG 100/200 Series User’s Guide setenv-... -
Page 709: Figure 529 Maintenance > File Manager > Configuration File > Copy
The ZyWALL does not have to restart in order to use a different configuration file, although you will need to wait for a few minutes while the system reconfigures. ZyWALL USG 100/200 Series User’s Guide Chapter 44 File Manager... -
Page 710: The Firmware Package Screen
See the CLI Reference Guide for how to determine if you need to recover the firmware and how to recover it. Find the firmware package at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, “zywall.bin”. ZyWALL USG 100/200 Series User’s Guide... -
Page 711: Figure 531 Maintenance > File Manager > Firmware Package
After you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyWALL again. Figure 532 Firmware Upload In Process ZyWALL USG 100/200 Series User’s Guide Chapter 44 File Manager Section 28.2.1 on page 473 for more on the anti-virus... -
Page 712: The Shell Script Screen
ZyWALL restarts. You write could use multiple Figure 535 Maintenance > File Manager > Shell Script commands in your scripts. If you do not use the write commands in a long script. write ZyWALL USG 100/200 Series User’s Guide... -
Page 713: Figure 536 Maintenance > File Manager > Shell Script > Copy
ZyWALL. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. ZyWALL USG 100/200 Series User’s Guide Chapter 44 File Manager... - Page 714 Table 251 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. ZyWALL USG 100/200 Series User’s Guide...
-
Page 715: Logs
You can also look at the debugging log by selecting Debug Log. All debugging messages have the same priority. To access this screen, click Maintenance > View Log. The log is displayed in the following screen. ZyWALL USG 100/200 Series User’s Guide Logs Appendix A DESCRIPTION 1024 (Section 45.3 on page... -
Page 716: Figure 538 Maintenance > Log > View Log
If a match is found in any field, the log message is displayed. You can use up to 63 alphanumeric characters and the underscore, as well as punctuation marks ()’ ,:;?! +-*/= #$% @ ; the period, double quotes, and brackets are not allowed. Section 45.4.2 on page 719 for more information ZyWALL USG 100/200 Series User’s Guide... -
Page 717: Log Setting Screens
For alerts, the Log Settings tab controls which events generate alerts and where alerts are e- mailed. ZyWALL USG 100/200 Series User’s Guide Chapter 45 Logs Table 255 on page 721) and multiple entries... -
Page 718: Log Setting Summary
To activate or deactivate a log, click the Active icon. Make sure you click Apply to save and apply the change. To edit the settings, click the Edit icon next to the associated log. The Log Settings Edit screen appears. for more information. ZyWALL USG 100/200 Series User’s Guide Section 45.4.2 on... -
Page 719: Edit System Log Settings
The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see 45.4.1 on page 718), and click the system log Edit icon. ZyWALL USG 100/200 Series User’s Guide Chapter 45 Logs Section... -
Page 720: Figure 540 Maintenance > Log > Log Setting > Edit (System Log)
Chapter 45 Logs Figure 540 Maintenance > Log > Log Setting > Edit (System Log) ZyWALL USG 100/200 Series User’s Guide... -
Page 721: Table 255 Maintenance > Log > Log Setting > Edit (System Log)
(green checkmark) and/or in alerts (yellow exclamation point) for the e- mail settings specified in E-Mail Server 2. The ZyWALL does not e-mail debugging information, even if it is recorded in the System log. Log Consolidation ZyWALL USG 100/200 Series User’s Guide Chapter 45 Logs... -
Page 722: Edit Remote Server Log Settings
Message field. Click this to save your changes and return to the previous screen. Click this to return to the previous screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide Section 45.4.1 on page 718), and click... -
Page 723: Figure 541 Maintenance > Log > Log Setting > Edit (Remote Server)
Chapter 45 Logs Figure 541 Maintenance > Log > Log Setting > Edit (Remote Server) ZyWALL USG 100/200 Series User’s Guide... -
Page 724: Active Log Summary Screen
(for example, where and how often log information is e-mailed or remote server names).To access this screen, go to the Log Settings Summary screen (see Section 45.4.1 on page 718), and click the Active Log Summary button. ZyWALL USG 100/200 Series User’s Guide... -
Page 725: Figure 542 Active Log Summary
Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. ZyWALL USG 100/200 Series User’s Guide Chapter 45 Logs Section 45.4.2 on page... - Page 726 If you check one of the check boxes for All Logs, it affects the settings for every category. Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. ZyWALL USG 100/200 Series User’s Guide...
-
Page 727: Reports
You use the Traffic Statistics screen to tell the ZyWALL when to start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. ZyWALL USG 100/200 Series User’s Guide Section 46.2 on page 727) to start or stop data Section 46.3 on page... -
Page 728: Figure 543 Maintenance > Report > Traffic Statistics
Web Site Hits - displays the most-visited Web sites and how many times each one has been visited. Each type of report has different information in the report (below). Refresh Click this button to update the report display. Table 259 on page ZyWALL USG 100/200 Series User’s Guide... - Page 729 HTTP GET packets. Many Web sites have HTTP GET references to other Web sites, and the ZyWALL counts these as hits too. The count starts over at zero if the number of hits passes the hit count limit. See ZyWALL USG 100/200 Series User’s Guide Table 259 on page 730.
