Instruction/ maintenance manual of the product unified security gateway ZyXEL Communications
Go to page of 959
www .zyxel.com www .zyxel.com ZyW ALL USG 20/20W Unified Security Gateway Copyright © 201 1 ZyXEL Communications Corporation V ersion 2.21 Edition 4, 4/2011 Default Login Details LAN P ort P2, P3 IP Address https://192.
.
About This User's Guide ZyWALL USG 20/20W User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to want to configure the Z yW ALL using the W eb Configurator . How T o Use This Guide •R e a d Chapter 1 on page 29 chapter for an overview of features available on the Z yW ALL.
About This User's Guide ZyWALL USG 20/20W User’s Guide 4 • W eb Configurator On line H elp Click the help icon in an y screen for help in configuring that screen and supplementary information. • Z yXEL W eb Site Please refer to www .zyxel.c om for additional support documentation and product certifications.
About This User's Guide ZyWALL USG 20/20W User’s Guide 5 •F o r u m This contains discussi ons on Z yXEL prod ucts. Learn from others who use ZyXEL products and share y our experiences as well. Customer Support Should problems arise that cannot be solved by the methods listed above, you shou ld con tact yo ur ven dor .
Document Conventions ZyWALL USG 20/20W User’s Guide 6 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User’ s Guide.
Document Conventions ZyWALL USG 20/20W User’s Guide 7 Icons Used in Figures Figures in this User’ s Guide may use the following generic icons. The Z yWALL icon is not an exact representation of your device.
Safety Warnings ZyWALL USG 20/20W User’s Guide 8 Safety Warnings • Do NO T use this product near w ater , for exam ple, in a wet basement or n e ar a swimming pool. • Do NO T expose your device to dampness, dust or corrosive liquids. • Do NO T store things on the device.
Contents Overview ZyWALL USG 20/20W User’s Guide 9 Contents Overview User ’ s Guide ......................................... .......... ........... .......... .......................................... ......... 27 Introducing the ZyWALL ........
Contents Overview ZyWALL USG 20/20W User’s Guide 10 Schedules .......... ............. ............. ................ ............. ................. ............ ............. .......... ........... 567 AAA Server ............ .....................
Table of Contents ZyWALL USG 20/20W User’s Guide 11 Table of Contents About This User's Guide ........................................... ..................................................... .......... 3 Document Conventions...................
Table of Contents ZyWALL USG 20/20W User’s Guide 12 Chapter 4 Inst allation Setup Wizard .................................................................................... .................. .5 9 4.1 Installation Setup Wizard Sc reens .. .........
Table of Contents ZyWALL USG 20/20W User’s Guide 13 6.5.1 Feature ... ... ............. ... ... .... ... ............. ... ... ... ............. .... ... ... ... ............. ... .... ... .......... ...... 95 6.5.2 Licensing Registration ..........
Table of Contents ZyWALL USG 20/20W User’s Guide 14 7.5 How to Configure User-aware Access Contro l .......... ............. ................ ............. .............. 120 7.5.1 Set Up Us er Accounts ............... ................ .............
Table of Contents ZyWALL USG 20/20W User’s Guide 15 8.2.3 The Active Sessions Screen ............... ............. ................ ............. ............. .............. 173 8.2.4 The VPN S tatus Screen ......... ... ... .... ... ... ..........
Table of Contents ZyWALL USG 20/20W User’s Guide 16 1 1.2 Port Role ....... ... ... ... .... ... ... ............. ... ... .... ............. ... ... ... .... ............ .... ... ... ............. . ......... . 220 1 1.3 Ethernet Summary Screen ..
Table of Contents ZyWALL USG 20/20W User’s Guide 17 Chapter 14 Routing Protocols ...................................................... ..................................................... ...... 313 14.1 Routing Protocols Overview .... ...........
Table of Contents ZyWALL USG 20/20W User’s Guide 18 18.2.1 The HTTP Redire ct Edit Screen .............. ............. ................ ............. ............. ........ 350 Chapter 19 ALG ................................... .....................
Table of Contents ZyWALL USG 20/20W User’s Guide 19 23.1 IPSec VPN Overview ........ ............. ............. ................ ............. ................ ............. ........... 391 23.1.1 What Y ou Can Do in this Chapter ..... ... ........
Table of Contents ZyWALL USG 20/20W User’s Guide 20 27.6 Uninstalling the ZyW ALL SecuE xtender ..... ...... ................. ............ ............. ................ ..... 452 Chapter 28 Bandwid th Management ...................................
Table of Contents ZyWALL USG 20/20W User’s Guide 21 31.1 Overview ........... ................ ............. ............. ................ ............. ................ ............. .. ......... 513 31.2 Viewing Content Filter Re ports ..........
Table of Contents ZyWALL USG 20/20W User’s Guide 22 35.1 Overview ........... ................ ............. ............. ................ ............. ................ ............. .. ......... 561 35.1.1 What Y ou Can Do in this Chapter ..... .
Table of Contents ZyWALL USG 20/20W User’s Guide 23 39.1.2 What Y ou Need to Know ......... ................ ............. ................ ............. ............. ........ 589 39.1.3 V erif ying a Certificate ........ ................ .........
Table of Contents ZyWALL USG 20/20W User’s Guide 24 43.4.2 T ime Server Synchroniz ation .. ............. ................ ............. ................ ............. ........ 635 43.5 Console Port S peed .......... ............. ................ .
Table of Contents ZyWALL USG 20/20W User’s Guide 25 44.2 Email Daily Report ..... ...... ............. ................ ............. ................ ............. ............. ....... .... 679 44.3 Log Setting Screens ........ ............. .....
Table of Contents ZyWALL USG 20/20W User’s Guide 26 49.1 Overview ........... ................ ............. ............. ................ ............. ................ ............. .. ......... 725 49.1.1 What Y ou Need T o Know ........... ....
27 P ART I User ’ s Guide.
28.
ZyWALL USG 20/20W User’s Guide 29 C HAPTER 1 Introducing the ZyWALL This chapter gives an overview of t he Z yWALL. It explains the front panel ports, LEDs, introduces the manage ment methods, and lists di fferent w ays to start or stop the Z yW ALL.
Chapter 1 Introducing the ZyWALL ZyWALL USG 20/20W User’s Guide 30 1 Screw the two screws provided with your Z y W ALL into the wall 150 mm apart (see the figure in step 2).
Chapter 1 Introducin g the ZyWALL ZyWALL USG 20/20W User’s Guide 31 The ZyW ALL should be wall-mount ed horizont ally . The ZyW ALL's side p anels with ventilation slot s should not be facing up or down as this position is less safe.
Chapter 1 Introducing the ZyWALL ZyWALL USG 20/20W User’s Guide 32 1.3 Front Panel This section introduces the Z yWALL’ s front panel. Figure 1 ZyW ALL Front Panel 1.
Chapter 1 Introducin g the ZyWALL ZyWALL USG 20/20W User’s Guide 33 1.4 Management Overview Y ou can use the following ways to manage the ZyW ALL. Web Configurator The W eb Configurator allows easy Z yWALL setup and management using an Internet browser .
Chapter 1 Introducing the ZyWALL ZyWALL USG 20/20W User’s Guide 34 console port. See the Command Reference Guide for more information about the CLI. Console Port Y ou can use the console port to manage the Z yWALL using CLI commands. See the Command Reference Guide for more information about the CLI.
Chapter 1 Introducin g the ZyWALL ZyWALL USG 20/20W User’s Guide 35 The Z yWALL does not stop or start the system processes when you apply configuration fi les or run shell scripts al though you may temporarily lose ac cess to network resources.
Chapter 1 Introducing the ZyWALL ZyWALL USG 20/20W User’s Guide 36.
ZyWALL USG 20/20W User’s Guide 37 C HAPTER 2 Features and Applications This chapter introduces the main features and applications of the Z yWALL. 2.1 Features The Z yWALL’ s security features includ e VPN, firew allconte nt filtering, ADP (Anomaly Detection and Protection), and ce rtificates.
Chapter 2 Features and Applications ZyWALL USG 20/20W User’s Guide 38 Firewall The Z yWALL ’s firewall is a stat eful inspection firew all. The Z yWALL rest ricts access by screening data packets against defined access rules. It can als o inspect sessions.
Chapter 2 Features an d Applications ZyWALL USG 20/20W User’s Guide 39 2.2 Applications These are some example applications for your Z yW ALL. See also Chapter 7 on page 107 for configur ation tutorial examples.
Chapter 2 Features and Applications ZyWALL USG 20/20W User’s Guide 40 2.2.2.1 Full T unnel Mode In full tunnel mode, a virtual connection is created for remote users with private IP addresses in the same subn et as the local network. This allows them to access network resources in the same wa y as if th ey were part of the internal network.
Chapter 2 Features an d Applications ZyWALL USG 20/20W User’s Guide 41 2.2.3 User-A ware Access Control Set up security policies that restrict access to sensitiv e information and shared resources based on the user who is trying t o access it.
Chapter 2 Features and Applications ZyWALL USG 20/20W User’s Guide 42.
ZyWALL USG 20/20W User’s Guide 43 C HAPTER 3 Web Configurator The Z yW ALL W eb Configur ator allows easy Z y WA LL setup and management using an Internet browser . 3.1 W eb Configurator Requirement s In order to use the W eb Configurator , you must • Use Internet Explorer 7 or la ter , or Firefox 1.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 44 2 Open your web browser , and go to http://192.168.1.1 . By default, the Z yW ALL automatically routes this req uest to its HT TPS server , and it is recommended to keep this sett ing.
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 45 5 The screen above appears ev ery time you log in using the default user name and default password. If you chang e the passw ord for the default user account, this screen does not appear anymore.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 46 3.3.1 T itle Bar The title bar pro vides some icons in the upper right corner . Figure 9 Ti t l e B a r The icons provide the following functions. 3.3.1.1 About Click this to display basic information about the Z yWALL.
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 47 The following table descri bes labels that can appear in this sc reen. 3.3.2 Navigation Panel Use the menu items on the na vigation p anel to open screens to configure Z yW ALL features.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 48 3.3.2.2 Monitor Menu The monitor menu screens display status and statistics information. 3.3.2.3 Configuration Menu Use the configurat ion menu screens to configure the ZyW ALL’ s features.
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 49 Interface Por t Ro le Use this screen to set the Z yW ALL’s flexible ports as LAN1 or DMZ. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. PPP Create and manage PPPoE and PPTP interfaces.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 50 BWM Anti- X ADP General Display and manage AD P bindings. Profile Create and manage ADP profiles. Content Filter General Create and manage content filter policies. Filter Profile Create and manage the detailed filtering rules for content filtering policies.
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 51 3.3.2.4 Maintenance Menu Use the mainte nance menu screens to mana ge configuration and firmw are files, run diagnostics, and reb oot or shut down the Z yW ALL. Endpoint Security Create Endpoint Security (EPS) objects.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 52 3.3.3 Main Window The main window shows the screen you sele ct in the navigation panel. The main window screens are discussed in the rest of this document. Right after y ou log in, the Dashboard screen is displa yed.
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 53 3.3.3.2 Site Map Click Site MAP to see an o verview of links to the W e b Configurator screens. Click a screen’ s link to go to that screen. Figure 13 Site Map 3.3.3.3 Object Reference Click Object Reference to open the Object Reference screen.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 54 The fields vary with the type of object. The following table describes labels that can appear in this screen. 3.3.3.4 CLI Messages Click CLI to look at the CLI commands sent by the W eb Configurator .
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 55 3.3.4.1 Manipulating T able Display Here are some of the ways you can manipulate the W eb Configurator tables. 1 Click a column heading to sort the tabl e’ s entries according to that column’ s criteria.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 56 3 Select a column heading cell’ s right border and drag to re-size the column. Figure 18 Resizing a T able Column 4 Select a column heading and drag and drop it to change t he column order .
Chapter 3 Web Configurator ZyWALL USG 20/20W User’s Guide 57 3.3.4.2 Wo rking with T able Entries The tables have icons for wo rking with table ent ries. A sample is shown next. Y ou can often use th e [Shift] or [C trl] key to sel ect multi ple entrie s to remove, activ ate, or deactiv ate.
Chapter 3 Web Con fig ur a tor ZyWALL USG 20/20W User’s Guide 58 you can also use the [Shift] or [ Ctrl] key to select multiple entries, and then use the arrow button to mov e them to the other list.
ZyWALL USG 20/20W User’s Guide 59 C HAPTER 4 Installation Setup Wizard 4.1 Inst allation Setup Wizard Screens If you l og into the W eb Configurator when t he Z yWALL is using its default configuration, the first Installation Setup Wizard screen displays.
Chapter 4 Ins ta llat ion Setu p Wiza rd ZyWALL USG 20/20W User’s Guide 60 The screens v ary depending on the encapsulation t ype. Refer to information provided by y our ISP to know what to ente r in each field. Leave a field blank if y ou don’t have that information.
Chapter 4 Installa tion Setup Wizard ZyWALL USG 20/20W User’s Guide 61 • IP Address : Enter your (s tatic) public IP address. Auto displays i f you selected Auto as the IP Address Assignment in the previous screen. The following fields displa y if you selected stat ic IP address assignment.
Chapter 4 Ins ta llat ion Setu p Wiza rd ZyWALL USG 20/20W User’s Guide 62 • CHAP/PAP - Y our Z yWALL accepts eit her CHAP or P AP when requested by the remote no de. • CHAP - Y our Z yWALL acc epts CHAP only . • PAP - Y our Z yWAL L accepts P AP only .
Chapter 4 Installa tion Setup Wizard ZyWALL USG 20/20W User’s Guide 63 4.1.4 Internet Access: PPTP Note: Enter the Internet access in formation exactly as given to you by your ISP . Figure 27 Internet Access: PPTP Encap sulation 4.1.5 ISP Parameters • Authentication Type - Select an authentication protocol for outgoing calls.
Chapter 4 Ins ta llat ion Setu p Wiza rd ZyWALL USG 20/20W User’s Guide 64 • Select Nailed-Up if you do not want t he connection to time out. Otherwise, type the Idle Timeout in seconds that elapses befo re the rout er automatically disconnects from the PPTP server .
Chapter 4 Installa tion Setup Wizard ZyWALL USG 20/20W User’s Guide 65 4.1.6 Internet Access - Finish Y ou have set up your Z yWALL to access the Internet. Afte r configuring the WAN interface, a screen displays with your sett ings. If the y are not correct , click Back .
Chapter 4 Ins ta llat ion Setu p Wiza rd ZyWALL USG 20/20W User’s Guide 66 Use the Registration > Service screen to update your service subscription status. Figure 29 Registration • Select new myZyXEL.com account if you haven ’ t created an accoun t at myZ yXEL.
Chapter 4 Installa tion Setup Wizard ZyWALL USG 20/20W User’s Guide 67 • Trial Service Activation: Y ou can try a trial service sub scription. The trial period starts the day y ou activate the trial. After the trial expires, you can buy an iCard and enter the license key in the Registration > Service screen to extend the service.
Chapter 4 Ins ta llat ion Setu p Wiza rd ZyWALL USG 20/20W User’s Guide 68.
ZyWALL USG 20/20W User’s Guide 69 C HAPTER 5 Quick Setup 5.1 Quick Setup Overview The W eb Configurator' s quick setup wizards help you configu re Internet and VPN connection settings. This chapt er provid es informat ion on config uring the quick setup screens in the W eb Configur ator .
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 70 5.2 W AN Interface Quick Setup Click WAN Interface in the main Quick Setup screen to open the WAN Interface Quick Setup Wizard Welcome screen. Use these screens to configure an interface to co nnect to the internet.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 71 Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from y our ISP . Figure 34 W AN Interface Setup: S tep 2 The screens v ary depending on what encapsulation t ype you use.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 72 • IP Address Assignment : Select Auto If y our ISP did not assign you a fix ed IP address. Select Static If the ISP assigned a fixed IP address. 5.2.4 W AN and ISP Connection Settings Use this screen to configure the ISP an d WAN interface settings.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 73 Authentication Ty p e Use the drop-down list box to select an authentication protocol for outgoing calls. Options are: CHAP/PAP - Y our ZyW ALL accepts either CHAP or PAP when requested by this remote node.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 74 5.2.5 Quick Setup Interface Wizard: Summary This screen displays t he WAN i nterface’ s setting s. Figure 37 Interface Wizard: Su mmary W AN (PPTP Shown) The following table descri bes the labels in this screen.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 75 5.3 VPN Quick Setup Click VPN Setu p in the main Quick Setup screen to open the VPN Setup Wizard Welcome screen. The VPN wizard cr eates corresponding VPN connection and VPN gateway settings and ad dress objects that you can use later in configur ing more VPN con necti ons or other features.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 76 5.4 VPN Setup Wizard: W izard T ype A VPN (Vi rtual Private Network) tunnel is a secure connecti on to anot her computer or network. Use this screen to select wh ich type of VPN connection you w ant to configure.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 77 5.5 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 39 on page 76 to display the following screen. Figure 40 VPN Express Wizard: S tep 2 Rule Name : T ype the name used to identify this VPN c onnection (and VPN gateway) .
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 78 5.5.1 VPN Express Wizard - Configuration Figure 41 VPN Express Wizard: S tep 3 • Secure Gateway : If Any displa ys in this field, i t is not configurable for the chosen scenario.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 79 5.5.2 VPN Express Wizard - Summary This screen provides a read-only summary of the VPN tunnel’ s configuration and also commands that you can copy and paste into another ZLD-based Z yWALL’ s command line interface to c onfigure it.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 80 5.5.3 VPN Express Wizard - Finish Now you can use the VPN tunnel. Figure 43 VPN Express Wizard: S tep 6 Note: If you have not already do ne so, use t he myZyXEL.com link and register you r ZyW ALL with myZyXEL.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 81 5.5.4 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figure 39 on p age 76 to display the following screen. Figure 44 VPN Advanced Wizard: Scenario Rule Name : T ype the name used to identify this VPN c onnection (and VPN gateway) .
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 82 • Remote Access (Client R ole) - Choose this to connect to an IPSec serv er . This Z yWALL is the cli ent (dial-in user) and can initiate the VPN tunnel.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 83 that uses a 168-bit k ey . As a result, 3DES is more secure than DES. It also requires more processing power , result ing in increased latency and decreased throughput. AES128 uses a 128-bi t key and is faster than 3DES.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 84 • Active Protocol : ESP is compatible with NA T , AH is not. • Encapsulation : Tunn el is com patib le with N A T , Transp ort is not. • Encryption Algorithm : 3DES and AES use encryption.
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 85 5.5.7 VPN Advanced Wizard - Summary This is a read-only summary of the VPN tunnel settings. Figure 47 VPN Advanced Wizard: S tep 5 • Rule Name : Identifies the VPN connection (and the VPN gateway).
Chapter 5 Quick Setup ZyWALL USG 20/20W User’s Guide 86 5.5.8 VPN Advanced Wizard - Finish Now you can use the VPN tunnel. Figure 48 VPN Wizard: S tep 6: Advanced Note: If you have not already do ne so, you can register your ZyW ALL with myZyXEL.com and activate trials of services like Content Filter .
