Scenario 1 - Restricting Bandwidth Management Priority for Traffic 1.1 Application Scenario In an enterprise network, there are various types of traffic. However, most company's Internet bandwidth is limited. All traffic will contend for it and may result in some important traffic, for example.
1.2 Configuration Guide Network conditions: - WAN download bandwidth: 2M - WAN upload bandwidth: 1M Goals to achieve: Restrict FTP download/upload bandwidth to 1000/500 kbps and set priority of FTP traffic to 4 for all users. ZyWALL configuration: Step 1: Configuration > BWM > check “Enable BWM” Step 2: Configuration >...
Page 5
Scenario 2 - Assign IPv6 to your LAN to access remote IPv6 network 2.1 Application Scenario Nowadays, more and more Internet service providers provide IPv6 environment. With IPv6 feature enabled on ZyWALL, it can assign an IPv6 to clients under it and pass IPv6 traffic through IPv4 environment to access remote IPv6 network.
Page 6
ZyWALL Configuration: Step 1: Configuration > System > IPv6 > Click Enable IPv6 Step 2: Setting the static IP on WAN1...
Page 7
Step 3: Setting IPv6 IP address on LAN1 (1) Go to Configuration > Interface > Ethernet > double click LAN1 interface in IPv6 configuration. (2) Convert WAN1 IP address to hexadecimal Check Enable Stateless Address Auto-configuration (SLAAC) box and enter 2002:3b7c:a39b::/64 in the prefix table.
Page 8
Step 4: Enable 6 to 4 tunnel. (1) Go to Configuration > Interface > Tunnel > Click Add button (2) Select the 6to4 in that Tunnel Mode (3) Check the Prefix in the 6tp4 tunnel Parameter (4) Select the WAN1 interface as the gateway in the Gateway Setting After these configuration steps, connect your computer to the device and check that your computer received an IPv6 IP address from tunnel.
Page 9
Scenario 3 – Dialing up L2TP VPN connection to ZyWALL by using iOS/Android mobile device 3.1 Application Scenario Smart phone become increasingly popular with consumers. Though it brings us much more convenience, but also brings security concerns. A ZyWALL is compatible with iOS/Android mobile devices to establish L2TP VPN connection, provide secure and private mobile data transferring no matter if your mobile devices is behind NAT.
Page 11
Step 3: Fill in the needed VPN gateway configuration.
Page 12
Step 4: Click Configuration > VPN > IPSec VPN > VPN Connection to visit the configuration screen to set phase 2 rule Step 5: Click the “Add” button to add a VPN connection rule. Step 6: Fill in the needed VPN connection configuration.
Page 14
Step 7: Click Configuration > VPN > L2TP VPN to visit L2TP VPN configuration screen Step 8: Create a address object for L2TP users Step 9: Fill in the needed L2TP VPN connection configuration.
Page 15
iOS mobile client configuration Step 1: Settings > General > Network > Step 2: Choose the VPN and turn on VPN > Add configuration and insert needed L2TP VPN settings. Secret is the pre-shared key 12345678. Step 3. Go to Monitor > VPN Monitor > L2TP over IPSec to check the L2TP session.
Page 17
Step 3: Select L2TP/IPSec PSK as the type Step 4: Fill in the Pre-shared key 12345678 and fill in the server address. and click “Save”.
Page 18
Step 5: Click on “ZyWALL” to connect to Step 6: Device will show connected when the L2TP VPN. Fill in the L2TP password dial up successfully and click “Connect”. Step 7. Go to Monitor > VPN Monitor > L2TP over IPSec to check the L2TP session.
Page 19
Scenario 4 – One click Setup VPN connection to headquarter 4.1 Application Scenario As an enterprise, employees often have business trip around the world. They might need to access the resource which inside headquarter during trip and it brings secure concerns.
Page 21
Goals to achieve: Provide an easy way for outside users to build up IPSec VPN tunnel by using the ZyWALL IPSec VPN Client for accessing internal resource. ZyWALL configuration Step 1: Click Configuration > Quick setup >VPN Setup Step 2: Select “VPN settings for Configuration Provisioning”...
Page 22
Step 3: Select “Express” (or select “Advance” to define detail settings manually) Step 4: Change Rule Name if needed...
Page 23
Step 5: Fill in Pre-shared key and Local policy Step 6: Check if IPSec VPN configuration correct and save setting...
Page 24
Step 7: Click Configuration > VPN > IPSec VPN > Configuration Provisioning and enable Configuration Provisioning Step 8: Create a provisioning rule for any user...
Page 26
Step 3: Fill in authentication information and click “Next” Step 4: The VPN profile will be downloaded from USG if authentication successful...
Page 27
Step 5: Double left click on the phase 2 profile to dial up IPSec VPN tunnel Step 6: You can reach the internal server...
Page 29
Scenario 5 – Dynamic users communicate with HQ and all branch offices by using auto created VPN routes 5.1 Application Scenario For world-wide enterprises, network communication between each branch and the headquarter office is very important. A VPN concentrator combines several IPSec VPN connections into one secure network for site-to-site VPN and reduces the number of VPN connections that need to be set up and maintained in the network.