-
Page 730: The Session Screen
To access this screen, login to the web configurator. When the main screen appears, click Maintenance > Report > Session. The following screen appears. bytes; this is just less than 17 million terabytes. hits; this is over 1.8 x 10 hits. ZyWALL USG 100/200 Series User’s Guide... -
Page 731: Figure 544 Maintenance > Report > Session
Select the number of active sessions displayed on each page. You can use the page arrow keys on the right to change pages. ZyWALL USG 100/200 Series User’s Guide Chapter 46 Reports Chapter 37 on page 613 for more... -
Page 732: The Anti-Virus Report Screen
Click Reset to begin configuring this screen afresh. Refresh Click this button to update the report display. Flush Data Click this button to discard all of the screen’s statistics and update the report display. ZyWALL USG 100/200 Series User’s Guide... -
Page 733: The Idp Report Screen
Figure 547 Maintenance > Report > Anti-Virus: Destination 46.5 The IDP Report Screen Click Maintenance > Report > IDP to display the following screen. This screen displays IDP (Intrusion Detection and Prevention) statistics. ZyWALL USG 100/200 Series User’s Guide Chapter 46 Reports... -
Page 734: Figure 548 Maintenance > Report > Idp: Signature Name
Click the hyperlink for more detailed information on the intrusion. Type This column displays when you display the entries by Signature Name. It shows the categories of intrusions. See Table 157 on page 493 for more information. ZyWALL USG 100/200 Series User’s Guide... -
Page 735: The Anti-Spam Report Screen
Figure 550 Maintenance > Report > IDP: Destination 46.6 The Anti-Spam Report Screen Click Maintenance > Report > Anti-Spam to display the following screen. This screen displays spam statistics. ZyWALL USG 100/200 Series User’s Guide Chapter 46 Reports Table 156 on page 492 for more... -
Page 736: Figure 551 Maintenance > Report > Anti-Spam: Sender Ip
DNSBLs that the ZyWALL uses. DSNBL Timeout This is how many queries that were sent to the ZyWALL’s configured list of DNSBL domains and did not receive a response in time. ZyWALL USG 100/200 Series User’s Guide... -
Page 737: The Email Daily Report Screen
46.7 The Email Daily Report Screen Click Maintenance > Report > Email Daily Report to display the following screen. Configure this screen to have the ZyWALL e-mail you system statistics every day. ZyWALL USG 100/200 Series User’s Guide Chapter 46 Reports... -
Page 738: Figure 552 Maintenance > Report > Email Daily Report
Select this check box if it is necessary to provide a user name and password to the Authentication SMTP server. User Name This box is effective when you select the SMTP Authentication check box. Type the user name to provide to the SMTP server when the log is e-mailed. ZyWALL USG 100/200 Series User’s Guide... - Page 739 Click this to discard all report data and start all of the counters over at zero. Counters Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. ZyWALL USG 100/200 Series User’s Guide Chapter 46 Reports...
- Page 740 Chapter 46 Reports ZyWALL USG 100/200 Series User’s Guide...
-
Page 741: Diagnostics
Last modified Size Collect Now Download ZyWALL USG 100/200 Series User’s Guide Diagnostics DESCRIPTION This is the name of the most recently created diagnostic file. This is the date and time that the last diagnostic file was created. The format is yyyy-mm-dd hh:mm:ss. - Page 742 Chapter 47 Diagnostics ZyWALL USG 100/200 Series User’s Guide...
-
Page 743: Reboot
If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command ZyWALL USG 100/200 Series User’s Guide Section 49.1 on page 748) reset returns the device to its to restart the ZyWALL. - Page 744 Chapter 48 Reboot ZyWALL USG 100/200 Series User’s Guide...
-
Page 745: Troubleshooting
• If you set up a VPN tunnel across the Internet, make sure your ISP supports AH or ESP (whichever you are using). ZyWALL USG 100/200 Series User’s Guide Troubleshooting Chapter 20 on page 351. - Page 746 Destroy compressed files that could not be decompressed option while you download the firmware package. See virus Destroy compressed files that could not be decompressed option. for examples. Section 28.2.1 on page 473 ZyWALL USG 100/200 Series User’s Guide for more on the anti-...
- Page 747 APN and dial plan if you had to enter them). 7 Make sure your ZyWALL is within the transmission range of the cellular base station. ZyWALL USG 100/200 Series User’s Guide for descriptions of the different statuses. Table 301 on page 805...
-
Page 748: Resetting The Zywall
3 Release the RESET button, and wait for the ZyWALL to restart. You should be able to access the ZyWALL using the default settings. 49.2 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. Chapter 48 on ZyWALL USG 100/200 Series User’s Guide... -
Page 749: Product Specifications
Extension Card Slot Compatible PCMCIA Cards Power Requirements Operating Environment Storage Environment MTBF Dimensions Weight ZyWALL USG 100/200 Series User’s Guide SPECIFICATION 192.168.1.1 255.255.255.0 (24 bits) 1234 SPECIFICATION Number of Ethernet interfaces: 7 All Ethernet interfaces are Gigabit Ethernet, full duplex RJ-45... -
Page 750: Table 268 Feature Specifications
512 up to 8 per PR rule up to 8 per PR rule up to interface limit 1,400 1000 ZyWALL USG 100/200 Series User’s Guide USG 100 4 per interface 20,000 up to 256 up to interface limit... - Page 751 Maximum Number of DHCP Network Pools Maximum DHCP Host Pool Maximum Number of DDNS Profiles DHCP Relay CENTRALIZED LOG Log Entries Debug Log Entries ZyWALL USG 100/200 Series User’s Guide Chapter 50 Product Specifications USG 200 USG 100 128 K 64 K 16 per service...