ZyWALL USG 20/20W User’s Guide 87 C HAPTER 6 Configuration Basics This information is pro vided to help y ou configure the Z yWALL effectively . Some of it is helpf ul when you are just getting st arted. Som e of it is provi ded for your reference when you configure various features in the Zy WALL.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 88 change an Ethernet interf ace’ s IP address, the Z yWALL automatic ally updates the rules or settings that use the interf ace-based, LAN subnet ad dress object. Y ou can use the Configuration > Objects screens to create objects before you configure features that use them.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 89 6.2.1 Interface T ypes There are man y types of interfaces in th e Z yWALL. In addition to being used in various features, i nterfaces also describe the network that is directly connected to the ZyW ALL.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 90 6.2.2 Default Interface and Zone Configuration This section introduces the Z yWA LL’ s default zone member ph ysical interfaces and the default configuration of those interfac es.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 91 • The DMZ zone contains the dmz interface (physical port P6 ). The DMZ zo ne has servers that are a vailable t o the public. The dmz interface uses private IP address 192.168.3.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 92 T raffic in > Defragmentation > Destinat io n NA T > Routing > Stateful Firewall > ADP > Applicatio n Classificati on > Content Filter > Ant i-Spam > SNA T > Bandwidth Management > Fragmentation > T raffic Out.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 93 of the sections, the Z yWALL stops checking the packets against the routing table and moves on to the other checks, for example the firew all check.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 94 4 Auto VPN Policy : The Z yWALL automatically creates these routing entri es for the VPN rules. Disabling the IPS ec VPN feature’ s Use Policy Route to control dynamic IPSec rules option moves the routes for dynamic IPSec rules up abov e the policy routes (see Section 23.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 95 4 SNA T is also now performed by default and included in the NA T table. 6.5 Feature Configuration Overview This section provi des information about configuring the main features in the Z yWALL.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 96 6.5.2 Licensing Registration Use these screens to register your Z yWA LL and subscribe to s ervices like more SSL VPN tunnels, and content filtering. Y ou mu st have Internet access to myZyXEL .
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 97 and general NA T on the source address. Y ou have to set up th e criteria, next-hops, and NA T settings first. Example: Y ou have an FTP server connected to P6 (in the DMZ zo ne).
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 98 6.5.6 S t atic Routes Use static routes to tell the Z yW ALL abou t networks not directly connected to the Zy WA L L . 6.5.7 Zones See Section 6.2 on page 88 for background information.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 99 Example: Suppose you ha ve an FTP serv er with a private IP address connected to a DMZ port. Y ou could confi gure a NA T rule to forwards FTP sessions from t he WAN t o t he D M Z .
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 100 5 Specify the IP address of the HT TP proxy server . 6 Specify the port number to use for the HT TP traff ic that you forward to the proxy server .
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 101 1 Create a V oIP service obje ct for UDP port 5060 tr affic ( Configuration > Object > Service ). 2 Create an address object for the V oIP server ( Configuration > Object > Address ).
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 102 6.5.16 Bandwid th Management Use bandwidth management (BWM) to configure a BWM rule for a specific IP address, destination port or IP r ange and specify all owed amounts of bandwidth and priorities.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 103 2 Create a schedule for the work day ( Configuration > Object > Schedule ). 3 Click Configuration > Anti-X > Content Filter > Filter Profile . Click the Add icon to go to the sc reen where you ca n configure a category-based profil e.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 104 The following table introduces the objects. Y ou can also use this table when you want to delete an object becau se you have to delete re ferences to the object first. 6.6.1 User/Group Use these screens to configure the ZyW ALL’ s administr ator and us er accounts.
Chapter 6 Configu ra tio n Bas i cs ZyWALL USG 20/20W User’s Guide 105 6.7 System This section introduces some of the management featu res in the Z yW ALL. Use Host Name to configure the system and domain name for the Z yW ALL. Use Date/Time to configure t he current dat e, time, and time zone in the Z yWALL.
Chapter 6 Con fig u ratio n Bas ics ZyWALL USG 20/20W User’s Guide 106 6.7.3 File Manager Use these screens to upload, download, de lete, or run scripts of CLI commands. Y ou can manage • Configur ation files. Use configur ation fi l es to back up and restore the complete configuration of the Z yWALL.
ZyWALL USG 20/20W User’s Guide 107 C HAPTER 7 Tutorials Here are examples of using the W eb Conf igurator to set up features in the Zy WA L L . Note: The tuto rials featured here require a basi c understand ing of connecting to and using the W eb Configurator , see Chapter 3 on page 43 for details.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 108 •C o n v e r t P5 (lan2) into a dmz interface. This dmz interface is us ed for a protected local network. It uses IP ad dress 192.168.4.1 and has a DHCP serv er . Add it to the LAN zone so all of the LAN zone’ s security policies apply to it.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 109 Click Configuration > Network > Interface > Ethernet and double-clic k the wan1 interface’ s entry . Select Use Fixed IP Address and configure the IP address, subnet mask, and defa ult gatewa y settings and click OK .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 0 1 Click Configuration > Network > Interface > Ethernet and double-clic k the lan2 interfac e’ s entry . The Interface Type should be internal . Set the IP Address to 192.168.4.1 and the Subnet Mask to 255.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 111 2 Enter VPN as the name, select WIZ_VPN_Conne ction and mov e it to the Member bo x and click OK . Figure 58 Configura tion > Network > Zone > W AN Edit 7.2 How to Configure a Cellular Interface Use 3G cards for cellular W AN (Internet) connections.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 2 4 Enable the interface and add it to a z one. It is highly recommended that you set the Zone to WAN to apply your W AN zone securi ty settings to this 3G connection. Leaving Zone set to none has the Z yW ALL not apply any securit y settings to the 3G connection.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 3 6 The Z yWALL automatically adds the cellular interface to the system defa ult WA N trunk. If the ZyW ALL is using a user-confi gured trunk as its default trunk and y ou want this cellular interface to be part of it, use the Trunk screens to add it.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 4 1 Click Configuration > Network > Interface > Ethernet and double-clic k the wan1 entry .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 5 2 Name the tru nk and set th e Load Balancing Algorithm field to Weighted Round Robin . Add wan1 and enter 2 in the Weight column.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 6 3 Select the trunk as the defaul t trunk and click Apply . Figure 65 Configura tion > Network > Interface > T runk 7.4 How to Set Up an IPSec VPN T unnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 7 In this example, the Z yWALL is router X (1. 2.3.4), and the remote IPSec router is router Y (2.2.2.2). Create the VPN tunnel between Z yW ALL X ’s L A N s u b n e t (192.168.1.0/24 ) and the LAN subnet behind peer IPSec router Y (172 .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 8 7.4.2 Set Up the VPN Connection The VPN con nection mana ges the IP Sec SA. Y ou have to set up th e address objects for the local network and remote net work before you can set up the VPN connection.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 11 9 4 Enable the VPN connection an d name it (“VPN_CONN_EXAM PLE”). Under VPN Gateway select Site-to-site and the VPN gateway ( VPN_GW_EXAMPLE ). Under Policy , select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the remote.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 120 7.5 How to Configure User-aware Access Control Y ou can configure many policies and security settings for spec ific users or groups of users. This is illustr ated in the following example, where you will set up the following policie s.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 121 2 Enter the same us er name that is us ed in the RADIUS server , and set the User Type to ext-user because this user account is authenticated by an external server .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 122 2 Enter the name of the group that is used in the example in T able 18 on page 120 . In this example, it is “Finance” . Then, select User/Leo and click the right arrow to move him to the Member list.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 123 1 Click Configuration > Object > AAA Server > RADIUS . Double-click the radius entry . Configure the RADIUS server’ s address authentication port ( 1812 if you were not told otherwise), key , and click Apply .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 124 Note: The users will have to log in using the W eb Configurator login screen befor e they can use HTTP or MSN.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 125 1 Click Configuration > Object > AAA Server > RADIUS . Double-click the radius entry .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 126 2 Now you add ext -group-user user objects t o identify groups based on the group identifier values. Set up one user account for each group of user account s in the RADIUS server . Click Configuration > Object > User/Group > User .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 127 • Select Endpoint must have Personal Firewall installed and move the K asper sky Interne t Security entr ies to th e allowed list (you can double-click an entry to move it).
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 128 Repeat as needed to c reate endpoint s ecu rity objects for othe r Windows ope rating system versions. 7.7.2 Configure the Authentication Policy Click Configuration > Auth. Policy > Add to open the En dpoint Security Edit screen.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 129 4 T urn on authentication policy and click Apply . Figure 79 Configura tion > Auth. Policy The following figure shows an error me ssage example when a user’ s computer does not meet an endpoint securi ty object’ s requirements.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 130 user access (logging into SSL VPN for example). See Chapter 43 on page 629 for more on service control. The T o-Z yWALL firew all rules apply to any ki nd of HT TP or HT TPS connection to the Z yWALL .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 131 4 Select the new rule and click the Add icon. Figure 83 Configura tion > System > WWW (First Example Admin Service Rule Configured) 5 In the Zone field select ALL and set the Action to Deny .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 132 6 Click Apply . Figure 85 Configura tion > System > WWW (Sec ond Example Admin Service Ru le Configured) Now administr ator access to the W eb Config ur ator can only come from the LAN1 zone.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 133 for wan1 IP address 10. 0.0.8 to a H.323 de vice located on the LAN and using IP address 192.168.1.56. Figure 86 W AN to LAN H.323 Peer-to-peer Calls Example 7.9.1 T urn On the ALG Click Configuration > Network > ALG .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 134 1 Use Configuration > Object > Address > Add to create an address object f or the public W AN IP address (called W AN_IP-for-H323 here). Then use it again to create an address object for the H.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 135 2 Click Configuration > Network > NAT > Add. Configure a name for the rule (W AN-LAN_H323 here). Y ou want the LAN H.323 device to receive peer-t o-peer calls from the WAN and also be able to initiate calls to t he WAN so you set the Classification to NAT 1:1 .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 136 1 Click Configuration > Firewall > Add . In the From field select W AN. In the To field select LAN1. Configure a name for the rule (WAN-to-LAN_H323 here). Set the Destination to the H.323 device’ s LAN1 IP address object ( LAN_H323 ).
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 137 7.10.1 Create the Address Object s Use Configuration > Object > Address > Add to create the address objects. 1 Create a host address object named DMZ_HT TP for the HT TP server’ s priv ate IP address of 192.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 138 • K eep Enable NAT Loopback selected to allow users connected to other interfaces to access the HTTP server (see NA T Loopback on page 343 for details). Figure 94 Creating t he NA T Entry 7.10.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 139 1 Click Configuration > Firewall > Add . Set the From field as WAN and the To field as DMZ . Set the Destination to the HT TP server ’ s DMZ IP address object ( DMZ_HTTP ). DMZ_HTTP is the destination because the Z yW ALL applies NA T to traffic before applying the firewal l rule.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 140 address 1.1.1.2 that you wi ll use on the wan1 interface and map to the IPPBX’ s privat e IP address of 192.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 141 7.1 1.1 T urn On the ALG Click Configuration > Network > ALG . Select Enable SIP ALG and Enable SIP Transformations and click Apply .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 142 2 Create a host address object named IPPB X -Public for thepubli c WAN IP addre ss 1.1.1.2. Figure 99 Creating t he Public IP Address Object 7.1 1.3 Setup a NA T Policy for the IPPBX Click Configuration > Network > NAT > Add.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 143 •C l i c k OK . Figure 100 Configu ration > Network > NA T > Add 7.1 1.4 Set Up a W AN to DMZ Firewall Rule for SIP The firewall blo.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 144 1 Click Configuration > Firewall > Add . Set the From field as WAN and the To field as DMZ . Set the Destination to the IPPBX’ s DMZ IP address objec t ( DMZ_SIP ). IPPBX_DMZ is the destin ation be caus e the Z yWALL applies NA T to traffic before applying the firewal l rule.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 145 1 Click Configuration > Firewall > Add . Set the From field as DMZ and the To field as LAN . Set the Destination to the IPPBX’ s DMZ IP address object ( DMZ_SIP ). Set the Source to IPPBX_DMZ .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 146 7.12.2 Configure the Policy Route Now you need to configure a policy r out e that has the ZyW ALL use the range of public IP addresses as the source address for W AN to LAN traffic. Click Configuration > Netw ork > Routing > Add .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 147 the WLAN interfaces before or af ter you ins tall the wireless LAN card. This example shows how to create a WLAN interface that uses WP A or WP A2 security and the Z yWALL ’s local user database for authentication.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 148 2 Edit this screen as f ollows. A (internal) name for the WLAN int erface displays. Y ou can modify it if y ou want to. The Z yWALL ’s security settings are configured by zones. Select to which securit y zone you want the WLAN interface to belo ng (the WLAN zone in this example).
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 149 Figure 106 Configu ration > Network > Interface > WLAN > Ad d.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 150 3 T urn on the wireless LAN and click Apply . Figure 107 Configu ration > Network > Interface > WLAN 7.13.3 Set Up the Wireless Client s to Use the WLAN Interface The following sections show you how to have a wireless client (not included with the Z yWALL) use the wireless network.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 151 1 Open the wireless client utility and c lick Profile . Figure 108 ZyXEL Wireless Client 2 Add a new profile. This example uses “Z YXEL_WP A ” as the name. It is also the SSID (name) of the wireless netw ork.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 152 3 Select WPA2 as the security t ype and click Next . Figure 1 10 ZyXEL Wireless Client > Profile : Security T ype 4 Set the encryption type to TKIP and the EAP type to TTLS . Configure wlan_user as the Login Name and enter the account’ s password (als o wlan_user in this example.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 153 5 Confirm your setti ngs and click Save . Figure 1 12 ZyXEL Wireless Client > Profile: Save 6 Click Activate Now .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 154 7 The ZYXEL_WPA profile displays in your list of profiles. Figure 1 14 ZyXEL Wireless Client > Profile : Activate Since the Z yXEL utility does not have the wi reless client v alidate the Z y W ALL’ s certificate, you can go to Section 7.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 155 2 Name the profile (this example uses ZYXEL_WPA ). In th e User Info tab, configure wlan_user as the Login name .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 156 4 Click the TTLS tab and select PAP . Then click OK . Figure 1 18 Odyssey Access Client Manager > Profiles > Authentica tion 5 Click Networ ks > Add .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 157 6 Enter the name of the wireless network (“ ZYXEL_WP A ” in this example) or click Scan to look for it. Then select Authenticate us ing profile and select the profi le you configu red (“ZYXEL_WP A ” in this example) .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 158 1 In Internet Explorer , click Tools > Internet Options > Content and click the Certificates button. Figure 121 Internet Explorer: T ools > Internet Options > Content 2 Click Import .
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 159 3 Use the wizard screens to import the ce rtificate. Y ou may need to change the Files of Type setting to All Files in order to see th e certificate file.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 160 5 If you get a sec urity warning scre en, click Yes to pr oceed. Figure 125 Internet Explorer Certif icate Import Certificate W arning Screen.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 161 6 The Internet Explorer Certificates screen rema ins open after the import is done. Y ou can see the newly impor t ed certificate listed in the Trusted Root Certification Authorities tab.
Chapter 7 Tutorials ZyWALL USG 20/20W User’s Guide 162 7.13.3.4 Wireless Client s Use th e WLAN Interface A login screen disp lays when the wirel ess client attem pts to connect to the wireless interface. Enter the us ername and password and c lick OK .
163 P ART II Technical Reference.
164.
ZyWALL USG 20/20W User’s Guide 165 C HAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to check status information about the Z yWALL. 8.1.1 What Y ou Can Do in this Chapter Use the Dashboard screens for the following. •U s e t h e m a i n Dashboard screen (see Section 8.
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 166 interface status in widgets that you can re-arrange to suit y our needs. Y ou can also collapse, refresh, and close individual widgets.
Chapter 8 D as hb oa rd ZyWALL USG 20/20W User’s Guide 167 The following table descri bes the labels in this screen. A B C D E USG 20W T able 19 Dashboard LABEL DESCRIPTION Widget Setting (A) Use this link to re-open closed widgets. Widgets that are already open appear grayed out.
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 168 Device This field displays the name of the device conn ected to the extension slot (or none if no device is detected). Status This field displays the current status of each interface or de vice installed in a slot.
Chapter 8 D as hb oa rd ZyWALL USG 20/20W User’s Guide 169 DHCP T able Click this to look at the IP ad dresses currently assigned to the ZyW A LL’ s DHCP clients and the IP addresses re served for specific MAC addresses. See Section 8.2.5 on page 174 .
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 170 Interface Status Summary If an Ethernet interface does not hav e any physical ports associated with it, its entry is displayed in light gr ay text. Click the De tail i c o n t o g o t o a (more detailed) summary screen of interface statistics.
Chapter 8 D as hb oa rd ZyWALL USG 20/20W User’s Guide 171 8.2.1 The CPU Usage Screen Use this screen to l ook at a char t of the Z yW ALL’ s recent CPU us age. T o access t his screen, click CPU Usage in the dashboard. Figure 129 Dashboard > CPU Usage V ersion This is the version number of the content filtering signatures.
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 172 The following table descri bes the labels in this screen. 8.2.2 The Memory Usage Screen Use this screen to look at a chart of the Z yWALL ’ s recent memory (RAM) usag e. T o access this screen, click Memory Usage in the dashboard.
Chapter 8 D as hb oa rd ZyWALL USG 20/20W User’s Guide 173 8.2.3 The Active Sessions Screen Use this screen to look at a chart of the Z yWALL’ s recent tr affic session usage. T o access this screen, click Session Usage in the dashboard. Figure 131 Dashboard > Sessio n Usage The following table descri bes the labels in this screen.
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 174 8.2.4 The VPN S t atus Screen Use this scr een to look at the VPN tunnels that are currently established. T o access this screen, click VPN Status in the das hboard. Figure 132 Dashboard > VPN S tatus The following table descri bes the labels in this screen.
Chapter 8 D as hb oa rd ZyWALL USG 20/20W User’s Guide 175 The following table descri bes the labels in this screen. 8.2.6 The Number of Login Users Screen Use this screen to look at a list of the users currently logged into the Z y WALL . T o access this screen, click the dashboard’ s Number of Login Users icon.
Chapter 8 Das hb o ar d ZyWALL USG 20/20W User’s Guide 176 The following table descri bes the labels in this screen. T able 25 Dashboard > Number of Login Users LABEL DESCRIPTION # This field is a sequential v alue and is not associated with any entry .
ZyWALL USG 20/20W User’s Guide 177 C HAPTER 9 Monitor 9.1 Overview Use the Monitor screens to check stat us and statistics information . 9.1.1 What Y ou Can Do in this Chapter Use the Monitor screens for the foll owing. •U s e t h e System Status > Port Statistics screen (see Section 9.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 178 •U s e t h e VPN Monitor > IPSec screen ( Section 9.12 on page 196 ) to di splay and manage active IPSec SAs. •U s e t h e VPN Monitor > SSL screen (see Section 9.13 on page 198 ) to list the users currently logged into the VPN SSL client portal.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 179 The following table descri bes the labels in this screen. T able 26 Monitor > System S t atus > Port S tatistics LABEL DESCRIPTION P oll Interval Enter how often you want this window to be u pdated automatically , and click Set Interval .