- Page 752 128 per profile 128 per profile 128 per profile 128 per profile 128 per profile 128 per profile 2048 1024 50 ZIP files 30 ZIP files 8 RAR-LZSS or 1 4 RAR-LZSS or 1 RAR-PPM RAR-PPM ZyWALL USG 100/200 Series User’s Guide...
-
Page 753: Table 269 Standards Referenced By Features
Used by SSH service Used by Time service Used by Telnet service Used by SIP ALG DHCP relay ZySH ZyWALL USG 100/200 Series User’s Guide Chapter 50 Product Specifications USG 200 USG 100 2 without a license 2 without a license... -
Page 754: Or Wlan Pcmcia Card Installation
Figure 555 WLAN Card Installation 50.3 Power Adaptor Specifications Table 270 North American Plug Standards AC POWER ADAPTOR MODEL INPUT POWER OUTPUT POWER STANDARDS REFERENCED RFC 791 RFC 793 PSA18R-120P (ZA)-R 100-240VAC, 50/60HZ, 0.5A 12VDC, 3.5A ZyWALL USG 100/200 Series User’s Guide... -
Page 755: Table 271 European Plug Standards
Table 275 China Plug Standards AC POWER ADAPTOR MODEL INPUT POWER OUTPUT POWER POWER CONSUMPTION SAFETY STANDARDS ZyWALL USG 100/200 Series User’s Guide Chapter 50 Product Specifications 20 W MAX. UL, CUL (UL 60950-1 FIRST EDITIONCSA C22.2 NO. 60950-1-03 1ST.) PSA18R-120P (ZE)-R 100-240VAC, 50/60HZ, 0.5A... - Page 756 Chapter 50 Product Specifications ZyWALL USG 100/200 Series User’s Guide...
-
Page 757: Appendices And Index
Appendices and Index Common Services (815) Displaying Anti-Virus Alert Messages in Windows (819) Open Software Announcements (845) Legal Information (873) Customer Support (877) Index (883) -
Page 759: Appendix A Log Descriptions
%s: Service is not registered Table 278 Blocked Web Site Logs LOG MESSAGE %s :%s %s: Unrated ZyWALL USG 100/200 Series User’s Guide Log Descriptions DESCRIPTION An administrator turned the content filter on. An administrator turned the content filter off. DESCRIPTION The device allowed access to a web site in a trusted domain. -
Page 760: Table 279 Anti-Spam Logs
%s: website host DESCRIPTION The anti-spam feature has been turned on. The anti-spam feature has been turned off. The anti-spam policy with the specified index number (%d) has been changed. ZyWALL USG 100/200 Series User’s Guide... - Page 761 DNSBL domain %s has been added. DNSBL domain %s has been modified to %s. ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions DESCRIPTION The anti-spam policy with the specified index number (%d) has been added into the list.
-
Page 762: Table 280 Ssl Vpn Logs
The listed address object (first %s) is not an allowed IP for the listed SSL policy (second %s). There are no more assignable IP addresses in the listed address object (first %s). The address object is used by the listed SSL policy (second %s). ZyWALL USG 100/200 Series User’s Guide... - Page 763 VPN policy %s. So %s will not be injected to client side. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The listed address object (first %s) is not the right kind for the first DNS server specified in the listed SSL VPN policy (second %s).
- Page 764 An SSL VPN login attempt from the listed user (%s) was blocked due to too many failed login attempts. The listed user (%s) failed to log into SSL VPN because the maximum number of users were already logged in. ZyWALL USG 100/200 Series User’s Guide...
-
Page 765: Table 281 L2Tp Over Ipsec Logs
User has been denied from L2TP service. (address pool exhausted) ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The listed user (%s) failed to log into SSL VPN because the maximum number of simultaneous logons was already reached. The listed user (%s) failed to log into SSL VPN because of entering an incorrect password or a user name that does not exist. -
Page 766: Table 282 Zysh Logs
1st:zysh group name, 2st:zysh group name 1st:max group num 1st:zysh group name, 2st:zysh entry name 1st:zysh group name, 2st:zysh entry name 1st:zysh entry name 1st:zysh entry name 1st:zysh entry name 1st:zysh entry name 1st:zysh list name ZyWALL USG 100/200 Series User’s Guide... - Page 767 %s: apply failed at initial stage! %s: apply failed at main stage! %s: apply failed at closing stage! ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions DESCRIPTION 1st:zysh entry index 1st:zysh list name 1st:zysh entry name 1st:zysh entry name...
-
Page 768: Table 283 Adp Logs
DESCRIPTION The ZyWALL failed to initialize the anti-virus signatures due to an internal error. The ZyWALL failed to reload the anti-virus signatures due to an internal error. ZyWALL USG 100/200 Series User’s Guide... - Page 769 AV signature update has failed. (Memory not enough) AV signature size is over system limitation ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions DESCRIPTION The ZyWALL failed to reload the anti-virus signatures due to an internal error. The ZyWALL’s anti-virus feature detected a virus-infected file.
- Page 770 1st %s: The file pattern. 2nd %s: The white list or black list. An anti-virus file pattern white list or black list was turned on or off. 1st %s: The white list or black list. 2nd %s: Activated/deactivated. ZyWALL USG 100/200 Series User’s Guide...