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 180 9.2.1 The Port S t atistics Graph Screen Use this sc reen to look at a l ine graph of packet statisti cs for eac h physical port. T o access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button .
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 181 9.3 Interface S t atus Screen This screen lists all of the Z yW ALL’ s interfaces and giv es packet stat istics for them. Click Monitor > System Status > Inter face Status to access this screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 182 P ort This field displays the physical port number . Status This field displays the current status of each interface. The possible values depend on what type of interface it is. F or Ethernet interfaces: Inactive - The Ethernet interface is disabled.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 183 9.4 The T raffic S t atistics Screen Click Monitor > System Status > Tr aff ic Statistics to display the Traffic Statistics screen. This screen provides basic information about the following for example: • Most- visited W eb sites and the number of times each one w as visited.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 184 Y ou use the Traffic Statistics screen to tell the Z yWALL when to start and when to stop collec ting information for these reports. Y ou cannot schedule data collection; you ha ve to start and stop it manually in the Traffic Statistics sc reen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 185 T raffic T ype Select the type of report to display . Choices are: Host IP Address/User - displays the IP addresses or users with the most traffic and h ow much traffic has been sent to and from each one.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 186 The following table displa ys the maximum number of records shown in the re port, the byt e count limit, and t he hit count limit. 9.5 The Session Monitor Screen The Session Mo nitor screen displays information about active ses sions for debugging or statistical analysis.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 187 • Number of bytes tr ansmitted (so far) • Durati on (so far) Y ou can look at all the active sessions by user , service, source IP address, or destination IP address.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 188 User This field displays when View is set to all sessions . T ype the user whose sessions you want to view . It is not possible to type part of the user name or use wildcards in this field; you must enter the whole user name.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 189 9.6 The DDNS S t atus Screen The DDNS Status screen shows the s tatus of t he Zy WALL’ s DDNS d omain names.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 190 established a session with the Z yWALL. Devices that have never establi shed a session with the Z yWALL do not displa y in the list. Figure 141 Monitor > System S tatus > IP/MAC Binding The following table descri bes the labels in this screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 191 The following table descri bes the labels in this screen. 9.9 WLAN S t atus Screen The WLAN Stat us screen displ ays the connection s tatus of the wirele ss clients connected to (or trying to connect to) a IEEE 802.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 192 9.10 The following table describes the labels in this menu. Cellular S t atus Screen This screen displays y our 3G connection stat us. click Monitor > System Status > Cellular Status to display this scre en.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 193 Status No device - no 3G device is connected to the Z yWALL. No Service - no 3G network is av ailable in the area; you cannot connect to the Internet.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 194 9.10.1 More Information This screen displays more informati on on your 3G, such as the signal strength, IMEA/ESN and IMSI that helps identi fy your 3G device and SIM card. Click Monitor > System Status > More Information to display this screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 195 The following table descri bes the labels in this screen. 9.1 1 USB S torage Screen This screen displays i nformation about a connected USB storage device. Click Monitor > System Status > USB Storage to display this scr een.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 196 The following table descri bes the labels in this screen. 9.12 The IPSec Monitor Screen Y ou can use the IPSec Monitor screen to display and to manage active IPSec SAs. T o access this screen, clic k Monitor > VPN Monitor > IPSec .
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 197 screen appears. Click a column’ s heading cell to sort the table entries b y that column’s criteria. Click the headin g cell ag ain to r everse the sort orde r . Figure 147 Monitor > VPN Monitor > IPSec Each field is desc ribed in the followi ng table.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 198 9.12.1 Regular Expressions in Searching IPSec SAs A question mark (?) lets a single char acte r in the VPN connecti on or policy name vary . F or example, use “a?c” (without the quotation marks) to specify abc, acc and so on.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 199 Once a user logs out, the corresponding entry is removed f rom the Connectio n Monitor screen. Figure 148 Monitor > VPN Monitor > SSL The following table descri bes the labels in this screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 200 9.14 The Content Filter S t atistics Screen Click Monitor > Anti-X Statistics > Content Filter to displa y the following screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 201 Flush Data Click this button to discard all of the screen’ s statistics and update the report display . W e b Request Statistics To t a l W e b Pa g e s Inspected This field displays the numb er of web pages that the ZyW ALL’ s content filter feature has checked.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 202 9.15 Content Filter Cache Screen Click Monitor > Anti-X Statistics > Content Filter > Cache to display the Content Filter Cache screen. Use this screen to view and configure your Z yWALL ’ s URL caching.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 203 The following table descri bes the labels in this screen. T able 41 Anti-X > Content Filter > Cache LABEL DESCRIPTION URL Cache Entry R efresh Click this button to reload the list of content filter cache entries.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 204 9.16 The Anti-S p am St atistics Screen Click Monitor > Anti-X Statistics > Anti-Spam to disp lay the following screen. This screen displays sp am statistics. Figure 151 Monitor > Anti-X S tatistics > Anti-S pam The following table descri bes the labels in this screen.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 205 Spam Mails This is the number of e-mails that the Z yW ALL has determined to be spam. Spam Mails Detected by Black List This is the number of e-mails that matched an entry in the ZyW ALL’ s anti- spam black list.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 206 9.17 The Anti-S p am St atus Screen Click Monitor > Anti-X Statistics > Anti-Spam > Status to display the Anti- Spam Status scre en. Use the Anti-Spam Status screen to see how many e-mail sessions the anti- spam feature is scanning an d statis tics for the DNSBLs.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 207 9.18 Log Screen Log messages are stored in two separate logs, one for regular log messages and one for debugging messages. In the regu lar log, you can look at all the log messages by selecting All Logs , or you can select a specific category of log messages (for example, firewall or user).
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 208 The following table descri bes the labels in this screen. T able 44 Monitor > Log LABEL DESCRIPTION Show Filter / Hide Filter Click this button to show or hide th e filter settings.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 209 The W e b Configurat or saves the f ilter settings if you leave the View Log screen and return to it later . Priority This field displays the priority of the log message. It has the same range of values as the Priority field above.
Chapter 9 Monitor ZyWALL USG 20/20W User’s Guide 210.
ZyWALL USG 20/20W User’s Guide 21 1 C HAPTER 10 Registration 10.1 Overview Use the Configura tion > Licensing > Reg i stratio n screens to register y our Z yWALL and manage its service subscript ions. 10.1.1 What Y ou Can Do in this Chapter •U s e t h e Registration screen (see Section 10.
Chapter 10 Reg i str at ion ZyWALL USG 20/20W User’s Guide 212 Subscription Services A vailable on the ZyW ALL Y ou can have the Z yWALL use and content f ilteri ng subscription services. Y ou can also purchase and enter a license key t o have the ZyW ALL use more SSL VPN tunnels.
Chapter 10 Registration ZyWALL USG 20/20W User’s Guide 213 The following table descri bes the labels in this screen. T able 45 Configuration > Licensing > Registration LABEL DESCRIPTION General Settings If you select existing myZy XEL.co m account , only the User Name and Password fields are available.
Chapter 10 Reg i str at ion ZyWALL USG 20/20W User’s Guide 214 Note: If the ZyW ALL is registered already , this screen is read-only and indicates whether trial services are activated (if any). Y ou can still select th e unchecked trial service(s) to activate it after registra tion.
Chapter 10 Registration ZyWALL USG 20/20W User’s Guide 215 The following table descri bes the labels in this screen. T able 46 Configuration > Licensing > Registration > Service LABEL DESCRIPTION License Status # This is the entry’ s position in the list.
Chapter 10 Reg i str at ion ZyWALL USG 20/20W User’s Guide 216.
ZyWALL USG 20/20W User’s Guide 217 C HAPTER 11 Interfaces 1 1.1 Interface Overview Use the Interface screens to configure the Z yWALL ’ s in terfaces. Y ou can also create interfaces on top of other interfaces. • Ports are the physi cal ports to whic h you connec t cables.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 218 1 1.1.2 What Y ou Need to Know Interface Characteristics Interfaces generally have the followi ng characteristics (although not all characteristics apply to each t ype of interface). • An interface is a logical entit y through which (lay er-3) packets pass.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 219 virtual--have a lot of similar characteristics. These characteristics are l isted in the following table and discussed in more detail below . - * The format of interface names other than the Ether net and ppp interface names is strict.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 220 * - Y ou cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if the underlying interface is a member of a bridge.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 221 ports at the lay er-2 (data link, MAC addr ess ) level. This provides wi re-speed throughput bu t no security .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 222 1 1.3 Ethernet Summary Screen This screen lists every Ethernet interface and virtual interface created on top of Ethernet interfaces. T o access this screen, click Configuration > Network > Interface > Ethernet .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 223 Each field is described in the following table. 1 1.3.1 Ethernet Edit The Ethernet Edit screen lets you configure IP address assignment, interface parameters, RIP set tings, OSPF settings, DHCP settings, connectivi ty check, and MAC address settings.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 224 • Enable and disable RIP i n the underlying physical port or port group . • Select which direction( s) routing information is ex changed - The Z yW ALL can receive routing information, send routing informati on, or do both.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 225 Figure 159 Configu ration > Network > Interface > Ethernet > Edit (W AN).
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 226 Figure 160 Configu ration > Network > Interface > Ethernet > Edit (DMZ) This screen’ s fields are desc ribed in the table below .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 227 Interface T ype This field is read-only . Internal is for connecting to a local network. Other corresponding configuration options: DHC P server and DHCP relay . The ZyW ALL automatically adds default SNA T settings for traffic flowing from this interface to an external interface.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 228 Metric This option appears when Interface Properties is Exter nal or General . Enter the priority of the gateway (if any) on this interface. The Z yWALL decides which gateway to use based on this priority .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 229 Check P ort This field only displays when you set the Check Method to tcp . Specify the port number to use for a TCP connectivity check . DHCP Setting These fields appear when Interface Properties is Internal or General .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 230 First WINS Server , S econd WINS Server T ype the IP address of the WINS (Wind ows Internet Naming Service) server that you w ant to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 231 V2-Broadcast This field is effective when RIP is enabled. Select this to send RIP-2 packets using subnet broadcasting; otherwise, the Z yWALL uses multicasting. OSPF Setting See Section 14.3 on page 315 for more information about OSPF .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 232 1 1.3.2 Object References When a configuration sc reen includes an Object References icon, select a configur ation object and click Object Referenc es to open the Object References screen. Th is screen disp lays which config uration settings refere nce the selected object.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 233 1 1.4 PPP Interfaces Use PPPoE/PPT P interfaces to connect to your ISP . This way , you do not have to install or manage PPP oE/PPTP software on each computer in the network. Figure 162 Example: PPPoE/PP TP Interfaces PPP oE/PPTP interfaces are similar to other interfaces in som e ways.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 234 1 1.4.1 PPP Interface Summary This screen lists every PPP oE/PPTP inte rface. T o access this s creen, click Configuration > Network > Interface > PPP . Figure 163 Configuration > Network > Interface > PPP Each field is desc ribed in the table bel ow .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 235 1 1.4.2 PPP Interface Add or Edit Note: Y ou have to set up an ISP account bef ore you create a PPPoE/PPTP interface. This screen lets you configure a PPPoE or PPTP interface. T o access this screen, click the Add icon or an Edit icon in the PPP Interface screen.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 236 Figure 164 Configuration > Network > Interface > PPP > Add.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 237 Each field is explained in the following table. T able 54 Configuration > Network > Interface > PPP > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to displa y a greate r or lesser num ber of configur ation fields.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 238 IP Address This field is enabled if you select Use Fixed IP Address . Enter the IP address for this interface. Metric Enter the priority of the gatewa y (the ISP) on this interface. The Z yWALL decides which gatewa y to use based on this priority .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 239 1 1.5 Cellular Configuration Screen (3G) 3G (Third Generation) i s a di gital, pack et -switched wireless te chnology . Bandwidth usage is optimized as mult iple users sh are the same channel and bandwidth is only allocated to users when they send da ta.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 240 Aside from selecting the 3G network, the 3G card may also select an av ailable 2.5G or 2.75G network automat ically . See the following table for a comparison between 2G, 2.5G, 2.75G and 3G of wireless technologies.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 241 Figure 165 Configu ration > Network > Interface > Cellular The following table descri bes the labels in this screen. 1 1.5.1 Cellular Add/Edit Screen T o change your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit ).
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 242 Figure 166 Configu ration > Network > Interface > Cellular > Add.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 243 The following table descri bes the labels in this screen. T able 57 Configuration > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to displa y a greater or lesser number of configur ation fields.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 244 Dial String En ter the dial string if y our ISP provides a string, which w ould include the APN, to initialize the 3G card. Y ou can enter up to 63 ASCII printable characters. Spaces are allowed.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 245 Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the Z yWALL can send through the interface to the network. Allowed values are 0 - 1048576. This setting is used in W AN load balancing and bandwidth management.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 246 Get Automatically Select this option If your ISP did not assign you a fixed IP address. This is the default selection. Use Fixed IP Address Select this option If the ISP assigned a fixed IP address.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 247 Time Budget Select this and specify the amount of time (in hours) that the 3G connection can be used within one month. If you change the value after you configure and enable budget control, the Z yW ALL resets the statistics.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 248 1 1.6 WLAN Interface General Screen This feature is av ailable for USG 20W only . The following figure provides an exam ple of a wireless network. The wireless network is in the blue circle.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 249 • Every device in a wireless network must use the same S SID. The SSID is the name of the wireless netw ork. It stands for Service Set IDentity . • Different wireless networks in the sa me area should use different channels.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 250 The following table descri bes the labels in this screen. T able 58 Configuration > Network > Interface > WLAN LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to display a greate r or lesse r number of configuration fields.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 251 QoS Select the Quality of Service priority for this tr affic. •I f y o u s e l e c t WMM (Wi-Fi Multimedia) from the QoS list, the priority of a data packet depends on the packet’ s IEEE 802.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 252 1 1.6.1 WLAN Add/Edit Screen Use the strongest security that ev ery wi reless cl ient in the wireless network supports. Note: WP A2 or WP A2-PSK security is recommended. • Y ou can use the Z yWALL’ s local user da tabase to use WP A or WP A2 without using an external RADIUS server .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 253 Figure 169 Configu ration > Network > Interface > WLAN > Add (No Security).
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 254 The following table descri bes the genera l wireless L AN labels in this screen. T able 60 Configuration > Network > Interf ace >.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 255 IP Address Enter the IP address for this interface. Subnet Mask Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 256 P ool Size Enter the number of IP addresse s to allocate. This number must be at least one and is limited by the interface’ s Subnet Mask . For example, if the Subnet Mask is 255.255.255.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 257 Direction This field is effective when RIP is enabled. Select the RIP direction from the drop-down list box. BiDir - This interface sends and receives routing information. In-Only - This interface receives routing information.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 258 1 1.6.2 WLAN Add/Edit: WEP Security WEP provides a mechanism for encrypting data using encryption ke ys. Both the Z yWALL and the wireless stations must use the same WEP k ey to encrypt and decrypt data.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 259 The following table descri bes the WEP-related wireless LAN security lab els. See T able 60 on page 254 for information on the 802.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 260 The following table descri bes the WPA -PSK/WP A2-PSK -related wireless LAN security labels. 1 1.6.4 WLAN Add/Edit: WP A/WP A2 Security With WP A or WPA2 security , each user can have a separ ate user name and password.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 261 Figure 172 Configu ration > Network > Interface > WLAN > Add (WP A/WP A2 Security) The following table describes t he WPA/WP A2-related wireless LAN security labels.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 262 1 1.7 WLAN Interface MAC Filter This feature is av ailable for USG 20W only . The MAC filter allows you to give specific wireless clients .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 263 Figure 173 Network > Interface > WLAN > MAC Filter The following table descri bes the labels in this screen.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 264 1 1.8 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network into multiple logical networks. The standard is defined in IEEE 802.1q. Figure 174 Example: Before VLAN In this examp le, there are tw o phys ical networks and three departments A , B , and C .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 265 • T raffic in side each VLAN is layer-2 commun icatio n (data link layer , MA C addresses). It is handled by the switches. As a res ult, the new swit ch is required to handle tr affic inside VLAN 2.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 266 1 1.8.1 VLAN Summary Screen This screen lists ev ery VLAN interface and virtual interface created on top of VLAN interfaces. T o access this screen, click Configuration > Network > Interface > VLAN .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 267 1 1.8.2 VLAN Add/Edit This screen lets you configure IP ad dress assignment, interface bandwidth parameters, DHCP setti ngs, and connectivit y check for each VLAN interface.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 268 Figure 177 Configu ration > Network > Interface > VLAN > Edit.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 269 Each field is explained in the following table. T able 66 Configuration > Network > Interface > VLAN > Edit LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to displa y a greate r or lesser num ber of configur ation fields.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 270 Metric Enter the priority of the gateway (if any) on this interface. The Z yWALL decides which gatewa y to use based on this priority . The lower the number , the higher the priority . If two or more gateways have the same priority , the ZyW ALL uses the one that was configured first.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 271 DHCP Select what type of DHCP service the Z yW ALL provides to the network. Choices are: None - the ZyW ALL does not provide any DHCP services. There is already a DHCP serv er on the network. DHCP Relay - the Z yWALL ro utes DHCP requests to one or more DHCP servers you specify .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 272 Lease time Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are: infinite - select this if IP addresses never expire days, hours, and minutes - select this to enter how long IP addresses are valid.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 273 OSPF Setting See Section 14.3 on page 315 for more information about OSPF . Area Select the area in which this inte rface belongs.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 274 1 1.9 Bridge Interfaces This section introduces bridges and bri dge interfaces and then explains the screens for bridge interfaces. Bridge Overview A bridge creates a connection between two or more network segments at the layer-2 (MAC address) level.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 275 If computer B responds to computer A, bridge X records the source address 0B:0B:0B:0B:0B:0B and port 4 i n the table. It also looks up 0A:0A:0A:0A:0A: 0A in the table and sends the packet to port 2 accordingly .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 276 remove from a b ridge interface when the underlying interface is added or removed. 1 1.9.1 Bridge Summary This screen lists every bridge interface and vi rtual interface created on top of bridge interfaces.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 277 1 1.9.2 Bridge Add/Edit This screen lets you configure IP ad dress assignment, interface bandwidth parameters, DHCP setti ngs, and connectivit y check for each bridge interf ace.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 278 Figure 179 Configu ration > Network > Interface > Bridge > Add.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 279 Each field is desc ribed in the table bel ow . T able 71 Configuration > Network > Interface > Bridge > Edit LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to displa y a greate r or lesser num ber of configur ation fields.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 280 Gateway This field is e nabled if you select Use Fixed IP Address . Enter the IP address of the gateway . The Z yWALL sends packets to the gatewa y when it does not know how to route the packet to its destination.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 281 IP P ool Start Address Enter the IP address from which the ZyW ALL begins allocating IP addresses. If you want to assign a static IP address to a specific computer , click Add Static DH CP . If this field is blank, the Pool Size must also be blank.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 282 1 1.9.3 Virtual Interfaces Add/Edit This screen l ets you configure IP address assignment and i nterface par ameters for virtual interfaces. T o access this screen, click an Add icon next to an Ethernet Add Click this to create a new entry .
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 283 interfac e, VLAN inte rface, or brid ge inte rface in the respective interface summary screen. Figure 180 Configuration > Network > Interface > Add Each field is desc ribed in the table bel ow .
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 284 1 1.10 Interface T echnical Reference Here is more detailed information about interfaces on the Z yWALL. IP Address Assignment Most interfaces have an IP address and a subnet mask. Thi s information is used to create an entry in the routi ng table.
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 285 because it is a point -to-point interface. F or these in terfaces, you ca n only enter the IP address. In many interfaces, you can also let the IP address and subnet mask be as signed by an external DHCP server on the networ k.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 286 If you set the bandwidt h restrictions v ery high, you effectively remove the restrictions. The Z yWALL also restricts the size of each data packet. The maximum number of bytes in each pack et is call ed the maxi mum tr ansmission unit (MTU).
Chapter 11 Interfaces ZyWALL USG 20/20W User’s Guide 287 • IP address - If the DHCP client’s MAC address is in the ZyW ALL’ s static DHCP table, the interface assig ns the corresponding IP address. If not, the interface assigns IP addresses from a pool, define d by the starting address of the pool and the pool size.
Chapter 11 Inte r fac es ZyWALL USG 20/20W User’s Guide 288 PPPoE/PPTP Overview P oint-to-P oint Protocol over Et hernet (PPPoE, RFC 2516) and Point -to-P oint T unneling Protocol (PPTP , RFC 2637) are usually used to connect two computers over phone lines or broadband connectio ns.
ZyWALL USG 20/20W User’s Guide 289 C HAPTER 12 Trunks 12.1 Overview Use trunks for W AN tr affic load balancing to increase ov erall network throughput and reliability . Load balancing divides tr affic loads between multipl e interfaces. This allows y ou to improve quality of service and maximiz e bandwidth utilization for multiple ISP links.
Chapter 12 Tru n ks ZyWALL USG 20/20W User’s Guide 290 12.1.2 What Y ou Need to Know • Add WAN interfaces to trunks to have multiple connections share the traffi c load. • If one WAN interface’ s conne ction goes down, the Z yWALL sends tr affic through another member of the trunk.
Chapter 12 Trunks ZyWALL USG 20/20W User’s Guide 291 Spillover The spillove r load ba lancing algorith m sends network traffi c to the first i nterface in the trunk member list until t he interface’ s maximum allowable l oad is reached, then sends the excess network t raffi c of ne w sessions to the next interface in the trunk member list.
Chapter 12 Tru n ks ZyWALL USG 20/20W User’s Guide 292 12.2 The T runk Summary Screen Click Configuration > Netw ork > Interface > Tr unk to open the Trunk screen. This screen lists th e configured trunks and the load balancing al gorithm that each is configured to use.
Chapter 12 Trunks ZyWALL USG 20/20W User’s Guide 293 12.3 Configuring a T runk Click Configuration > Netw ork > Interface > Tr unk and then the Add (or Edit ) icon to op en the Trunk Edit screen. Use this screen to create or edit a W AN trunk entry .
Chapter 12 Tru n ks ZyWALL USG 20/20W User’s Guide 294 Each field is desc ribed in the table bel ow . T able 77 Configuration > Network > Interface > T runk > Add (or Edit) LABEL DESCRIPTION Name This is read-only if you are editin g an existing trunk.
Chapter 12 Trunks ZyWALL USG 20/20W User’s Guide 295 12.4 T runk T echnical Reference Round Robin Load Balancing Algorithm Ro und R obin schedul ing services queues on a rotating basis and is activ ated only when an interface has more traffic than i t can handle.
Chapter 12 Tru n ks ZyWALL USG 20/20W User’s Guide 296.
ZyWALL USG 20/20W User’s Guide 297 C HAPTER 13 Policy and Static Routes 13.1 Policy and S t atic Routes Overview Use policy routes and static rout es to ov erride the Z yW ALL’ s default routing behavior in order t o send pack ets throug h the appr opr iate interface or VPN tunnel .
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 298 •U s e t h e Static Route screens (see Section 13.3 on page 307 ) to list and configure static routes .
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 299 • Policy routes are only used within the Z yW ALL itself . Static routes can be propagated to other routers using RI P or OSPF . • P olicy routes take prio rity ov er static ro utes .
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 300 • See Section 13.4 on page 309 for more b ackground information on policy routing. 13.2 Policy Route Screen Click Configuration > Netw ork > Routing to open the Policy Route screen.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 301 The following table descri bes the labels in this screen. T able 78 Configuration > Network > Routing > Policy Route LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to display a greater or lesser number of configur ation fields.
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 302 DSCP Code This is the DSCP value of incoming packets to which this policy route applies. any means all DSCP v alues or no DSCP marker . default means traffic with a DSCP value of 0.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 303 13.2.1 Policy Route Edit Screen Click Configuration > Netw ork > Routing to open the Policy Route screen. Then click the Add or Edit icon to open the Policy Route Edit screen.
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 304 Incoming Select where the pack ets are coming from; any , an interface, a tunnel, an SSL VPN, or the Z y WALL itself . F or an interface, a tunnel, or an S SL VPN, you also need to select the indi vidual interface, VPN tunnel, or S SL VPN connection.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 305 VPN T unnel This fi eld displays when you select VPN Tunnel in the Type field. Select a VPN tunnel through which the packets are sent to the remote network that is connected to the ZyW ALL directly .
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 306 Source Network Address T ranslation Select none to not use NA T for the route. Select outgoing-interface to use the IP address of the outgoing interface as the source IP address of the packets that matches this route.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 307 13.3 IP S t atic Route Screen Click Configuration > Network > Routing > Static Route to open the Static Route screen. This screen displa ys the configured static routes.
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 308 The following table descri bes the labels in this screen. 13.3.1 S t atic Route Add/Edit Screen Select a static route index number and click Add or Edit . The screen shown next appears.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 309 13.4 Policy Routing T e chnical Reference Here is more detai led information about some of the features y ou can configure in policy routing.
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 310 following twelve DSCP encodi ngs from AF11 through AF43. The decimal equivalent is listed in br ackets. Port T riggering Some services use a dedicated r ange of ports on the client s ide and a dedicated rang e of ports on the server side.
Chapter 13 Policy and Static Routes ZyWALL USG 20/20W User’s Guide 31 1 3 Computer A and game server 1 are connected to ea ch ot her until the connection is closed or times out.
Chapter 13 Policy and Static Rout es ZyWALL USG 20/20W User’s Guide 312.
ZyWALL USG 20/20W User’s Guide 313 C HAPTER 14 Routing Protocols 14.1 Routing Protocols Overview Routing protocols give the Z yWALL rout ing information about the network from other routers. The Z yWALL stores this rout ing information in the routing table it uses to make routing deci sions.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 314 14.2 The RIP Screen RIP (R outing Information Protocol, RFC 1058 and RFC 1389) allows a d evice to exchange routing information with other rout ers. RIP is a vect or-space routing protocol, and, like most such protocols, it uses hop count to decide which route is the shortest.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 315 The following table descri bes the labels in this screen. 14.3 The OSPF Screen OSPF (Open Shortest P ath First, RFC 2328) is a link -s.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 316 System (AS). OSPF offers some adv antag es over ve ctor-space routing protocols like RIP . • OSPF supports variable-lengt h subnet masks, which can be set up to use av ailable IP addresses more efficientl y .
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 317 Each type of area is illust rated in the fol lowing figure. Figure 191 OSPF: T ypes of Areas Thi s OS PF AS c ons ist s of fou r a rea s, a rea s 0- 3. A re a 0 i s a lways t he back bo ne.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 318 • An Autonomous System Bounda ry Router (ASBR) exchanges routing information with routers in network s outside the OSPF AS. This is called redistribut ion in OSPF . • A backbone router (BR) has at least one interface with area 0.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 319 to logically connect the area to t he backbo ne. This is illustr ated in the following example. Figure 193 OSPF: V irtual Link In this example, area 100 does not hav e a direct connect ion to the backbone.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 320 Click Configuration > Network > Routing > OSPF to open the following screen. Figure 194 Configuration > Ne twork > Routi n g > OSPF The following table describes the labels in this screen.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 321 T ype Select how OSPF calculates the cost associated with routing information from static routes. Choices are: Type 1 and Type 2 . Type 1 - cost = OSPF AS cost + external cost ( Metric ) Type 2 - cost = external cost ( Metric ); th e OSPF A S cost i s ignore d.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 322 14.3.2 OSPF Area Add/Edit Screen The OSPF Area Add/Edit screen allows you to create a new area or edit an existing one. T o access this scr een, go to the OSPF summary screen (see Section 14.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 323 14.3.3 V irtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you to create a new virtual link or edit an existing one. When the OS PF add or edit screen (see Section 14.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 324 322 ) has t he T ype set to Normal, a Vi rtual Link table di splays. Click ei ther the Add icon or an entry and the Edit icon to di splay a screen lik e the following.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 325 Authentication T ypes Authentication is used to guarantee the in tegrity , but not the confidentiality , of routing updates.
Chapter 14 Routing Protocols ZyWALL USG 20/20W User’s Guide 326.
ZyWALL USG 20/20W User’s Guide 327 C HAPTER 15 Zones 15.1 Zones Overview Set up zones t o configure network security and network policies in the Z yWALL. A zone is a group of interfaces and/or VP N tunnels. The Z yWALL us es zones instead of interfaces in many security and policy settings, such as firewall rules, Anti- X, and remote management.
Chapter 15 Zo ne s ZyWALL USG 20/20W User’s Guide 328 15.1.2 What Y ou Need to Know Effect s of Zones on Different T ypes of T raffic Z ones effectiv ely divide tr affic into three t ypes--intr a-z one traf fic, inter- zone traffic, and extr a-zone tr affic--which are affected differen tly by zone-based security and policy settings.
Chapter 15 Zones ZyWALL USG 20/20W User’s Guide 329 15.2 The Zone Screen The Zone screen provides a summary of all zones. In addi tion, this screen allows you to add, ed it, and remove zones. T o access this screen, click Conf iguration > Network > Zone .
Chapter 15 Zo ne s ZyWALL USG 20/20W User’s Guide 330 15.3 Zone Edit The Zone Edit screen allows you to add or edit a z one. T o access this screen, go to the Zone screen (see Section 15.2 on page 329 ), and click the Add icon o r an Edit icon. Figure 199 Networ k > Zone > Add The following table descri bes the labels in this screen.
ZyWALL USG 20/20W User’s Guide 331 C HAPTER 16 DDNS 16.1 DDNS Overview Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP address. 16.1.1 What Y ou Can Do in this Chapter •U s e t h e DDNS screen (see Section 16.2 on pag e 332 ) to view a list of the configured DDNS domain names and their details.
Chapter 16 DDNS ZyWALL USG 20/20W User’s Guide 332 Note: Record your DDNS account’s user name, password, and domain name to use to configure the ZyW ALL. After , you configure the Z yW ALL, it auto matically sends updated IP address es to the DDNS service provider , which helps redirect tr affic accordingly .
Chapter 16 DDNS ZyWALL USG 20/20W User’s Guide 333 Primary Interface/IP This field displays the interface to use for updating the IP address mapped to the domain name followed by how the Z yWALL determines the IP address for the domain name. from interface - The IP address comes from the specified interface.
Chapter 16 DDNS ZyWALL USG 20/20W User’s Guide 334 16.2.1 The Dynamic DNS Add/Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the Z yWALL or to edit the configuration of an existing domain name. Click Configuration > Network > DDNS and then an Add or Edit icon to open this screen.
Chapter 16 DDNS ZyWALL USG 20/20W User’s Guide 335 Username T ype the user name used when you registered your domain name. Y ou can use up to 31 alphanumeric characters and the underscore.
Chapter 16 DDNS ZyWALL USG 20/20W User’s Guide 336 IP Address The options av ailable in this field vary by DDNS provider . Interface - The Z yW ALL uses the IP address of the specified interface. This option appears when y ou sele ct a specific interface in the Backup Binding Address Interface field.
ZyWALL USG 20/20W User’s Guide 337 C HAPTER 17 NAT 17.1 NA T Overview NA T (Network Address T ranslation - NA T , RFC 1631) i s the transl ation of the IP address of a host in a packet. For exampl e, the source address of an out going packet, used within one net work is change d to a different IP address known within another network.
Chapter 17 NA T ZyWALL USG 20/20W User’s Guide 338 17.1.2 What Y ou Need to Know NA T is also known as virtual server , port forwarding, or port tr anslation. Finding Out More • See Section 6.5.9 on page 98 for related information on these screens.
Chapter 17 NAT ZyWALL USG 20/20W User’s Guide 339 Rem o v e T o remove an e ntry , select it and click Remove . The ZyW ALL confirms you w ant to remove it before doing so. Activate T o turn on an entry , select it and click Activate . Inactivate T o turn off an entry , select it and click Inactivate .
Chapter 17 NA T ZyWALL USG 20/20W User’s Guide 340 17.2.1 The NA T Add/Edit Screen The NAT Add/Edit screen lets you create new NA T rules and edit existing ones. T o open this window , open the NAT summary screen. (See Section 17.2 on page 338 .) Then, click on an Add icon or Edit icon to open the following screen.
Chapter 17 NAT ZyWALL USG 20/20W User’s Guide 341 Classification Select what kind of NA T this rule is to perform. Virtual Server - This mak es comput ers on a pri vat e network b ehind the Z yWALL a vailable to a public network outside the ZyW ALL (like the Internet).
Chapter 17 NA T ZyWALL USG 20/20W User’s Guide 342 Mapped IP Subnet/Range This field displays for Many 1:1 NAT . Select to which translated destination IP address subnet or IP address range this NA T rule forw ards packets. The original and mapped IP address subnets or ranges must have the same number of IP addresses.
Chapter 17 NAT ZyWALL USG 20/20W User’s Guide 343 17.3 NA T T echnical Reference Here is more detailed information about NA T on the Z yW ALL. NA T Loopback Suppose a NA T 1:1 rule maps a public IP address to the priv ate IP address of a LAN SMTP e-mail server to g ive W AN users access.
Chapter 17 NA T ZyWALL USG 20/20W User’s Guide 344 For examp le, a LAN user’ s computer at IP address 192.168.1. 89 queries a public DNS server to resolve the SMTP server’s domain name (xxx.LAN- SMTP .com in this example) and gets the SMTP serv er’s mapped public IP address of 1.
Chapter 17 NAT ZyWALL USG 20/20W User’s Guide 345 SMTP server replied directly to the LAN us er without the tr affic going through NA T , the source would not match the original destination address whi ch would cause the LAN user’s co mputer to shut down the session.
Chapter 17 NA T ZyWALL USG 20/20W User’s Guide 346.
ZyWALL USG 20/20W User’s Guide 347 C HAPTER 18 HTTP Redirect 18.1 Overview HT TP redirect forw ards the client’ s HT TP request (ex cept HT TP traffic destined for the Z yWALL) to a web pro xy server . In the following example, proxy server A is connecte d to the DMZ interface.
Chapter 18 HTT P Red ire ct ZyWALL USG 20/20W User’s Guide 348 18.1.2 What Y ou Need to Know Web Proxy Server A proxy serv er helps client devices make i n direct requests to access the Internet or outside network resources/services.
Chapter 18 HTTP Redirect ZyWALL USG 20/20W User’s Guide 349 Finding Out More See Section 6.5.10 on page 99 for related information on these screens. 18.2 The HTTP Redirect Screen T o configure redirection of a HT TP request to a proxy server , click Configuratio n > Network > HTTP Redirect .
Chapter 18 HTT P Red ire ct ZyWALL USG 20/20W User’s Guide 350 18.2.1 The HTTP Redirect Edit Screen Click Networ k > HTTP Redi rect to open the HTTP Redirect screen. Then click the Add or Edit icon to open the HTTP Redirect Edit screen where you can configure the rule.
ZyWALL USG 20/20W User’s Guide 351 C HAPTER 19 ALG 19.1 ALG Overview Application Laye r Gateway (ALG) al lows the following applications to oper ate properly through the Z yWALL’ s NA T . • SIP - Session Initiation Protocol (SIP) - An application-la yer protocol that can be used to create voice and multimedia sessions over Internet.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 352 19.1.2 What Y ou Need to Know Application Layer Gateway (ALG), NA T an d Firewall The Z yWALL can function as an Applicat ion Layer Gatew ay (ALG) to allow certain NA T un-friendly applications (such as SI P) to operate properly through the Z yWALL ’ s NA T and firewall.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 353 • There should be only one SIP serv er (t otal) on the ZyW ALL’ s private networks. Any other SIP servers must be on the WAN. So for example y ou could hav e a Back -to-Back User Agent such as the IPPBX x6004 or an asterisk PBX on the DMZ or on the LAN bu t not on both.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 354 can receive incoming calls from t he Internet, LAN IP addresses B and C can still make calls out to t he Internet.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 355 • See Section 19.3 on page 357 for ALG background/technical information. 19.1.3 Before Y ou Begin Y ou must also configure the firewall and enable NA T in the Z yWALL to al low sessions initiated from the W AN.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 356 Enable Configure SIP Inactivity Timeout Select this option to have the Z yWALL apply SIP media and signaling inactivity time out limits.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 357 19.3 ALG T echnical Reference Here is more detailed information about t he Application Layer Gatew ay . ALG Some applications cannot operate through NA T (are NA T un-friendly) because they embed IP addres ses and port number s in their pack ets’ data payload.
Chapter 19 ALG ZyWALL USG 20/20W User’s Guide 358 commands from a system running an F TP client. The service all ows users to send commands to the server for uploadi ng and downloading files. H.323 H.323 is a standard teleconferencing p rotocol suite that provid es audio, dat a and video conferencing.
ZyWALL USG 20/20W User’s Guide 359 C HAPTER 20 IP/MAC Binding 20.1 IP/MAC Binding Overview IP address to MA C address binding help s en sure that only the i ntended devices get to use privileg ed IP addresses. The Z yW ALL uses DHCP to assig n IP addresses and records to MAC address it assigned each IP address.
Chapter 20 IP/MAC Binding ZyWALL USG 20/20W User’s Guide 360 20.1.2 What Y ou Need to Know DHCP IP/MAC address bindings are based on the Z yW ALL’ s dynamic and stati c DHCP entries. Interfaces Used With IP/MAC Binding IP/MAC address bindings are grouped by interface.
Chapter 20 IP/MAC Binding ZyWALL USG 20/20W User’s Guide 361 20.2.1 IP/MAC Binding Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/ MAC Binding Edit screen. Use this screen to configure an interface’ s IP to MAC address binding settings.
Chapter 20 IP/MAC Binding ZyWALL USG 20/20W User’s Guide 362 20.2.2 S t atic DHCP Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/ MAC Binding Edit screen. Click the Add or Edit icon to open the foll owing screen. Use this screen to configure an interface’ s IP to MAC address binding settings.
Chapter 20 IP/MAC Binding ZyWALL USG 20/20W User’s Guide 363 20.3 IP/MAC Binding Exempt List Click Configuration > Network > IP /MAC Binding > Exempt List to o p e n t h e IP/MAC Binding Exempt List screen. Use this scree n to configure ranges of IP addresses to which the Z yW ALL does not apply IP/MAC binding.