-
Page 771: Table 285 User Logs
Failed login attempt to ZyWALL from %s (reach the max. number of user) ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions DESCRIPTION File decompression failed due to an internal error. 1st %s: The protocol of the packet. -
Page 772: Table 286 Myzyxel.com Logs
2nd %s: error message returned by the myZyXEL.com server Trail service was activated successfully for the specified service. %s: service name The device received an incomplete response from the myZyXEL.com server and it caused a parsing error for the device. ZyWALL USG 100/200 Series User’s Guide... - Page 773 Change Anti-Virus engine has failed:%s. Change Anti-Virus engine has succeeded. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Standard service activation failed, this log will append an error message returned by the MyZyXEL.com server. %s: error message returned by the myZyXEL.com server Standard service activation has succeeded.
- Page 774 Some information was missing in the packets that the device sent to the server. The device started an IDP signature update. The device successfully downloaded an IDP signature file. The device successfully downloaded and applied an IDP signature file. ZyWALL USG 100/200 Series User’s Guide...
- Page 775 Expiration daily- check will trigger PPP interface. Do self- check. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The device still cannot download the IDP signature after 3 retries. The device successfully downloaded an anti-virus signature file. The device successfully downloaded and applied an anti-virus signature file.
- Page 776 The header format of a packet returned by a server is wrong. After the device sent packets to a server, the device did not receive any response from the server. The root cause may be a network delay issue. ZyWALL USG 100/200 Series User’s Guide...
-
Page 777: Table 287 Idp Logs
Custom signature add error: sid <sid>, <error_message>. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The file size downloaded for AS is not identical with content-length Device can't parse the HTTP header in a response returned by a server. Maybe some HTTP headers are missing. - Page 778 An attempt to update the IDP signatures failed. Rebuilding of the IDP device HA synchronized file failed. An IDP signature update succeeded. The previous and updated IDP signature versions are listed. ZyWALL USG 100/200 Series User’s Guide...
- Page 779 IDP system-protect signature update failed. Invalid IDP config file. ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions DESCRIPTION An update of the IDP system-protect signatures succeeded. The previous and updated signature versions are listed. The IDP system-protect function had an error. Creation of the IDP debug directory failed.
- Page 780 When the ZyWALL started it could not find the IDP signature file. See the CLI reference guide for how to restore the default system database. The IDP signature set is too large (exceeds the ZyWALL’s system limitation). ZyWALL USG 100/200 Series User’s Guide...
-
Page 781: Table 288 Application Patrol
Rule %s:%s has been removed. System fatal error: 60011001. ZyWALL USG 100/200 Series User’s Guide Appendix A Log Descriptions EXPLANATION Common packet logging. 1st %s: Protocol Name, 2nd %s: "port- less" or "port-base", 3rd %s: Rule Index, 4th %s: "forward", "drop" or "reject". -
Page 782: Table 289 Ike Logs
When selecting a matched proposal, some protocol was given more than once. When selecting a matched proposal in phase-1 or phase-2, so proposal was selected. %s is the tunnel name. When negotiating Phase-1, the authentication algorithm did not match. ZyWALL USG 100/200 Series User’s Guide... - Page 783 INFO Cannot resolve My IP Addr %s for Tunnel [%s] ZyWALL USG 100/200 Series User’s Guide DESCRIPTION %s is the tunnel name. When negotiating Phase-1, the authentication method did not match. %s is the tunnel name. When negotiating Phase-1, the encryption algorithm did not match.
- Page 784 %s is the tunnel name. The phase-2 tunnel negotiation is complete. %s is the tunnel name. When negotiating phase-1, the pre-shared key did not match. %s is the tunnel name. The device received an IKE request. ZyWALL USG 100/200 Series User’s Guide...
- Page 785 Tunnel [%s:0x%x] is disconnected Tunnel [%s] rekeyed successfully ZyWALL USG 100/200 Series User’s Guide DESCRIPTION %s is the tunnel name. The device sent an IKE request. %s is the tunnel name. When IKE request is already sent but still attempting to dial a tunnel.
-
Page 786: Table 290 Ipsec Logs
3rd is the to zone, 4th is the service name, 5th is ACCEPT/DROP/ REJECT. Firewall is dead, trace to %s is which file, %d is which line, %s is which function %s is enabled/disabled ZyWALL USG 100/200 Series User’s Guide... -
Page 787: Table 292 Sessions Limit Logs
ZyWALL USG 100/200 Series User’s Guide DESCRIPTION 1st %d is the old global index of rule, 2nd %d is the new global index of rule %d is the global index of rule... -
Page 788: Table 294 Built-In Services Logs
%u.%u.%u.%u is IP address %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET An administrator assigned a nonexistent certificate to HTTPS. %s is certificate name assigned by user An administrator changed the port number for HTTPS. %s is port number ZyWALL USG 100/200 Series User’s Guide... - Page 789 DHCP Server on Interface %s will not work due to Device HA status is Stand-By ZyWALL USG 100/200 Series User’s Guide DESCRIPTION An administrator changed the port number for HTTPS back to the default (443). An administrator changed the port number for HTTP.
- Page 790 An administrator moved the rule %u to index %d. %u is previous index %d variable is current index The default record DNS servers is more than 128. Ping check ok, add DNS servers in bind. %s is interface name ZyWALL USG 100/200 Series User’s Guide...