Chapter 20 IP/MAC Binding ZyWALL USG 20/20W User’s Guide 364.
ZyWALL USG 20/20W User’s Guide 365 C HAPTER 21 Authentication Policy 21.1 Overview Use authentication polic ies to contro l who can access the network.
Chapter 21 Auth en tic at i on Policy ZyWALL USG 20/20W User’s Guide 366 21.1.2 What Y ou Need to Know Authentication Policy and VPN Authentication polici es are applied based on a traffic flow’ s source and destination IP addresses.
Chapter 21 Authentication Policy ZyWALL USG 20/20W User’s Guide 367 Click Configuration > Auth. Policy to display the screen. Figure 222 Configuration > Au t h.
Chapter 21 Auth en tic at i on Policy ZyWALL USG 20/20W User’s Guide 368 The following table giv es an overview of the objects you can configure. T able 103 Configuration > Auth. Policy LABEL DESCRIPTION Enable Authentication P olicy Select this to turn on the authen tication policy feature.
Chapter 21 Authentication Policy ZyWALL USG 20/20W User’s Guide 369 21.2.1 Creating/Editing an Authentication Policy Click Configuration > Auth. Policy and then the Add (or Edit ) icon to open the Endpoint Security Edit screen. Use this screen to configure an authentication policy .
Chapter 21 Auth en tic at i on Policy ZyWALL USG 20/20W User’s Guide 370 Figure 224 Configuration > Aut h. Policy > Add The following table giv es an overview of the objects you can configure.
Chapter 21 Authentication Policy ZyWALL USG 20/20W User’s Guide 371 Schedule Select a schedule that defines when the policy applies. Otherwise, select none and the rule is always effective. This is none and not configur able for the default policy .
Chapter 21 Auth en tic at i on Policy ZyWALL USG 20/20W User’s Guide 372.
ZyWALL USG 20/20W User’s Guide 373 C HAPTER 22 Firewall 22.1 Overview Use the firewall to block or allow services that use stati c port numbers. The firewall can also limit the number of user sessions. This figure shows the Z yWALL’ s default fi rewall rules in action and demonstr ates how stateful inspection works.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 374 22.1.2 What Y ou Need to Know St ateful Inspection The Z yWALL has a stateful inspection fi rewall. The Z yW ALL restricts acces s by screening data pack ets against defined acce ss rules. It also i nspects sessions.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 375 T o-ZyW ALL Ru les Rule s w ith ZyWALL as the To Zone apply to tr affic going to the Z yWALL itself . By default: • The firewall allows only LAN, WLAN (USG 20W), or W AN computers to access or manage the Z yW ALL.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 376 Firewall and VPN T raffic After you creat e a VPN tunnel and add it to a z one, you can set the firewall rules applied to VPN tr affic.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 377 the firewall rule to alway s be in effect. The following figure shows the results of this rule. Figure 226 Blocking All LAN to W AN IRC T raf fic Example Y our firewall would have the following rules.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 378 Now you configure a LAN1 to WAN f irewall rule that al lows IRC traffi c from the IP address of the CEO’ s computer ( 192.168.1.7 for example) to go to any destination address. Y ou do not need to specify a sch edule since you w ant the firewall rule to always be in effect.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 379 • The first row al lows any LAN1 computer to access the IRC service on the W AN by logging into the Z yWALL with the CEO’ s user name. • The second row blocks LAN1 access to the IRC service on the WAN.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 380 5 The screen for configuring a se rvice object opens. Configure it a s follows and click OK . Figure 230 Firewall Example: Create a Service Object 6 Select From WAN and To LAN1 . 7 Enter the name of the firewall rule.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 381 9 The firewall rule appears in the firewall rule summary . Figure 232 Firewall Example: Doom Rule in Summary 22.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 382 4 The Z yWALL then sends it to the compu ter on the LAN 1 in Subnet 1 . Figure 233 Using V irtual Interfaces to A void Asymmetrical Routes 22.2.1 Configuring the Firewall Screen Click Configuration > Firewall to open the Firewall screen.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 383 • The ordering of your rules is v ery im portant as rules are applied in sequence. Figure 234 Configuration > F i rewall (USG 20W) The following table descri bes the labels in this screen.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 384 From Z one / To Z o n e This is the direction of travel of pack ets. Select from which zone the packets come and to which zone they go. Firewall rules are grouped based on the direction of travel of pack ets to which they apply .
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 385 22.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to dis play the Firewall Rule Edit screen. Figure 235 Configuration > Fi rewall > Add The following table descri bes the labels in this screen.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 386 22.3 The Session Limit Screen Click Configuration > Firewall > Session Limit to displa y the Firewall Session Limit screen. Use this screen to limit the number of concurrent NA T/ firewall sessions a client can use.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 387 individual limits for specific users, addres ses, or both. The individual li mit takes priority if you apply both. Figure 236 Configu ration > Firewall > Session Limit The following table descri bes the labels in this screen.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 388 22.3.1 The Session Limit Add/Edit Screen Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Session Limit Edit screen. Use this screen to configure rules that define a session li mit for specific users or addresses.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 389 User Select a user name or user group to which to apply the rule. The rule is activated only when the specified user logs into the system and the rule will be disabled when the user logs out. Otherwise, select any and there is no need for user logging.
Chapter 22 Firewall ZyWALL USG 20/20W User’s Guide 390.
ZyWALL USG 20/20W User’s Guide 391 C HAPTER 23 IPSec VPN 23.1 IPSec VPN Overview A virtual priv ate network (VPN) pro vides secure communications between sit es without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, aut hentication, access control and audi ting.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 392 •U s e t h e VPN Gateway screens (see Section 23.2.1 on page 396 ) to manage the ZyW ALL’ s VPN gate ways. A VPN gateway specifies th e IPSec routers at either end of a VPN tunnel and the IKE SA settings (phase 1 settings).
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 393 Application Scenarios The Z yW ALL’ s application scenarios make it easier to configure your VPN connection settings. Finding Out More • See Section 6.5.14 on page 101 for related information on these screens.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 394 • See Section 23.4 on page 415 for IPSec VPN background information. • See Section 5.4 on page 76 for the IPSec VPN quick setup wizard. • See Section 7.4 on page 116 for an exampl e of configuring IPSec VPN.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 395 SA). Click a column’ s heading cell to so rt the table entries by that column’ s criteria. Click the heading cell again to reverse the sort ord er . Figure 240 Configuration > VPN > IPSec VPN > VPN Connection Each field is discussed in the following tabl e.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 396 23.2.1 The VPN Connection Add/Edit (IKE) Screen The VPN Connection Add/Edit Gateway screen allows you to creat e a new VPN connection policy or edit an existing one. T o access this screen, go to the Configuration > VPN Connection screen (see Section 23.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 397 Figure 241 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE).
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 398 Each field is desc ribed in the followi ng table. T able 1 15 Configuration > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to display a greater or lesser number of configuration fields.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 399 Manual K ey Sel ect this option to configure a VPN conn ection policy that uses a manual key instead of IKE k ey management. This may be useful if you hav e problems with IKE k ey management. See Section 23.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 400 R emove Select an entry and click this to delete it. # This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly .
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 401 Check Method Select how the Z yW ALL checks the connection. The peer must be configured to respond to the method you select. Select icmp to have the ZyW A LL regularly ping the address you specify to make sure traffic can still go through the connection.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 402 Inbound T raffic Source NA T This tr anslation hides the source address of computers in the remote network. Source Select the address object that re presents the original source address (or select Create Object to configure a new one).
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 403 23.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual Key screen allows you to create a new VPN connection or edit an existing one us ing a manual key . This is useful if you have problems with IKE key management .
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 404 Secure Gateway Address T ype the IP address of the remote IPSec router in the IPSec SA. SPI T ype a un ique SPI (Security P arameter Index) between 256 and 4095 . The SPI is used to identify the Z yW ALL during authentication.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 405 Encryption K ey This field is applicable when you select an Encryp tion Algorith m . Enter the encryption key , which depends on the encryption algorithm.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 406 23.3 The VPN Gateway Screen The VPN Gateway sum mary screen d isplays the IPSec VPN gateway pol icies in the Z yWALL, as wel l as the Z yW ALL’ s addr ess, remote IPSec router’ s address, and associated VPN connections for each one.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 407 23.3.1 The VPN Gateway Add/Edit Screen The VPN Gateway Add/Edit screen allo ws you to create a new VPN gatewa y policy or edit an existing one. T o access this screen, go to the VPN Gateway summary screen (see Section 23.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 408 Figure 244 Configuration > VPN > IPSec VPN > VPN Gateway > Edit Each field is desc ribed in the followi ng table.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 409 My Address Select how the IP ad dress of the Z yWALL in the IKE SA is de fined. If you select Interface , select the Ethernet interface, VLAN interface, virtual Ethernet interfac e, virtual VLAN interface or PPPoE/ PPTP interface.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 410 Certificate Select th is to have the Z yWA LL and remote IPSec router use certificates to authenticate each other when they negotiate the IKE SA. Then select the certificate the Z yW ALL uses to identify itself to the remote IPsec router .
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 41 1 P eer ID T y pe Sele ct which type of identifi cation is used to identify the remote IPSec router during authentication.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 412 Content This field is disabled if the Peer ID Type is Any . T ype the identity of the remote IPSec router during au thentication.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 413 Negotiation Mode Select the negotiation mode to use to nego tiate the IKE SA. Choices are Main - this encrypts the Z yW ALL’ s and remote IP.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 414 NA T T rav ersal Select this if any of these conditions are satisfied. • This IKE S A might be u sed to negotia te IPSec S As that use ESP as the active protocol.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 415 23.4 IPSec VPN Background Information Here is some more detailed IP Sec VPN background information. IKE SA Overview The IKE SA provides a secure conn ection between the ZyW ALL and remote IPSec router .
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 416 The Z yWALL sends one or more proposals to the remote IPSec router . (In some devices, you can only set up one propos al.) Each proposal consists of an encryption alg orithm, au thentication algorithm, and DH key group that the Z yWALL wants to use in the IKE SA.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 417 keys for the IKE SA and IPSec SA. In main mode, this is done in s teps 3 and 4, as illustr ated next. Figure 246 IKE SA: Main Ne gotiation Mode, S teps 3 - 4: DH Key Exchange DH public-k ey cryptogr aphy is based on DH k ey groups.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 418 Router identity cons ists of ID typ e and content. The ID t ype can be domain name, IP address, or e-mail address, and the content i s a (properly-formatted) d omain name, IP address, or e-mail address.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 419 the identity of the remote IP Sec router (f or example , extended authentication) or if you are troub leshooting a VPN tunnel. Additional T opics for IKE SA This section provi des more information about IKE SA.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 420 If router A does NA T , it might change the IP a ddresses, port numbers, or both. If router X and router Y try to establi sh a VPN tunnel, the authentication fa ils because it depends on this information.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 421 Certificates It is possible for the Z yWALL and remote IP Sec rout er to authenticate each other with certificates. In this case, you do not ha ve to set up the pre-shared k ey , local identity , or remote ident ity because th e certificates pro vide this information inste ad.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 422 Encap sulation There are two ways to encapsul ate packets. Usually , you should use tu nnel mode because it is more secure.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 423 If you enable PFS , the Z yWALL and remote IPSec router perform a DH key exchange every time an IPSe c SA is establ ished, changing the root key from which encryption ke ys are gener ated. As a result , if one encryption k ey is compromised, other encryption keys remain secure.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 424 NA T for Inbound a nd Outbound T raffic The Z yWALL can translate the following t ypes of network addresses in IPSec SA.
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 425 • Destination - the origi nal destinat ion address; the remote network ( B ). • SNA T - the translated source ad dress; the local networ k ( A ).
Chapter 23 IPSec VPN ZyWALL USG 20/20W User’s Guide 426.
ZyWALL USG 20/20W User’s Guide 427 C HAPTER 24 SSL VPN 24.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VP N router or VPN client software. 24.1.1 What Y ou Can Do in this Chapter •U s e t h e VPN > SSL VPN > Access Privilege screens (see Section 24.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 428 • apply Endpoint Securit y (EPS) checking to require users’ computers t o comply with defined corpor ate policies before they can access the SSL VPN tunnel. • limit user access t o specific applications or files on the network.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 429 24.2 The SSL Access Privilege Screen Click VPN > SSL VPN to open the Access Privilege screen. This screen lists the configured SSL access policies. Figure 252 VPN > SSL VPN > Access Privilege The following table descri bes the labels in this screen.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 430 24.2.1 The SSL Access Policy Add/Edit Screen T o create a new or edit an existing SSL access pol icy , click the Add or Edit icon in the Access Privilege screen. Figure 253 VPN > SSL VPN > Access Privilege > Add/Edit Apply Click Apply to save the settings.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 431 The following table descri bes the labels in this screen. T able 123 VPN > SSL VPN > Access Privilege > Add/Edit LABEL DESCRIPTION Create new Object Use to configure any new settings objects that you need to use in this screen.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 432 A vailable EPS Objects / Selected EPS Object s Configured endpoint security objects appear on the left. Select the endpoint security objects to use for this S SL access policy and click the right arrow button to add them to the selected list on the right.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 433 24.3 The SSL Global Setting Screen Click VPN > SSL V PN and click the Global Setting tab to display the foll owing screen.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 434 24.3.1 How to Upload a Custom Logo Fol low the steps below to upload a custom logo to display on the remote user S SL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to di splay the configur ation screen.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 435 The following shows an example logo on the remote user screen. Figure 255 Example Logo Graphic Display 24.4 Est ablishing an SSL VPN Connection After you hav e configured the S SL VPN settings on the ZyW ALL, use the ZyW ALL login screen’ s SSL VPN button to es tablish an SSL VPN connection.
Chapter 24 SSL VPN ZyWALL USG 20/20W User’s Guide 436 2 SSL VPN connection starts. This may tak e sever al minutes depending on y our network connection. Once the connection is up , you should see the client portal screen. The following shows an example.
ZyWALL USG 20/20W User’s Guide 437 C HAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user S SL VPN screens. The following figure shows a network example where a remote user ( A ) logs into the Z y WAL L from the Internet to access the web server ( WWW ) on the local network.
Chapter 25 SSL User Scre ens ZyWALL USG 20/20W User’s Guide 438 System Requirement s Here are the browser and computer system requirements for remote user ac cess. • Windows 7 (32 or 64-bit), Vista (32 or 64-bit), 2003 (32-bit), XP (32-bit), or 2000 (32-bit) • Internet Explorer 7 and abov e or Firefox 1.
Chapter 25 SSL User Screens ZyWALL USG 20/20W User’s Guide 439 1 Open a web browser and ent er the web site address or IP addres s of the Z yWALL. For examp le, “http://sslvpn.myc ompany .com” . Figure 259 Enter the Address in a We b Browser 2 Click OK or Yes if a security screen displ ays.
Chapter 25 SSL User Scre ens ZyWALL USG 20/20W User’s Guide 440 5 Y our computer starts establish ing a se cure connection to the Z yW ALL after a successful login. Thi s may take up to two minutes. If you get a message about needing Jav a, download and install it and restart y our browser and re-login.
Chapter 25 SSL User Screens ZyWALL USG 20/20W User’s Guide 441 7 The Z yW ALL tries to install the SecuExt end er client. Y ou may need to click a pop- up to get your browser to allow this. In Internet Explorer , click Install . Figure 264 SecuExtender Blocked by Inte rnet Explorer 8 The Z yWALL tries to run the “ssltun” applic at ion.
Chapter 25 SSL User Scre ens ZyWALL USG 20/20W User’s Guide 442 10 If a screen like the following displays, click Continue Anyway to finish installing the SecuExtender client on y our computer . Figure 267 Hardware Inst allation W arning 11 The Application screen displays showing the list of resources av ailable to you.
Chapter 25 SSL User Screens ZyWALL USG 20/20W User’s Guide 443 25.3 The SSL VPN User Screens This section describes the main elem ents in the remote us er screens. Figure 268 Remote User Scre en The following table descri bes the various parts of a remote user screen.
Chapter 25 SSL User Scre ens ZyWALL USG 20/20W User’s Guide 444 25.4 Bookmarking the ZyW ALL Y ou can create a bookmark of the ZyW ALL by clicking the Add to Favorite icon. This allows you to access t he Z yWALL using the bookmark wit hout having to enter the address every time.
Chapter 25 SSL User Screens ZyWALL USG 20/20W User’s Guide 445 3 An information screen displays to indicate that t he SSL VPN connection is about to terminate.
Chapter 25 SSL User Scre ens ZyWALL USG 20/20W User’s Guide 446.
ZyWALL USG 20/20W User’s Guide 447 C HAPTER 26 SSL User Application Screens 26.1 SSL User Application Screens Overview Use the Application screen to access web-based applic ations (such as web sites and e-mail) on the network through the SSL VPN conne ction.
Chapter 26 SSL User Application Screens ZyWALL USG 20/20W User’s Guide 448.
ZyWALL USG 20/20W User’s Guide 449 C HAPTER 27 ZyWALL SecuExtender The Z yW ALL automatically loads the Z yW ALL SecuExtender client program to y our computer after a successful logi n. The Z yW ALL SecuExtender lets you: • Access servers , remote desktops and mana ge files as if you were on the local network.
Chapter 27 ZyW ALL SecuExten de r ZyWALL USG 20/20W User’s Guide 450 27.2 S t atistics Right- click the Z yW ALL SecuExtender ic on in the system tr ay and selec t Status to open the Status screen. Use this screen to view the ZyW ALL SecuExtender’s statistics.
Chapter 27 ZyWALL SecuExtender ZyWALL USG 20/20W User’s Guide 451 27.3 V iew Log If you have pr oble ms wi th the ZyW ALL SecuExtender , customer support may request you to pro vide information from the log. Right-click the Z yWALL SecuExtender icon in the sys tem tray and select Log to open a notepad file of the Z yWALL SecuExtender’s log.
Chapter 27 ZyW ALL SecuExten de r ZyWALL USG 20/20W User’s Guide 452 connected but not send any traffi c throug h it until yo u right-click the icon and resume the connection. 27.5 S top the Connection Right- click the icon and select Stop Connection to disconnect t he SSL VPN tunnel.
ZyWALL USG 20/20W User’s Guide 453 C HAPTER 28 Bandwidth Management 28.1 Overview Bandwidth management provides a conv enient way to manage the use of v arious services on the network.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 454 in a network by groupi ng similar types of tr affic together and treating each t ype as a class.
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 455 Outbound and Inbound Bandwid th Limit s Y ou can limit an application ’s outbound or inbound bandwi dth. This limit keeps the traffic from using up too much of the out -going interface’ s bandwidth.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 456 Unused bandwidth is di vided equally . Higher priorit y traffic does not get a larger portion of the unused bandwidth. Bandwid th Management Behavior The following sections show how b andwidth management behav es with va rious settings.
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 457 Maximize Bandwid th Usage Effect With maximize band width usage enab led, after each server gets its configured rate, the rest of the av ailable bandwidth i s divided equally between the two.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 458 Here is an ov erview of what the rule s need to accomplish. See the following sections for more details. • SIP traffic from VIP users must get through with the least possible delay regardless of if it is an outgoing call or an incoming call.
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 459 • Enable maximi ze bandwidth us age so the SIP tr affic can borrow unus ed bandwidth. Figure 282 SIP Any to W AN Bandwidth Management Example 28.1.3.3 SIP W AN to Any Ba ndwid th Management Example Y ou also create a policy for calls coming i n from the SIP server on the W AN.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 460 28.1.3.5 FTP W AN to DMZ Ba ndwid th Management Example • ADSL supports more downstream than upstream so y ou allow remote users 300 kbps for uploads to the DMZ F TP serv er (outbound) but only 100 kbps for downloads (inbound).
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 461 28.2 TheBandwid th Management Screen The Bandwidth management scre en contro ls the default p olicy for TCP and UDP traffic.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 462 # This field is a sequential v alue, and it is not associated with a specific condition.
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 463 28.2.1 The Bandwid th Management Add/Edit Screen The Configuration > Bandwidth Ma nagement Add/Ed it screen allows you to create a new condition or edit an existing one. T o access thi s screen, go to the Configuration > Bandwidth Management screen (see Section 28.
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 464 The following table descri bes the labels in this screen. T able 132 Configuration > Bandwidth Management LABEL DESCRIPTION Create new Object Use to configure an y new settings obje cts that you need to use in this screen.
Chapter 28 Bandwidth Management ZyWALL USG 20/20W User’s Guide 465 Inbound kbps T ype how much inbound bandwidth, in kilobits per second, this policy allows the traffic to use. Inbound refers to the traffic the ZyW A LL sends to a connection’ s initiator .
Chapter 28 Ban dwid th Ma na g em ent ZyWALL USG 20/20W User’s Guide 466.
ZyWALL USG 20/20W User’s Guide 467 C HAPTER 29 ADP 29.1 Overview This chapter introduces ADP (Anomaly Dete ction and Prev ention), anomaly profiles and applying an ADP profile to a traffic direction. ADP p rotects again st anomalies based on violations of prot ocol standards (RFCs – Requests for Comments) and abnormal flows such as p ort scans.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 468 ADP Profile An ADP profi le is a set of tr affic anomaly rules and prot ocol an omaly rules that you can activat e as a set and configure common l og and action settings. Y ou can apply ADP profiles to traffic flowing from one zone to anoth er .
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 469 29.2 The ADP General Screen Click Configuration > Anti-X > ADP > General . Use this screen to turn anomaly detection on or off and apply an omaly profiles to tr affic directions.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 470 29.3 The Profile Summary Screen Use this screen to: • Create a new profile using an existing base profile • Edit an existing prof ile • Delete an existing p rofile Status The activ ate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 471 29.3.1 Base Profiles The Z yWALL comes with base profiles. Y ou use base profiles to crea te new profiles. In the Configuration > Anti-X > ADP > Profile screen, click Add to display the f ollowing screen.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 472 The following table descri bes the fields in this screen. 29.3.3 Creating New ADP Profiles Y ou may want to create a new prof ile if not all rules in a base profil e are app licable to your networ k.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 473 belonging to this profile, make sure you ha ve clicked OK or Save to save the changes before selecting the Traffic Anomaly tab.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 474 The following table descri bes the fields in this screen. T able 136 Configuration > ADP > Profile > T raffic Anomaly LABEL DESCRIPTION Name This is the name of the ADP profile.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 475 29.3.5 Protocol Anomaly Profiles Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules check for protocol compliance against th e relev ant RFC (Request for Comments).
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 476 Figure 292 Profile s: Protocol Anomaly.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 477 The following table descri bes the fields in this screen. T able 137 Configuration > ADP > Profile > Protocol Anomaly LABEL DESCRIPTION Name This is the name of the profil e.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 478 Action T o edit what action the ZyW ALL takes when a pack et matches a signature, select the signature and use the Act ion icon. original se tting : Select this action to return each signature in a service group to its previously saved configuration.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 479 29.4 ADP T echnical Reference This section is divided into traff ic anomaly background information and protocol anomaly background information. T raffic Anomaly Background Information The following sections may help you conf igure the traffic anomaly profile screen ( Section 29.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 480 Decoy Port Scans Decoy port scans are s cans where the atta cker has spoofed the source address. These are some decoy scan types: •T C P D e c o y P o r t s c a n • UDP Decoy P ortscan • IP Decoy P ortscan Distributed Port Scans Distributed port scans are many -to-one port scans.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 481 Flood Detection Flood attacks satur ate a network with useless data, use up all av ailable bandwidth, and therefore mak e communi cati ons in the network impossible.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 482 the initiator responds with an ACK (ack nowledgment). After this handshak e, a connection is established . Figure 294 TCP Three-W ay Handshake A SYN flood attack is when an att acker sends a seri es of SYN packets.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 483 UDP Flood Attack UDP is a connection-less protocol and it does not require any connection set up procedure to tr ansfer data. A UDP flood attack is possibl e when an attacker sends a UDP packet to a random port on the victim system.
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 484 DOUBLE-ENCODING ATT A C K This rule is IIS specific. IIS does two passes through the request URI, doing decodes in each one. In the first pass, IIS encoding (UTF-8 unicode, ASCII, bare byte, and %u) is done.
Chapter 29 ADP ZyWALL USG 20/20W User’s Guide 485 WEBROO T -DIRECTORY - TRA VERSAL A TT ACK This is when a directory traversal tr averses past the web server root directory .
Chapter 29 AD P ZyWALL USG 20/20W User’s Guide 486 TRUNCA TED-HEA DER ATT A C K This is when an ICMP packet is sent which has an ICMP datagram length of less than the ICMP header length.
ZyWALL USG 20/20W User’s Guide 487 C HAPTER 30 Content Filtering 30.1 Overview Use the content filtering feature to cont rol access to specific web sites or web content. 30.1.1 What Y ou Can Do in this Chapter •U s e t h e General screens ( Section 30.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 488 Content Filtering Profiles A content filtering profile convenient ly stores your custom set tings for the following featur es.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 489 Since the Z yWALL checks the URL ’ s domain name (or IP addres s) and file path separately , it will not fi nd items that go across the two. F or example, wi th the UR L www .zyxel.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 490 your list of content filter policies , create a denial of access message or specify a redirect URL and check your external we b filtering service regis tration s tatus.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 491 Move T o change an entry’s position in the numbered list, select it and click Move to display a field to type a number for where y ou want to put that entry and press [ENTER] to move the entry to the number that you typed.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 492 30.3 Content Filter Policy Add or Edit Screen Click Configuration > Anti-X > Content Filter > General > Add or Edit to open the Content Filter Policy screen.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 493 filter policy . A content filter policy defi nes which content filter p rofile should be applied, when it should be app lied, and to whose web access it shoul d be applied.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 494 30.4 Content Filter Profile Screen Click Configuration > Anti-X > Content Filter > Filter Profile to open the Filter Profile screen. A content filter profile de fines to which web se rvices, web sites or web site categories acce ss is to be all owed or denied.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 495 See Chapter 31 on page 513 for how to view content filtering reports. Figure 299 Configu ration > Anti-X > Content Filter .
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 496 Figure 300 Configu ration > Anti-X > Content Filter > Filter Profile > Add (Co ntinue).
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 497 The following table descri bes the labels in this screen. T able 142 Configuration > Anti-X > Content Filter > Filter Profile > Add LABEL DESCRIPTION License Status This read-only field displays the status of y our content-filtering database service registration.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 498 Action for Unsafe W eb Pa g e s Select Pass to allow users to access web pages that match the unsafe categories that you select below . Select Block to prevent users from accessing web pages that match the unsafe categories that you select below .
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 499 Action When Category Server Is Unav ailable Select Pass to allow users to access any requested web page if the external content filtering database is unav ailable. Select Block to block access to any requested web page if the external content filtering database is unavailable.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 500 Spyware Effects/ Privacy Concerns This category includes pages to which spyw are (as defined in the Spyware/Malware Sources category) reports its findings or from which it alone downloads advertisements.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 501 Nudity This category includes pages containing nude or seminude depictions of the human body . These depictions are not necessarily sexual in intent or effect, but may include pages containing nude paintings or photo galleries of artistic nature.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 502 Security Concerns Hacking This category includes page s t hat distribute, promote, or provide hacking tools and/or information which may help gain unauthorized access to computer systems and/or computerized communication systems.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 503 Alternative Spirituality/Occult This category includes pages that promote and provide information on religions such as Wicca, Witchcraft or Satanism. Occult practices, atheistic views, voodoo rituals or any oth er form of mysticism are represented here.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 504 Greeting Cards This category includes pages that facilitate the sending of electronic greeting cards, animat ed cards, or similar electronic messages typically used to mark an event or occasion.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 505 Abortion This category includes pages that provide information or arguments in favor of or against abortion, describe abortion procedures, offer help in obtaining or av oiding abortion, or provide information on the effects, or lack th ereof , of abortion.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 506 Humor/Jokes This category includes pages that primarily focus on comedy , jokes, fun, e tc. This ma y include pages containing jok es of adult or mature nature. P ages containing humorous Adult/Mature content also have an Adult/Mature category rating.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 507 Content Servers This category includes servers that provide commercial hosting for a variety of content such as images and media files. These types of serv ers are typically used in con junction with oth er web servers to optimize content retriev al speeds.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 508 30.5.1 Content Filter Blocked and W arning Messages These are the content filt ering warning mes sages: 30.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 509 keyword. Use this screen to add or remove specific sites or k eywords from the filter list. Figure 301 Configu ration > Anti-X > Content Filter > Filter Profile > Customization The following table descri bes the labels in this screen.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 510 Block ActiveX ActiveX is a tool for building dynamic and active web pages and distributed object applications. When you visit an ActiveX web site, ActiveX controls are downloaded to your browser , where they remain in case you visit the site again.
Chapter 30 Co n te nt Fi lt er ing ZyWALL USG 20/20W User’s Guide 51 1 30.7 Content Filter T echnical Reference This section provi des content filtering background informati on. Forbidden W eb Sites This list displays the forbidden web sites already added.
Chapter 30 Content Filtering ZyWALL USG 20/20W User’s Guide 512 External Content Filter Server Lookup Procedure The content filter lookup process is described below . Figure 302 Content Filter Lookup Procedure 1 A computer behind the Z yW ALL tries to access a web site.
ZyWALL USG 20/20W User’s Guide 513 C HAPTER 31 Content Filter Reports 31.1 Overview Y ou can view c ontent filtering reports afte r you have activ ated the category -based content filtering sub scription service. See Section 10.1 on page 211 on how to create a myZ y XEL.
Chapter 31 Content Filter Repo rts ZyWALL USG 20/20W User’s Guide 514 2 Fill in your myZ yXEL.com account information and click Login . Figure 303 myZyXEL.
Chapter 3 1 Content Filt er Reports ZyWALL USG 20/20W User’s Guide 515 3 A welcome screen displays. Cl ick your Z yW ALL’ s model name and/or MAC addr ess under Registered ZyXEL Products (the ZyW ALL 70 is shown as an example here).
Chapter 31 Content Filter Repo rts ZyWALL USG 20/20W User’s Guide 516 4 In the Service Management screen click Content Filter in the Service Name column to open the content filter reports screens. Figure 305 myZyXEL.com: Service Ma nagement 5 In the Web Filter Home screen, click the Reports tab.
Chapter 3 1 Content Filt er Reports ZyWALL USG 20/20W User’s Guide 517 6 Select items under Global Reports to view the corresponding reports. Figure 307 Content Filter Reports: Report Home 7 Select .
Chapter 31 Content Filter Repo rts ZyWALL USG 20/20W User’s Guide 518 8 A chart and/or list of requested web si te categories displa y in the lower half of the screen.
Chapter 3 1 Content Filt er Reports ZyWALL USG 20/20W User’s Guide 519 9 Y ou can click a category in the Categories report or click URLs in the Report Home screen to see the URLs that were reques ted.
Chapter 31 Content Filter Repo rts ZyWALL USG 20/20W User’s Guide 520.
ZyWALL USG 20/20W User’s Guide 521 C HAPTER 32 Anti-Spam 32.1 Overview The anti-spam feature can mark or disc ard spam (unsolicited commercial or junk e-mail). Use the white list to identify legitimate e-mail. Use the black list to identify spam e-mail.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 522 Black List Configure black list entri es to identify spam. The black list entries ha ve the Z yWALL classify an y e-mail that is from or forwarded by a specified IP address or uses a specified header field and header v alue as being spam.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 523 E-mail Header Buffer Size The Z yWALL has a 5 K buffer for an individu al e-mail head er . If an e-ma il’ s header is longer than 5 K, the Z yW ALL only checks up to the first 5 K.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 524 spam policies. Y ou can also select the action the Z yW ALL takes when the mail sessions threshold is reached. Figure 310 Configu ration > Anti-X > Anti-S pam > General The following table descri bes the labels in this screen.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 525 32.3.1 The Anti-S p am Policy Add or Edit Screen Click the Add or Edit icon in t he Configuration > Anti-X > Anti-Spam > General scre en to display the configuration sc reen as shown next.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 526 check, which e-mail protocols to scan, the scanning opti ons, and t he action to take on spam tr affic. Figure 31 1 Configuration > Anti-X > Anti-S pam > General > Add The following table descri bes the labels in this screen.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 527 32.4 The Anti-S p am Black List Screen Click Configuration > Anti-X > Anti-Spam > Black / White L ist to display the Anti-Spam Black List screen. Configure the black l ist to identify spam e-mail.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 528 specific subject t ext. Click a column’ s heading cell to sort the table entries by that column’s criteria.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 529 32.4.1 The Anti-S p am Black or White List Add/Edit Screen In the anti-spam Black List or White List screen, click the Add icon or an Edit icon to displa y the following screen. Use this screen to configure an anti-spam bl ack list entry to id entify spam e-mail.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 530 32.4.2 Regular Expressions in Black or White List Entries The following applies for a black or white li st entry based on an e-mail subj ect, e- mail address, or e-mail header v alue. • Use a question mark (?) to let a single char acter v ary .
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 531 32.5 The Anti-S p am White List Screen Click Configuration > Anti-X > Anti-Spam > Black/White List and then the White List tab to displa y the Anti-Spam White List screen. Configure the white list to identify legi timate e-mai l.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 532 32.6 The DNSBL Screen Click Configuration > Anti-X > Anti-Spam > DNSBL to display the anti-spam DNSBL screen.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 533 The following table descri bes the labels in this screen. T able 150 Configuration > Anti-X > Anti-S pam > DNSBL LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this button to displa y a greate r or lesser num ber of configur ation fields.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 534 32.7 Anti-S p am T echnical Reference Here is more detailed anti-spam information. DNSBL • Th e Z y W A L L c h e c k s o n l y p u b l i c s e n d e r a n d relay IP addresses, it does not check private IP addresses.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 535 Here is an example of an e- mail classified as spam based on DNSBL replies. Figure 316 DNSBL S pam Detectio n Example 1 The Z yWALL receiv es an e-mail that was se nt from IP address a.a.a.a and rela yed by a n e- ma il ser ver at IP a dd res s b.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 536 Here is an example of an e-mail classifi ed as legitimate based on DNSBL replies. Figure 317 DNSBL Legitimate E-mail Detection Example 1 The Z yW ALL receives an e-mail that was sent f rom IP address c.
Chapter 32 Anti-Spam ZyWALL USG 20/20W User’s Guide 537 If the Z yW ALL receives conflicting DNSBL replies for an e- mail routing IP address, the Z yWALL classifies the e-mail as spam. Here is an example. Figure 318 Conflicting DN SBL Replies Exam ple 1 The Z yWALL receives an e-mail that was sent from IP addres s a.
Chapter 32 Anti- S pa m ZyWALL USG 20/20W User’s Guide 538.
ZyWALL USG 20/20W User’s Guide 539 C HAPTER 33 User/Group 33.1 Overview This chapter describes how t o set up user account s, user groups , and user sett ings for the Z yW ALL. Y ou can also set up rules that c ontrol when users hav e to log in to the Z yWALL before the Z yWALL routes traffic fo r them.
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 540 Note: The default admin account is alwa ys authenticated locally , regardless of the authentication method setting. (See Chapter 37 on page 573 for more information about authenticat ion methods.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 541 See Setting up User Attr ibutes in an External Server on page 553 for a list of attributes and how to set up the at tributes in an external server .
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 542 33.2 User Summary Screen The User screen provides a summary of all us er accounts. T o access this screen, login to th e W e b Configurator , and click C onfiguration > O bject > User/Group .
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 543 •- [ d a s h e s ] The first character must be alphabetical (A -Z a- z), an underscore (_), or a dash (- ).
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 544 The following table descri bes the labels in this screen. T able 153 Configuration > User/Group > User > Add LABEL DESCRIPTION User Name T ype the user name for this user account.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 545 33.3 User Group Summary Screen User groups consist of access users and other user group s. Y ou cannot put admin users in us er groups. The Group screen provides a summar y of all user groups.
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 546 33.3.1 Group Add/Edit Screen The Group Add/Edit screen allows you to create a new user group or edit an existing one. T o access this screen, go to the Group screen (see Section 33.3 on page 545 ), and click either the Add icon or an Edit icon.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 547 33.4 Setting Screen The Setting screen controls default settings, login settings, lockout settings, and other user settings for the Z yWAL L. Y ou ca n also use this screen to specify when users must log in to the Z yWALL before it routes tr affic for them.
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 548 T o access this screen, l ogin to the W eb Configurator , and click Configuration > Object > User/Group > Setting . Figure 323 Configuration > Obje ct > User/Group > Setti ng The following table descri bes the labels in this screen.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 549 User T ype These are the kinds of user account the Z yWALL supports. • admin - this user can look at and change the configuration of the Z .
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 550 33.4.1 Default User Authenti cation T imeout Settings Edit Screens The Default Authentication Timeout Settings Edit screen allows y ou to set the default au thenticati on timeout se ttings fo r the select ed type of user acc ount.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 551 T o access this screen, g o to the Configuration > Obje ct > User/Group > Setting screen (see Section 33.4 on page 547 ), and click one of the Default Authentication Timeout Settings section’s Edit icons.
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 552 33.4.2 User A ware Login Example Access users cannot use the Web Configur ator to browse the configuration of the Z yWALL . Instead, after access users lo g into the Z yWALL, the following screen appears.
Chapter 33 User/Group ZyWALL USG 20/20W User’s Guide 553 33.5 User /Group T echnical Reference This section provi des some informat ion on us ers who use an ex ternal authentication server in order to log in.
Chapter 33 Us er /G ro up ZyWALL USG 20/20W User’s Guide 554.
ZyWALL USG 20/20W User’s Guide 555 C HAPTER 34 Addresses 34.1 Overview Address objects can represent a single IP address or a r ange of IP addresses. Address groups are composed of addr ess objects and other address groups. 34.1.1 What Y ou Can Do in this Chapter •T h e Address screen ( Section 34.
Chapter 34 Add re sse s ZyWALL USG 20/20W User’s Guide 556 • RANGE - a range address is defined by a Starting IP Address and an Ending IP Address . • SUBNET - a network address is defined by a Network IP address and Netmask subnet mask. The Address screen provides a summary of all addresses in the ZyW ALL.