-
Page 791: Table 295 System Logs
Table 295 System Logs LOG MESSAGE Port %d is up!! Port %d is down!! ZyWALL USG 100/200 Series User’s Guide DESCRIPTION Ping check failed, remove DNS servers from bind. %s is interface name Ping check disabled, add DNS servers in bind. - Page 792 The device received an ARP response from an unknown client. The device received the specified total number of ARP response packets for the requested IP address. The ARP cache was cleared successfully. A client MAC address is not an Ethernet address. ZyWALL USG 100/200 Series User’s Guide...
- Page 793 Update the profile %s has failed because of authentication fail. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The device received a DHCP request through the specified interface. IP conflict was detected. Send back DHCP-NAK. Clear ARP cache done.
- Page 794 If the DDNS profile's IP select type is iface, it needs a WAN iface, %s is the profile name. The profile is paused by device-HA, because the VRRP status of that iface is standby, %s is the profile name. ZyWALL USG 100/200 Series User’s Guide...
- Page 795 DDNS profile %s has been renamed as %s. DDNS profile %s has been deleted. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION DDNS profile cannot be updated for WAN IP because WAN iface is link-down, %s is the profile name. DDNS profile cannot be updated for WAN IP because WAN iface is PPP and not connected, %s is the profile name.
-
Page 796: Table 296 Connectivity Check Logs
The connectivity check process can't get interface configuration. %s: interface name The connectivity check process can't get remote address of PPP interface %s: interface name The connectivity check process can't get netmask address of interface. %s: interface name ZyWALL USG 100/200 Series User’s Guide... -
Page 797: Table 297 Device Ha Logs
Master configuration is the same with Backup. Skip updating %s file not existed, Skip syncing it for %s ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The connectivity check process can't get broadcast address of interface %s: interface name The connectivity check process can't use multicast address to check link-status. - Page 798 Backup and the Master. %s: The name of the VRRP group. A VRRP group’s Simple String (Md5) configuration may not match between the Backup and the Master. %s: The name of the VRRP group. ZyWALL USG 100/200 Series User’s Guide...
-
Page 799: Table 298 Routing Protocol Logs
RIP on all interfaces have been stopped Invalid RIP md5 authentication ZyWALL USG 100/200 Series User’s Guide DESCRIPTION A VRRP group’s AH String (IPSec AH) configuration may not match between the Backup and the Master. %s: The name of the VRRP group. - Page 800 RIP text authentication key has been deleted. RIP md5 authentication id and key have been deleted. RIP global version has been deleted. RIP redistribute OSPF routes has been disabled. RIP redistribute static routes has been disabled. ZyWALL USG 100/200 Series User’s Guide...
- Page 801 %s. Invalid OSPF text authentication on interface %s. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION RIP v2-broadcast on interface %s has been enabled. %s: Interface Name. RIP send-version on interface %s has been changed to version 1 or 2 or both 1 2.
-
Page 802: Table 299 Nat Logs
H323 ALG apply additional signal port failed. %d: Port number H323 ALG apply signal port failed. %d: Port number FTP ALG apply additional signal port failed. %d: Port number FTP ALG apply signal port failed. %d: Port number ZyWALL USG 100/200 Series User’s Guide... -
Page 803: Table 300 Pki Logs
Import PKCS#12 certificate "%s" into "My Certificate" successfully ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The router created an X509 format certificate with the specified name. The router was not able to create an X509 format certificate with the specified name. See Table 301 on page 805 number. - Page 804 An administrator used the wrong password when trying to import a PKCS#12 format certificate. %s is the certificate name. %s is the subject. %d is an error number (see Table 301 on page certificate subject. ZyWALL USG 100/200 Series User’s Guide 805), %s is the...
-
Page 805: Table 301 Interface Logs
AUX Interface dialing failed. This AUX interface is not enabled. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION An administrator deleted an interface. %s is the interface name. A user tried to dial the AUX interface, but the AUX interface is not enabled. - Page 806 MTU - 8), PPP interface may not run correctly because PPP packets will be fragmented by base interface and peer will not receive correct PPP packets.1st %s: Ethernet interface name, 2nd %s: PPP interface name. ZyWALL USG 100/200 Series User’s Guide...
- Page 807 Interface %s connect failed: PAP authentication failed. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION An administrator set a static gateway in interface but this interface is link down. At this time the configuration will be saved but route will not take effect until the link becomes up.1st %s: interface name, 2nd %s:...
- Page 808 The SIM card for the cellular device associated with the listed cellular interface (%d) is locked. This may be because the PIN code was entered incorrectly more than three times. You need to enter the PUK code to unlock the SIM card. . ZyWALL USG 100/200 Series User’s Guide...
-
Page 809: Table 302 Wlan Logs
Interface %s has been configured. Interface %s has been deleted. ZyWALL USG 100/200 Series User’s Guide DESCRIPTION The listed cellular interface (%d) does has the wrong PIN code configured. The ZyWALL could not check the signal strength for the listed cellular interface (%d). - Page 810 %s). The MAC address of the wireless client is listed (second %s). There was an error when attempting to extract the EAP-Message from a RADIUS message. The first %s is the WLAN interface. The second %s is the MAC address of the wireless client. ZyWALL USG 100/200 Series User’s Guide...