Chapter 34 Addresses ZyWALL USG 20/20W User’s Guide 557 34.2.1 Address Add/Edit Screen The Configuration > Address Add/Edit screen allows you to create a new address or edit an existing one. T o access this screen, go to t he Address screen (see Section 34.
Chapter 34 Add re sse s ZyWALL USG 20/20W User’s Guide 558 34.3 Address Group Summary Screen The Address Group screen provides a summary of all address groups. T o access this screen, clic k Configuration > Object > Address > Address Group .
Chapter 34 Addresses ZyWALL USG 20/20W User’s Guide 559 34.3.1 Address Group Add/Edit Screen The Address Group Add/Edit screen allows you to create a new address group or edit an existing one. T o access this screen, go to the Address Group screen (see Section 34.
Chapter 34 Add re sse s ZyWALL USG 20/20W User’s Guide 560.
ZyWALL USG 20/20W User’s Guide 561 C HAPTER 35 Services 35.1 Overview Use service objects to define T CP applications, UDP applicat ions, and ICMP messages. Y ou can also create service groups to refer to multiple service objects in other features. 35.
Chapter 35 Serv ices ZyWALL USG 20/20W User’s Guide 562 Both TCP and UDP use ports to identify the source and destination. Each port is a 16-bit number . Some port numbers have b een standardized and are used by low- level system processes; man y othe rs have no particular meaning.
Chapter 35 Services ZyWALL USG 20/20W User’s Guide 563 entries by that col umn’s criteria. Click the heading cell again to reverse the sort order . Figure 332 Configu ration > Object > Service > Se rvice The following table descri bes the labels in this screen.
Chapter 35 Serv ices ZyWALL USG 20/20W User’s Guide 564 35.2.1 The Service Add/Edit Screen The Service Add/Edit screen allows you to create a new service or edit an existing one. T o access this screen, go to the Service screen (see Section 35.2 on page 562 ), and click either the Add icon or an Edit icon.
Chapter 35 Services ZyWALL USG 20/20W User’s Guide 565 T o access this screen, l og in to the W eb Confi gurator , and click Configuration > Object > Service > Service Group . Figure 334 Configu ration > Object > Service > Service Group The following table describes the labels in this screen.
Chapter 35 Serv ices ZyWALL USG 20/20W User’s Guide 566 35.3.1 The Service Group Add/Edit Screen The Service Group Add/Edit screen allows y ou to create a new servic e group or edit an existing one. T o access this screen, go to the Service Group screen (see Section 35.
ZyWALL USG 20/20W User’s Guide 567 C HAPTER 36 Schedules 36.1 Overview Use schedules to set up one-time and recurring schedules for policy routes, firewall rules, and content filtering. The Z yWALL supports one-time and recurring schedules. One-time schedul es are effective only once , while recurr ing schedules usually repeat.
Chapter 36 Sc he du le s ZyWALL USG 20/20W User’s Guide 568 Finding Out More • See Section 6.6 on page 103 for rel ated informat ion on these screens. • See Section 43.4 on page 631 for information about the Z yWALL’ s current date and time. 36.
Chapter 36 Schedules ZyWALL USG 20/20W User’s Guide 569 36.2.1 The One-T ime Schedule Add/Edit Screen The One-Time Schedule Add/Edit screen allows you to define a one-ti me schedule or edi t an exi sting one. T o access this screen, go to the Schedule screen (see Section 36.
Chapter 36 Sc he du le s ZyWALL USG 20/20W User’s Guide 570 36.2.2 The Recurring Schedule Add/Edit Screen The Recurring Schedule Add/Edit screen allows you to defi ne a recurring schedule or edi t an exi sting one. T o access this screen, go to the Schedule screen Date Time StartDate Specify the year , month, and day when the schedule begins.
Chapter 36 Schedules ZyWALL USG 20/20W User’s Guide 571 (see Section 36.2 on page 568 ), and click either the Add icon or an Edit icon i n the Recurring se ction. Figure 338 Configu ration > Object > Schedule > Edit (Recurring) The Year , Month , and Day columns are not used in recurring sch edules and are disabled in this screen.
Chapter 36 Sc he du le s ZyWALL USG 20/20W User’s Guide 572.
ZyWALL USG 20/20W User’s Guide 573 C HAPTER 37 AAA Server 37.1 Overview Y ou can use a AAA (Authentication, A uthorization, Accounting) serv er to provide access control to your network. The AAA serv er can be a Activ e Directory , LDAP , or RADIUS server .
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 574 37.1.2 RADIUS Server RADIUS (Remote Authentication Dial- In User Service) authentication is a popular protocol used to au thenticate users by me ans of an external server instead of (or in addition to) an internal device user database that is l imited to the memory capacity of the d evice.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 575 •U s e t h e Configuration > Object > AAA Serv er > RADIUS screen ( Section 37.3 on page 579 ) to configure the default extern al RADIUS server to use for user authentication. 37.1.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 576 organizational boundaries. The following figure shows a basic directory structure branchi ng from countries to organizations to organization al units to individuals. Figure 341 Basic Directory S tructure Distinguished Name (DN) A DN uniquely identifies an entry in a directory .
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 577 • See Section 7.6 on page 124 for an example of how to use a RADIUS server to authenticate user acco unts based on groups.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 578 following screen. Use this screen to create a new AD or LDAP entry or edit an existing one. Figure 343 Configura tion > Object > AAA Server > Active Directory (or LDAP) > Ad d The following table descri bes the labels in this screen.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 579 37.3 RADIUS Server Summary Use the RADIUS screen to manage the list of RADIUS servers the Z yW ALL can use in authenticating users. Base DN S pecify the directory (up to 12 7 alphanumerical characters).
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 580 Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Figure 344 Configuration > Object > AAA Server > RADIUS The following table descri bes the labels in this screen.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 581 37.3.1 Adding a RADIUS Server Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Click the Add icon or an Edit icon to display the f ollowing sc reen. Use this screen to create a new AD or LDAP entry or edit an existing one.
Chapter 37 AAA Server ZyWALL USG 20/20W User’s Guide 582 Timeout Specify the timeout period (between 1 and 300 seconds) before the Z yWALL disconn ects from the RADIUS server . In this case, user authentication fails. Search timeout occurs when either the user information is not in the RADIUS server or the RADIUS server is down.
ZyWALL USG 20/20W User’s Guide 583 C HAPTER 38 Authentication Method 38.1 Overview Authentication method objects set how the ZyW ALL authenticates wireless, HT TP/ HT TPS clients, and p eer IPSec routers ( ext ended authentic ation) clients.
Chapter 38 Auth en tic ation Method ZyWALL USG 20/20W User’s Guide 584 3 Select Server Mode and select an auth entication method object from the drop- down list box. 4 Click OK to sav e the settings. Figure 346 Example: Using Authentication Method in VPN 38.
Chapter 38 Authentication Method ZyWALL USG 20/20W User’s Guide 585 38.2.1 Creating an Authentication Method Object Follow the steps below to create an au thentication method object . 1 Click Configuration > Object > Auth. Method . 2 Click Add .
Chapter 38 Auth en tic ation Method ZyWALL USG 20/20W User’s Guide 586 7 Click OK to sav e the settings or click Cancel to discard all changes and return to the previous screen. Figure 348 Configuration > O bject > Auth. Met hod > Add The following table descri bes the labels in this screen.
Chapter 38 Authentication Method ZyWALL USG 20/20W User’s Guide 587 Add icon Click Add to add a new entry . Click Edit to edit the settings of an entry . Click Delete to delete an entry . OK Click OK to save the changes. Cancel Click Cance l to discard the changes.
Chapter 38 Auth en tic ation Method ZyWALL USG 20/20W User’s Guide 588.
ZyWALL USG 20/20W User’s Guide 589 C HAPTER 39 Certificates 39.1 Overview The Z yWALL can use certificates (also call ed digital IDs) to authenticate us ers. Certificates are based on public-priv ate k ey pairs. A certificate contains the certificate owner’ s identity and public k ey .
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 590 2 Tim keeps the private key and makes the pu blic key op enly available. This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 591 Factory Default Certificate The Zy WALL generates its own unique self-s igned certificate when y ou first turn it on. This cert ificate is refer red to in th e GUI as the fa ctory defau lt certific ate.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 592 2 Make sure that the certificat e has a “. cer” or “.crt” file name extension. Figure 349 Remote Ho st Certi fica t es 3 Double-click the certificate’ s icon to open the Certificate window .
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 593 39.2 The My Certificates Screen Click Configuration > Object > Ce rtificate > My Certificates to open the My Certificates screen. This is the ZyW ALL’s summary list of certi ficates and certification requests.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 594 39.2.1 The My Certificates Add Screen Click Configuration > Object > Cert ificate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the T ype This field displays what kind of certificate this is.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 595 Z yWALL create a self-si gned certificate, enroll a certificate with a certification authority or gener ate a certification request.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 596 The following table descri bes the labels in this screen. T able 178 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name T ype a name to identify this certificate.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 597 Create a certification request and save it locally for later manual enrollment Select this to have the Z yWALL gener ate and store a request for a certificate. Use the My Certificate Details screen to view the certification request and copy it to send to the certification authorit y .
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 598 If you confi gured the My Certificate Create screen to hav e the Z yWALL enroll a certificate and the certificate enrol lment is not successful , you see a screen wi th a Return button that take s you back to the My Certificate Create screen.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 599 39.2.2 The My Certificates Edit Screen Click Configuration > Object > Cert ificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. Y ou can use this screen to vie w in-depth certificate information an d change the certificate’ s name.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 600 The following table descri bes the labels in this screen. T able 179 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate .
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 601 K ey Algorithm This field displays the t ype of algorithm that was used to gener ate the certificate’s k ey pair (the Z yWALL uses RS A encryption) and the length of the key set in bits (1024 bits for example).
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 602 39.2.3 The My Certificates Import Screen Click Configuration > Object > Certific ate > My Certificates > Import to open the My Certificate Import screen. F ollow the instructions in this screen to save an existi ng certificate to t he Z yWALL.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 603 39.3 The T rusted Certificates Screen Click Config uration > Object > C ert ificate > Truste d Certificates to open the Trusted Certificates screen. This screen d isplays a summary list of certificates that yo u have set t he ZyWALL to ac cept as trusted.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 604 39.3.1 The T rusted Certificates Edit Screen Click Configuration > Object > Cert ificate > Trusted Certificates and then a certificate’ s Edit icon to open the Trusted Certificates Edit screen.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 605 authority’ s list of revoked certificates befo re trusting a certificate issued by the certification authority .
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 606 The following table descri bes the labels in this screen. T able 182 Configuration > Object > Certificate > T rusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifyin g name of this certificate.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 607 T ype This field displays general inform ation about the ce rtificate. CA-signed means that a Certification Authority signed the certificate. Self -signed means that the certificate’ s owne r signed the certificate (not a certification authority).
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 608 39.3.2 The T rusted Certificates Import Screen Click Configuration > Object > Certificat e > Trusted Certificates > Import to open the Trusted Certifica tes Import screen. Follow the i nstructions in this screen to save a trusted certificate to the Z yW ALL.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 609 The following table descri bes the labels in this screen. 39.4 Certificates T echnical Reference OCSP OCSP (Online Certificate Stat us Protocol) allows an application or device to check whether a certificate is v alid.
Chapter 39 Certificates ZyWALL USG 20/20W User’s Guide 610.
ZyWALL USG 20/20W User’s Guide 61 1 C HAPTER 40 ISP Accounts 40.1 Overview Use ISP accounts to manage Internet Se rvice Prov ider (ISP) account information for PPPoE/PPTP interfaces. An ISP account is a profile of settings for Internet access using PPP oE or PPTP .
Chapter 40 IS P Accou n ts ZyWALL USG 20/20W User’s Guide 612 The following table descri bes the labels in this screen. See the ISP Accou nt Edit section below for more information as well. 40.2.1 ISP Account Edit The ISP Account Edit screen lets you add i nformation about new accounts and edit inform ation about existing accoun ts.
Chapter 40 IS P Accou n ts ZyWALL USG 20/20W User’s Guide 613 The following table descri bes the labels in this screen. T able 185 Configuration > Object > ISP Account > Edit LABEL DESCRIPTION Profile Name This field is read-only if you ar e editing an existing account.
Chapter 40 IS P Accou n ts ZyWALL USG 20/20W User’s Guide 614 Compression Select On button to turn on stac compression, and select Off to turn off stac compression. Stac compression is a data compression technique capable of compressing data by a factor of about fou r .
ZyWALL USG 20/20W User’s Guide 615 C HAPTER 41 SSL Application 41.1 Overview Y ou use S SL application objects i n SSL VPN. Configure an S SL application object to specify the t ype of application and the address of t he local computer , server , or web site SSL us ers are to be able to access.
Chapter 41 SSL Application ZyWALL USG 20/20W User’s Guide 616 Remote Desktop Connections Use SSL VPN to allow remote users to ma nage LAN computers. Depending on the functions supported by the remote deskto p softw are, they can install or remove software, run progr ams, change settings , an d open, copy , create, and delete f iles.
Chapter 41 SSL Application ZyWALL USG 20/20W User’s Guide 617 2 Click the Add button and select Web Application in the Ty pe field. In the Server Type field, select Web Server . Enter a descripti ve name in the Display Name field. For example, “CompanyIntranet” .
Chapter 41 SSL Application ZyWALL USG 20/20W User’s Guide 618 The following table descri bes the labels in this screen. 41.2.1 Creating/Editing a W eb-based SSL Application Object A web-based application allows remote user s to access an application via standard web browsers.
Chapter 41 SSL Application ZyWALL USG 20/20W User’s Guide 619 The following table descri bes the labels in this screen. T able 187 Configuration > Object > SSL Application > Add/Edit: Web Applica tion LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings This displays for VNC or RDP type web application objects.
Chapter 41 SSL Application ZyWALL USG 20/20W User’s Guide 620 Entry Point This field displays if the Server Type is s et to Web Server or OWA . This field is optional. Y ou onl y need to configure this field if you need to specify the name of the directory or file on the local server as the home page or home directory on the user screen.
ZyWALL USG 20/20W User’s Guide 621 C HAPTER 42 Endpoint Security 42.1 Overview Use Endpoint Security (EPS), also known as endpoi nt control, to make sure users’ computers comply with defined corpor ate policies before they can access the network or an SSL VPN tunnel.
Chapter 42 End po int Secu rity ZyWALL USG 20/20W User’s Guide 622 42.1.1 What Y ou Can Do in this Chapter Use the Configuration > Object > Endpoint Security screens ( Sect ion 42.2 on page 623 ) to create and manage endpoint securit y objects.
Chapter 42 Endpoint Security ZyWALL USG 20/20W User’s Guide 623 42.2 End point Security Screen The Endpoint Security screen displa ys the endpoint security objects you hav e configured on the Z yWALL. Click Configuration > Obje ct > Endpoint Security to display the screen.
Chapter 42 End po int Secu rity ZyWALL USG 20/20W User’s Guide 624 42.3 End point Security Add/Edit Click Configuration > Object > End point Security and then the Add (or Edit ) icon to open the Endpoint Security Edit screen. Use this screen to configure an endpoint secu rity object.
Chapter 42 Endpoint Security ZyWALL USG 20/20W User’s Guide 625.
Chapter 42 End po int Secu rity ZyWALL USG 20/20W User’s Guide 626 The following table giv es an overview of the objects you can configure. T able 189 Configuration > Object > End point Securi.
Chapter 42 Endpoint Security ZyWALL USG 20/20W User’s Guide 627 Checking Item - Anti-V irus Software If you selected Windows as the operating system, you can select wh ether or not the user’s com puter is required to have anti- virus softw are installed.
Chapter 42 End po int Secu rity ZyWALL USG 20/20W User’s Guide 628 Checking Item - File Information If you selected Windows or Linux as the oper ating system, you can use this table to check details of specific files on the user’s computer .
ZyWALL USG 20/20W User’s Guide 629 C HAPTER 43 System 43.1 Overview Use the system screens to configure general Z yWALL settings. 43.1.1 What Y ou Can Do in this Chapter •U s e t h e System > Host Name screen (see Section 43.2 on page 630 ) to configure a unique name for the ZyW ALL in your network.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 630 • Y our ZyW ALL can act as an SNMP agent, which allows a manager station to manage and monitor the ZyW ALL through the network. Use the System > SNMP screen (see Section 43.11 on page 670 ) to configur e SNMP sett ings, including from which z ones SNMP can be used to access the Z yW ALL.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 631 43.3 USB S torage The Z yWALL can use a connected USB device to store the system log and other diagnostic information. Use this screen to turn on this feature and set a disk full war ni ng lim i t.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 632 a software mechan ism to set th e time manu ally or get the current time and date from an ex ternal server . T o change your Z yWALL’ s time based on your local time zone and date, click Configuration > System > Date/Time .
Chapter 43 System ZyWALL USG 20/20W User’s Guide 633 New Time (hh- mm-ss) This field displays the last updated time from the time server or the last time configured manually . When you set Time and Date Setu p to Manual , enter the new time in this field and then click Apply .
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 634 43.4.1 Pre-defined NTP T ime Servers List When you turn on the Z y W ALL for the firs t time, the date and t ime start at 2003- 01-01 00:00:00. The Z yW ALL then attempts to synchronize with one of the following pre-defined list of Netw ork Time Protocol (NTP) time servers.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 635 43.4.2 T ime Server Synchronization Click the Synchronize Now button to get t he time and date from the t ime server you specified in the Time Server Address field. When the Please Wait... screen a ppears, you may hav e to wait up to one minute.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 636 5 Under Time and Date Setup , enter a Time Server A ddress ( T able 193 on page 634 ). 6 Click Apply . 43.5 Console Port S peed This section shows y ou how t o set the console port speed when y ou connect to the Z yWALL via the console port using a terminal emulation program.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 637 43.6.1 DNS Server Address Assignment The Z yWALL can get the DNS server addresses in the following w ays. • The ISP tells you the DNS serv er addresses, usually in the form of an info rmat ion sh eet , whe n you sign u p.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 638 The following table descri bes the labels in this screen. T able 195 Configuration > System > DNS LABEL DESCRIPTION Address/PTR Rec o r d This record specifies the mapping of a Fully -Qualified Domain Name (FQDN) to an IP address.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 639 DNS Serv er This is the IP address of a DN S server . This field displays N/A if you have the Z yW ALL get a DNS server IP address from the ISP dynamically but the specified interface is not active.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 640 43.6.3 Address Record An address record cont ains the mapping of a Fully -Qua lified Domain Name (FQDN) to an IP address.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 641 The following table descri bes the labels in this screen. 43.6.6 Domain Zone Forwarder A domain zone forwarder contai ns a DNS server’ s IP address. The ZyW ALL can query the DNS server to resolve domain zones for features lik e VPN, DDNS and the time server .
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 642 The following table descri bes the labels in this screen. 43.6.8 MX Record A MX (Mail eXchange) record indicat es whic h host is responsible for the mail for a particular domain, that is, c ontrols where mail is sent for that domain.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 643 43.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record. Figure 375 Configuration > Syste m > DNS > MX Record Add The following table descri bes the labels in this screen.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 644 The following table descri bes the labels in this screen. 43.7 WWW Overview The following figure shows secure and insecure management of the Z yW ALL coming in from the W AN. HT TPS and SSH access are secure.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 645 1 Y ou have disabled that service in the corresponding screen. 2 The allowed IP address (a ddress object) i n the Service Control table does not match the client IP address (t he Zy WALL di sallows the session).