-
Page 811: Table 303 Account Logs
Force User Authentication may not work properly! ZyWALL USG 100/200 Series User’s Guide DESCRIPTION A user deleted an ISP account profile. 1st %s: profile type, 2nd %se: profile name. A user changed an ISP account profile’s options. -
Page 812: Table 306 File Manager Logs
The ZyWALL could not connect to the SMTP e-mail server (%s). The address configured for the server may be incorrect or there may be a problem with the ZyWALL’s or the server’s network connection. ZyWALL USG 100/200 Series User’s Guide... - Page 813 Appendix A Log Descriptions ZyWALL USG 100/200 Series User’s Guide...
- Page 814 Appendix A Log Descriptions ZyWALL USG 100/200 Series User’s Guide...
-
Page 815: Appendix B Common Services
AUTH BOOTP_CLIENT BOOTP_SERVER CU-SEEME TCP/UDP User-Defined (IPSEC_TUNNEL) FINGER ZyWALL USG 100/200 Series User’s Guide Common Services PORT(S) DESCRIPTION The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. It is also used as a listening port by ICQ. - Page 816 This is the data channel. Remote Command Service. 7070 A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Remote Telnet. ZyWALL USG 100/200 Series User’s Guide...
- Page 817 TCP/UDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE ZyWALL USG 100/200 Series User’s Guide Appendix B Common Services PORT(S) DESCRIPTION The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. Simple File Transfer Protocol.
- Page 818 Appendix B Common Services ZyWALL USG 100/200 Series User’s Guide...
-
Page 819: Appendix C Displaying Anti-Virus Alert Messages In Windows
Windows XP 1 Click Start > Control Panel > Administrative Tools > Services. Figure 556 Windows XP: Opening the Services Window 2 Select the Messenger service and click Start. ZyWALL USG 100/200 Series User’s Guide... -
Page 820: Figure 557 Windows Xp: Starting The Messenger Service
3 Close the window when you are done. Windows 2000 1 Click Start > Settings > Control Panel > Administrative Tools > Services. Figure 558 Windows 2000: Opening the Services Window 2 Select the Messenger service and click Start Service. ZyWALL USG 100/200 Series User’s Guide... -
Page 821: Figure 559 Windows 2000: Starting The Messenger Service
1 Right-click on the program task bar and click Properties. Figure 561 WIndows 98 SE: Program Task Bar 2 Click the Start Menu Programs tab and click Advanced ... ZyWALL USG 100/200 Series User’s Guide Appendix C Displaying Anti-Virus Alert Messages in Windows... -
Page 822: Figure 562 Windows 98 Se: Task Bar Properties
3 Double-click Programs and click StartUp. 4 Right-click in the StartUp pane and click New, Shortcut. Figure 563 Windows 98 SE: StartUp 5 A Create Shortcut window displays. Enter “winpopup” in the Command line field and click Next. ZyWALL USG 100/200 Series User’s Guide... -
Page 823: Figure 564 Windows 98 Se: Startup: Create Shortcut
Figure 565 Windows 98 SE: Startup: Select a Title for the Program 7 A shortcut is created in the StartUp pane. Restart the computer when prompted. ZyWALL USG 100/200 Series User’s Guide Appendix C Displaying Anti-Virus Alert Messages in Windows... -
Page 824: Figure 566 Windows 98 Se: Startup: Shortcut
Appendix C Displaying Anti-Virus Alert Messages in Windows Figure 566 Windows 98 SE: Startup: Shortcut The WinPopup window displays after the computer finishes the startup process (see Figure 560 on page 821). ZyWALL USG 100/200 Series User’s Guide... -
Page 825: Appendix D Importing Certificates
The following example procedure shows how to import the ZyWALL’s (self-signed) server certificate into your operating system as a trusted certification authority. 1 In Internet Explorer, double click the lock shown in the following screen. ZyWALL USG 100/200 Series User’s Guide... -
Page 826: Figure 568 Login Screen
Appendix D Importing Certificates Figure 568 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 569 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. ZyWALL USG 100/200 Series User’s Guide... -
Page 827: Figure 570 Certificate Import Wizard 1
Figure 570 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 571 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. ZyWALL USG 100/200 Series User’s Guide Appendix D Importing Certificates... -
Page 828: Figure 572 Certificate Import Wizard 3
Appendix D Importing Certificates Figure 572 Certificate Import Wizard 3 6 Click Yes to add the ZyWALL certificate to the root store. Figure 573 Root Certificate Store ZyWALL USG 100/200 Series User’s Guide... -
Page 829: Figure 574 Certificate General Information After Import
Appendix D Importing Certificates Figure 574 Certificate General Information after Import ZyWALL USG 100/200 Series User’s Guide... - Page 830 Appendix D Importing Certificates ZyWALL USG 100/200 Series User’s Guide...
-
Page 831: Appendix E Wireless Lans
A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. ZyWALL USG 100/200 Series User’s Guide Wireless LANs... -
Page 832: Figure 576 Basic Service Set
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. ZyWALL USG 100/200 Series User’s Guide... -
Page 833: Figure 577 Infrastructure Wlan
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. ZyWALL USG 100/200 Series User’s Guide Appendix E Wireless LANs... -
Page 834: Figure 578 Rts/Cts
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. ZyWALL USG 100/200 Series User’s Guide... -
Page 835: Table 309 Ieee 802.11G
Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. ZyWALL USG 100/200 Series User’s Guide MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying) -
Page 836: Table 310 Wireless Security Levels
RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization ZyWALL USG 100/200 Series User’s Guide... -
Page 837: Types Of Eap Authentication
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . ZyWALL USG 100/200 Series User’s Guide Appendix E Wireless LANs... - Page 838 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. ZyWALL USG 100/200 Series User’s Guide...
-
Page 839: Table 311 Comparison Of Eap Authentication Types
RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. ZyWALL USG 100/200 Series User’s Guide EAP-MD5 EAP-TLS... - Page 840 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. ZyWALL USG 100/200 Series User’s Guide...
-
Page 841: Figure 579 Wpa(2) With Radius Application Example
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. ZyWALL USG 100/200 Series User’s Guide Appendix E Wireless LANs... -
Page 842: Figure 580 Wpa(2)-Psk Authentication
Enable without Dynamic WEP Key Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable TKIP/AES Disable TKIP/AES Enable TKIP/AES Disable ZyWALL USG 100/200 Series User’s Guide... -
Page 843: Antenna Characteristics
The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. ZyWALL USG 100/200 Series User’s Guide Appendix E Wireless LANs... -
Page 844: Positioning Antennas
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. ZyWALL USG 100/200 Series User’s Guide... -
Page 845: Appendix F Open Software Announcements
University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. ZyWALL USG 100/200 Series User’s Guide... - Page 846 The University of Delaware makes no representations about the suitability this software for any purpose. It is provided "as is" without express or implied warranty. ZyWALL USG 100/200 Series User’s Guide...
- Page 847 Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: ZyWALL USG 100/200 Series User’s Guide Appendix F Open Software Announcements license, but it requires that a copyright notice be...
- Page 848 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR ZyWALL USG 100/200 Series User’s Guide...
- Page 849 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ZyWALL USG 100/200 Series User’s Guide Appendix F Open Software Announcements...
- Page 850 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. clause, and now allows BSD itself to be used under the three- ZyWALL USG 100/200 Series User’s Guide...
- Page 851 Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. ZyWALL USG 100/200 Series User’s Guide Appendix F Open Software Announcements...
- Page 852 "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. ZyWALL USG 100/200 Series User’s Guide...
- Page 853 (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and ZyWALL USG 100/200 Series User’s Guide...
- Page 854 Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS ZyWALL USG 100/200 Series User’s Guide...
- Page 855 This Product includes libosip2, libgcgi-0.9.5 and libqsearch 0.8 software under LGPL license. GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. ZyWALL USG 100/200 Series User’s Guide Appendix F Open Software Announcements...
- Page 856 License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. ZyWALL USG 100/200 Series User’s Guide...
- Page 857 Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the ZyWALL USG 100/200 Series User’s Guide...
- Page 858 GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. ZyWALL USG 100/200 Series User’s Guide...
- Page 859 Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a ZyWALL USG 100/200 Series User’s Guide...
- Page 860 (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy ZyWALL USG 100/200 Series User’s Guide...
- Page 861 FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. ZyWALL USG 100/200 Series User’s Guide...
- Page 862 (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. ZyWALL USG 100/200 Series User’s Guide...
- Page 863 You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. ZyWALL USG 100/200 Series User’s Guide...
- Page 864 ZyWALL USG 100/200 Series User’s Guide...
- Page 865 Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. ZyWALL USG 100/200 Series User’s Guide...
- Page 866 Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. ZyWALL USG 100/200 Series User’s Guide...
- Page 867 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. This Product includes openldap-2.1.10 software under the OpenLDAP License ZyWALL USG 100/200 Series User’s Guide Appendix F Open Software Announcements...
- Page 868 License, A 3 clause BSD License, NTP License, Expat License, PPP License, Netkit-telnet License, MIT License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at: ZyXEL Technical Support. ZyWALL USG 100/200 Series User’s Guide...
- Page 869 End-User License Agreement for “ZyWALL USG 100 and ZyWALL USG 200” WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM.
- Page 870 EXPORT OF THE SOFTWARE OR INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME. YOU SHALL NOT EXPORT THE SOFTWARE, DOCUMENTATION OR INFORMATION ABOUT THE SOFTWARE AND DOCUMENTATION WITHOUT COMPLYING WITH SUCH LAWS, REGULATIONS, ZyWALL USG 100/200 Series User’s Guide...
- Page 871 License Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties. ZyWALL USG 100/200 Series User’s Guide...
- Page 872 Appendix F Open Software Announcements ZyWALL USG 100/200 Series User’s Guide...
-
Page 873: Appendix G Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. -
Page 874: Appendix G Legal Information
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyWALL USG 100/200 Series User’s Guide... -
Page 875: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. ZyWALL USG 100/200 Series User’s Guide Appendix G Legal Information... - Page 876 Appendix G Legal Information ZyWALL USG 100/200 Series User’s Guide...
-
Page 877: Appendix H Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan China - ZyXEL Communications (Beijing) Corp. • Support E-mail: cso.zycn@zyxel.cn • Sales E-mail: sales@zyxel.cn •... -
Page 878: Appendix H Customer Support
Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk •... - Page 879 • Sales E-mail: sales@zyxel.kz • Telephone: +7-3272-590-698 • Fax: +7-3272-590-689 • Web: www.zyxel.kz • Regular Mail: ZyXEL Kazakhstan, 43 Dostyk Ave., Office 414, Dostyk Business Centre, 050010 Almaty, Republic of Kazakhstan ZyWALL USG 100/200 Series User’s Guide Appendix H Customer Support...
- Page 880 • Support Telephone: +1-800-978-7222 • Sales E-mail: sales@zyxel.com • Sales Telephone: +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
- Page 881 • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es • Telephone: +34-902-195-420 • Fax: +34-913-005-345 • Web: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 •...
- Page 882 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) ZyWALL USG 100/200 Series User’s Guide...
-
Page 883: Index
173, 177, 730 ActiveX AD (Active Directory) ZyWALL USG 100/200 Series User’s Guide Index address groups and content filtering 531, 532, 535 and firewall and force user authentication policies and FTP and SNMP... - Page 884 AppPatrol, See application patrol. ASCII-encoding asymmetrical routes ZyWALL USG 100/200 Series User’s Guide 470, 819, 821 475, 478 233, 833 527, 528 446, 447, 458, 462 335, 337...
- Page 885 OSI level-7. See application patrol. over allotment of bandwidth priority priority effect See also application patrol. See also policy routes. ZyWALL USG 100/200 Series User’s Guide bare byte encoding Base DN base profiles 484, 487, 514, 516 base36-encoding Basic Service Set, See BSS...
- Page 886 See also content filtering. cookies 65, 545 ZyWALL USG 100/200 Series User’s Guide 708, 710 211, 225, 230, 253 531, 532 531, 532, 535 531, 532, 535 534, 536...
- Page 887 IP address modes monitored interfaces 578, 582 password prerequisites role ZyWALL USG 100/200 Series User’s Guide synchronization 576, 588 synchronization password 581, 585 synchronization port number 581, 585 tutorial virtual router virtual router and management IP addresses VRID device High Availability see device HA.
- Page 888 See also to-ZyWALL firewall. triangle routes ZyWALL USG 100/200 Series User’s Guide 489, 517 489, 517, 520 347, 457, 459, 461 347, 614 336, 345 343, 344 343, 344...
- Page 889 H.323 159, 331 additional signaling port 325, 331 and firewall and RTP signaling port HA status see device HA ZyWALL USG 100/200 Series User’s Guide header checksum hidden node host-based intrusions HSDPA HTTP inspection redirect to HTTPS vs HTTPS HTTP over SSL.
- Page 890 IP address and subnet mask PPPoE/PPTP. See also PPPoE/PPTP interfaces. prerequisites relationships between static DHCP subnet mask ZyWALL USG 100/200 Series User’s Guide 211, 230, 252 211, 230, 252 489, 517 110, 125, 199 110, 200 281, 282...
- Page 891 373, 374 authentication key (manual keys) destination NAT for inbound traffic encapsulation encryption algorithms ZyWALL USG 100/200 Series User’s Guide encryption key (manual keys) local policy manual keys NAT for inbound traffic NAT for outbound traffic Perfect Forward Secrecy (PFS)
- Page 892 HA MS-05-39 211, 230, 252 multiple slash encoding mutation virus mute My Certificates. See also certificates. MyDoom myZyXEL.com accounts, creating and IDP ZyWALL USG 100/200 Series User’s Guide 716, 721 173, 176 489, 517 185, 193...
- Page 893 SSL application users, user groups obsolete-options attack offset (patterns) Online Certificate Status Protocol (OCSP) vs CRL ZyWALL USG 100/200 Series User’s Guide Open Shortest Path First. See OSPF. open software announcements 214, 336 zone original setting (IDP) OSI (Open System Interconnection)
- Page 894 514, 527 protocol anomaly detection proxy servers web. See web proxy servers. public server tutorial Public-Key Infrastructure (PKI) public-private key pairs query view (IDP) 492, 495 Quick Start Guide ZyWALL USG 100/200 Series User’s Guide 200, 221...
- Page 895 ZyWALL USG 100/200 Series User’s Guide reset vs reboot RESET button 55, 748 response strings reverse proxy mode 61, 385 RFC 1058. See RIP. RFC 1389. See RIP.
- Page 896 GetNext Manager managers network components Trap traps versions Snort equivalent terms Snort rule header Snort rule options Snort signatures Source Network Address Translation. See SNAT. ZyWALL USG 100/200 Series User’s Guide 492, 501, 503...
- Page 897 SSL policy edit objects used SSL VPN access policy configuration overview ZyWALL USG 100/200 Series User’s Guide full tunnel mode network access mode prerequisites reverse proxy mode See also SSL where used stac compression starting the ZyWALL startup-config.conf...
- Page 898 200, 211, 269 and ALG and policy routes configuration overview member interface mode member interfaces prerequisites See also load balancing. tutorial where used Trusted Certificates. See also certificates. TTCP-detected attack tutorials u encoding attack ZyWALL USG 100/200 Series User’s Guide 269, 282...
- Page 899 See SSL user screens. 395, 398 user sessions. See sessions. user SSL screens 395, 398 ZyWALL USG 100/200 Series User’s Guide access methods bookmarks certificates login logout required information system requirements user-aware users access.
- Page 900 ActiveX cookies Java web proxy servers web proxy servers see also HTTP redirect. web-based SSL application configuration example create webroot-directory-traversal attack weighted round robin (for load balancing) ZyWALL USG 100/200 Series User’s Guide 281, 282, 745 54, 65 322, 545...
- Page 901 WPA2-Pre-Shared Key (WPA2-PSK) WPA2-PSK 839, 840 application example WPA-PSK 839, 840 application example and address groups ZyWALL USG 100/200 Series User’s Guide and address objects and authentication methods and certificates and zones WWW. See also HTTP, HTTPS. zones 110, 299...
- Page 902 Index ZyWALL USG 100/200 Series User’s Guide...