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 646 Please refer to the following figure. 1 HT TPS connection requests from an SSL - aware web browser go to port 443 (by default) on the Z yW ALL’ s web server . 2 HT TP connection requests fr om a web brow ser go t o port 80 (by default) on the Zy WA L L ’s w e b s e r v e r .
Chapter 43 System ZyWALL USG 20/20W User’s Guide 647 Note: Admin Service Control deals with management access (to the W eb Configurator). User Service Control deals with user access to the ZyW ALL (logging into SSL VPN for example).
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 648 Server P ort The HTTPS server listens on port 443 by default. If you change the HT TPS server port to a diffe rent number on the Z yWALL, for example 8443, then you must notify people who need to acce ss the ZyW ALL W eb Configurator to use “https://Z yWALL IP Address: 8443 ” as the URL.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 649 HT TP Enable Select the check box to allow or disallow the com puter with the IP address that matches the IP address(es) in the Serv ice Con trol table to access the Z yW ALL W eb Configur ator using HT TP connections.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 650 43.7.5 Service Control Rules Click Add or Edit in the Service Cont rol table in a WWW , SSH , Telnet , FTP or SNMP screen to add a service control rule. Figure 379 Configuration > System > Service Control Rule > Edit The following table descri bes the labels in this screen.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 651 also customize the page that di splays after an access user logs into the W eb Configurator to access n etwork servi ces like the In ternet. See Chapter 33 on page 539 for more on access user accounts.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 652 The following figures identify the part s you can customize in the login and access pages. Figure 381 Login Page Customization Figure 382 Acces.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 653 •C l i c k Color to displa y a screen of web-safe c olors from which to choose. • Enter the name of the desired color . • Enter a pound sig n (#) followed by the six -digit hexadecimal number that represents the desired color .
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 654 43.7.7 HTTPS Example If you hav en’t changed the default HT TP S port on the ZyWALL, then in your browser enter “https://Z yW ALL IP Address/” as the web site address where “Z yWALL IP Add ress” is the IP address or domain name of the ZyW ALL you wish to access.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 655 43.7.7.2 Net scape Na vigator W arning Messages When you attempt to access the Z yWALL HT TPS server , a Website Certified by an Unknown Authority scre en pop s up aski ng if yo u trust the server certificate.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 656 • The issuing certificat e authority of the Z yWALL’ s HT TPS server certificate is not one of the browser’s trusted certificate authorities.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 657 Apply for a certificate from a Certificatio n Au thority (CA) that is trusted by the Z yWALL (see the Z yWALL’ s Trusted CA We b C o n f i g u r a t o r s c r e e n ) .
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 658 43.7.7.5.2 Installing Y our Personal Certificate(s) Y ou need a password in advance. The CA may issue the password or you may have to specify it during th e enrollment.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 659 3 Enter the password g iven to y ou by the CA. Figure 391 Persona l Certificate Import Wizard 3 4 Have the wizard determine where the ce rtificate should be sav ed on your computer or se lect Place all certificates in the following store and choose a different location.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 660 5 Click Finish to complet e the wizard and begin the import process. Figure 393 Persona l Certificate Import Wizard 5 6 Y ou should see the following screen when the certificate is correctly installed on your com pu ter .
Chapter 43 System ZyWALL USG 20/20W User’s Guide 661 2 When Authenticate Client Certificates is selected on the Z yWALL, the following screen asks you t o select a personal cert ificate to send to th e Z yW ALL. This screen displays even if you only ha ve a si ngle certificate as in the example.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 662 SSH is a secure communication protocol t hat combines authentication and data encryption to pro vide secure encryp ted communication between two hosts over an unsecured network.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 663 2 Encryption Method Once the identification is v erified, both the client and server must agree on the type of encryption method t o use.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 664 Note: It is recommended that you disable T elnet and FTP when you configure SSH for secure connections. Figure 400 Configuration > Sy st em > SSH The following table descri bes the labels in this screen.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 665 43.8.5 Secure T elnet Using SSH Examples This section shows two examples usin g a command interface and a gr aphical interface SSH client progr am to remotely access the Z yW ALL. The configur ation and connection steps are similar for most S SH client progr ams.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 666 Enter the password to log in to the Z yW ALL. The CLI screen displays next. 43.8.5.2 Example 2: Linux This section describes how to access the Z yW ALL using the OpenSSH client program t hat comes with most Linux distributi ons.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 667 43.9.1 Configuring T elnet Click Configuration > System > TELNET to configure your Z yWALL for remote T elnet access. Use this screen to specify from whi ch zones T elnet can be used to manage the Z yWALL.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 668 43.10 FTP Y ou can upload and download the Z yWALL’ s firmware and configuration files using FTP . T o use this feature, your computer must have an FTP client. Please see Chapter 45 on page 693 for more information about firmw are and configuration files.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 669 be used to access the Z yW ALL. Y ou can also specify from which IP addresses the access can come. Figure 405 Configu ration > System > FTP The following table descri bes the labels in this screen.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 670 43.1 1 SNMP Simple Network Manageme nt Protocol is a prot ocol use d for ex changing management information between network devices. Y our ZyW ALL supports SNMP agent functionality , which allows a manager stat ion to manage and monitor the Z yW ALL through the network.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 671 and version two (SNMPv2c). The next fi gure illustrates an SNMP management operation. Figure 406 SNMP Manageme nt Model An SNMP managed network consists of two m ain types of component: agents and a manager .
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 672 • GetNext - Allows the manager to retrieve the next object v ariable from a table or list within an agent. In SNMPv1, when a manager wants to retriev e all elements of a table from an agent, it initiates a Get oper ation, followed by a series of GetNext oper ations.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 673 settings, including from whic h zones SNMP can be used to access t he ZyW ALL. Y ou can also specify from which IP addresses the access can come. Figure 407 Configuration > Sy st em > SNMP The following table descri bes the labels in this screen.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 674 43.12 V ant age CNM V antage CNM (Centralized Network Management) is a browser-based global management solution that allows an admi nistr ator from any l ocation to easily configure, manage, monitor and troubleshoot Z yXEL devices located worldwide.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 675 43.12.1 Configuring V ant age CNM V antage CNM is di sabled on th e device by default. Click Configuration > System > Vantage CNM to configure your device’ s V antage CNM settings.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 676 Tr a n s f e r Protocol Select whether the V antage CNM sessions should use regular HT TP connections or secure HT TPS connections. Note: HTTPS is recommended. The V antage CNM server must use the same setting.
Chapter 43 System ZyWALL USG 20/20W User’s Guide 677 43.13 Language Screen Click Configuration > Sys tem > Language to open the following screen.
Chapter 43 Sy ste m ZyWALL USG 20/20W User’s Guide 678.
ZyWALL USG 20/20W User’s Guide 679 C HAPTER 44 Log and Report 44.1 Overview Use these screens to configure da ily reporting an d log sett ings. 44.1.1 What Y ou Can Do In this Chapter •U s e t h e Email Daily Report screen ( Section 44.2 on page 679 ) to configure where and how to send daily reports and what reports to s end.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 680 Click Configuration > Log & Report > Email Daily Report to displa y the following screen.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 681 The following table descri bes the labels in this screen. 44.3 Log Setting Screens The Log Setting screens control log messages and alerts.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 682 The Log Setting tab also controls what information is saved in each log. For t he system log, you can also specify whic h log messages are e -mailed, where they are e-mailed, and how often they are e-mailed.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 683 44.3.2 Edit System Log Settings The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes th e e-mail profiles). Go to the Log Settings Summary screen (see Section 44.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 684 Figure 412 Configu ration > Log & Report > Log Setting > Edit (Syste m Log).
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 685 The following table descri bes the labels in this screen. T able 212 Configuration > Log & Report > Log Setting > Edit (System Log ) LABEL DESCRIPTION E-Mail Se rver 1/2 Active Sele ct this to send log messages and alerts according to the information in this section.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 686 E-mail Server 1 Use the E-Mail Server 1 drop-down list to change the settings for e-mailing logs to e-mail server 1 for all log categories. Using the System Log drop-down list to disable all logs overrides your e-mail server 1 settings.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 687 Active Sele ct this to activate log consolidation. Log consolidation aggregates multiple log messages th at arrive within the specified Log Consolidation Interval .
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 688 44.3.3 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen (see Section 44.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 689 The following table descri bes the labels in this screen. T able 213 Configuration > Log & Report > Log Setting > Edit (Remo.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 690 44.3.4 Active Log Summary Screen The Active L og Summary screen allows you to vi ew and to edit what information is included in the system log, e-mail profiles, and remote servers at the same time.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 691 The following table descri bes the fields in this screen. T able 214 Configuration > Log & Report > Log Setting > Active Log Summary LABEL DESCRIPTION System log Use the System Log drop-down list to change the log settings for all of the log categories.
Chapter 44 Log and Report ZyWALL USG 20/20W User’s Guide 692 Syst em log Select whi ch events y ou want to log by Log Category . There are three choices: disable all logs (red X) - do not log any in.
ZyWALL USG 20/20W User’s Guide 693 C HAPTER 45 File Manager 45.1 Overview Configuration files d efine the Z yW ALL’ s settings. Shell scrip ts are files of commands that you can store on the Z y W ALL and run when you need th em. Y ou can apply a configur ation file or run a sh ell script without the Z yWALL restarting.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 694 These files have the same syntax, which is also identical to the way y ou run CLI commands manually . An example is shown below . While configur ation files and shell scri pts hav e the same syntax, the ZyW ALL applies configur ation files differently than it runs shell scripts.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 695 Y our configuration files or shel l scripts can use “exit” or a command l ine consisting of a single “! ” to have the Zy WALL exit sub command mode. Note: “exit” or “!'” must follow sub commands if it is to make the ZyW ALL exit sub command mode.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 696 45.2 The Configuration File Screen Click Maintenance > File Manager > Configuration File to open the Configuration File screen. Use the Configuration File screen to store, run, and name configur ation files.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 697 The following table descri bes the labels in this screen. T able 216 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Ren a m e Use this button to change the label of a configur ation file on the Z yWALL.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 698 Copy Use this button to save a duplicate of a configur ation file on the Z y W ALL. Click a configuration file’ s row to select it and click Copy to open the Copy File screen.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 699 Apply Use this button to have the Z yWALL use a specific configur ation file. Click a configuration file’ s row to select it and click Apply to have th e Z yWALL use that configuration f ile.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 700 45.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware Package to open the Firmware Package screen. Use the Firmware Package screen to check your current firmware version and upload firmw are to the Z yWALL.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 701 Note: The Web Configurator is the recommended method for uploading firmware. Y ou only need to use the comma nd line interface if you need to recover the firmware. See the CLI Reference Guide for how to d etermine if you need to recover the firmware and how to recover it.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 702 Note: The ZyW ALL automatically reboot s after a successful uploa d. The Z yWALL automatically restarts causi ng a temporary network d isconnect. In some operating systems, you may see the following icon on your desktop.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 703 Each field is desc ribed in the followi ng table. T able 218 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Ren a m e Use this button to change the label of a shell script file on the Z yWALL.
Chapter 45 File Manager ZyWALL USG 20/20W User’s Guide 704 Apply Use this button to have the Z yW ALL use a specific shell script file. Click a shell script file’ s row to select it and click Apply to ha ve the Z yWALL use that shell s cript file.
ZyWALL USG 20/20W User’s Guide 705 C HAPTER 46 Diagnostics 46.1 Overview Use the diagnostics scre ens for troubleshooting. 46.1.1 What Y ou Can Do in this Chapter •U s e t h e Maintenance > Diagnostics screen (see Sect ion 46.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 706 Click Maintenance > Diagn ostics to open the Diagnostic screen. Figure 427 Maintenance > Diagnostics The following table descri bes the labels in this screen. 46.2.1 The Diagnostics Files Screen Click Maintenance > Diagnostics > Files to open the diagnostic files screen.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 707 The following table descri bes the labels in this screen. 46.3 The Packet Capture Screen Use this screen to capture network traffi c going throu gh the ZyW ALL’s interfaces. Studying these packet captures may help you i dentify network problems.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 708 Note: New capture files overwrit e existing files of the same name. Change the File Suffix field’s sett ing to avoid this. Figure 429 Maintenance > Diagnostics > Packe t Capture The following table descri bes the labels in this screen.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 709 Continuously capture and overwrite old ones Select this to have the ZyW ALL keep capturin g traffic and overwriting old packet capture entries when the available storage space runs out.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 710 46.3.1 The Packet Capture Files Screen Click Maintenance > Diagnostics > Packet Capture > Files to open the packet capture files screen. This screen list s the fi les of packet captures stored on the Z yW ALL or a connected USB stor age device.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 71 1 The following table descri bes the labels in this screen. 46.3.2 Example of V iewing a Packet Capture File Here is an example of a packet capture file viewed in the Wire shark packet analyzer .
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 712 Figure 431 Packe t Capture File Example 46.4 Core Dump Screen Use the Core Dump screen to hav e the Z yWALL save a process’ s core dump to an attached USB stor age device if the proc ess terminates abnormally (cr ashes).
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 713 The following table descri bes the labels in this screen. 46.4.1 Core Dump Files Screen Click Ma intenance > Diagnostics > Core Dump > Files to open the core dump files screen. This screen li sts the core dump files stored on the Z yW ALL or a connected USB stor age device.
Chapter 46 Diagnostics ZyWALL USG 20/20W User’s Guide 714 46.5 The System Log Screen Click Maintenance > Diagnostics > System Log to open the system log files screen. This screen lists th e files of system logs stored on a connected USB storage devic e.
ZyWALL USG 20/20W User’s Guide 715 C HAPTER 47 Packet Flow Explore 47.1 Overview Use this to get a clear picture on how the ZyW ALL determines where to forward a packet and how to change the source IP address of the packet according to your current settings.
Chapter 47 Pack et Flow Explore ZyWALL USG 20/20W User’s Guide 716 Note: Once a packet matches the criteria of a routing rule, the ZyW ALL t akes the corresponding action a nd does not perform any further flow checking.
Chapter 47 Packet Flow Explore ZyWALL USG 20/20W User’s Guide 717 Figure 439 Maintenance > Pa cket Flow Explore > Routing S tatus (Dynamic VPN) Figure 440 Maintenance > Pa cket Flow Explore.
Chapter 47 Pack et Flow Explore ZyWALL USG 20/20W User’s Guide 718 The following table descri bes the labels in this screen. T able 226 Maintenance > Packet Flow Explore > Routing S tatus LABEL DESCRIPTION Ro ut i n g Flow This section shows you the flow of how the Z yWALL determines where to route a packet.
Chapter 47 Packet Flow Explore ZyWALL USG 20/20W User’s Guide 719 47.3 The SNA T S t atus Screen The SNAT Status screen allows you to view and quickly link to specific source NA T (SNA T) settings. Click a function box in t he SNAT Flow section, the related SNA T rules (activated) will d isplay in the SNAT Table section.
Chapter 47 Pack et Flow Explore ZyWALL USG 20/20W User’s Guide 720 • use policy routes to control 1-1 NA T by using the policy control-virtual- server-rules activate command. Note: Once a packet matches the criteria of an SNA T rule, the ZyW ALL takes the corresponding action a nd does not perform any further flow checking.
Chapter 47 Packet Flow Explore ZyWALL USG 20/20W User’s Guide 721 The following table descri bes the labels in this screen. T able 227 Maintenance > Packet Flow Explore > SNA T S tat us LABEL .
Chapter 47 Pack et Flow Explore ZyWALL USG 20/20W User’s Guide 722.
ZyWALL USG 20/20W User’s Guide 723 C HAPTER 48 Reboot 48.1 Overview Use this to restart the device (for example, if the device begins behaving erratically). See also Secti on 1.5 on page 34 for information on d ifferent ways to start and stop the Z yWALL.
Chapter 48 Reboot ZyWALL USG 20/20W User’s Guide 724.
ZyWALL USG 20/20W User’s Guide 725 C HAPTER 49 Shutdown 49.1 Overview Use this to shutdown t he device in preparat ion for disconnecting the power . See also Section 1.5 on page 34 for information on di fferent ways to st art and stop t he Zy WA L L .
Chapter 49 Shu tdo wn ZyWALL USG 20/20W User’s Guide 726.
ZyWALL USG 20/20W User’s Guide 727 C HAPTER 50 Troubleshooting This chapter offers some suggestions to solv e problems you might encounter . • Y ou can also refer to the logs (see Chapter 9 on page 207 ). F or indiv idual log descriptions, see the User ’ s Guide appendix Appendix A on page 747 .
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 728 • If you ’ve f orgo tten the Z yWALL’s IP ad dres s, you c an us e the comm ands through the consol e port to check it. Connect yo ur computer to the CONSOLE port using a console cable.
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 729 The Z yWALL checks the firewall rules in the order that they are listed. So make sure that your custom firewall rule come s before an y other rules that the tr affic would also match. I cannot enter the interface name I want.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 730 The actual cellular data r ate you obtain v aries depending on the cellular d evice you us e, the signal strength to the serv ice pr ovider’ s base stat ion, and so on . I created a cellular interface but cannot connect through it.
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 731 At the time of writing, the Z yW ALL does not support ingress bandwidth management. I uploaded a custom signature file and now all of my earlier custom signatures are gone. The name of th e complete c ustom signat ure file on th e Z yWALL is ‘custom.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 732 • Make sure y ou recorded your DDNS account’ s user name, password, and domain name and have entered them properly in the Z yWALL.
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 733 Here are some general suggest ions. See also Chapter 23 on page 391 . • The system log can often help to identify a configur ation prob lem. • If you enable NA T tr aversal, t he remo te IPSec device must also ha ve NA T traversal enabled.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 734 • If you set up a VPN tunnel acros s the In ternet, make sure your ISP supports AH or ESP (whichever you are using).
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 735 The Z yWALL automatically updates address objec ts based on an interface’ s IP address, subnet, or gatew ay if the in t erface’ s IP address settings change. However , you need to manually edit any a ddress objects for your LAN that are not based on the interface.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 736 I cannot get a certificate to import into the ZyW ALL. 1 For My Certificates , you can import a certificate that matches a corresponding certification request that was g enerated by the Z yW ALL.
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 737 I uploaded a logo to use as the screen or window background but it does not display properly . Make sure the logo file is a GIF , JPG, or PNG of 100 kilobytes or less. The ZyW ALL’ s traffic throug hput rate decreased after I started collecting traf fic statistics.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 738 See the CLI Reference Guide for how to determin e if you need to rec over the firmware and how to recover it.
Chapter 50 Troubleshooting ZyWALL USG 20/20W User’s Guide 739 2 Press the RESET button and hold it until the SYS LED begins to blink. (Thi s usually takes about fiv e seconds.) 3 Release the RESET button, and wait for the Z yWALL to restart. Y ou should be able to access the Z yWALL using the default sett ings.
Chapter 50 Tro u ble sh oo tin g ZyWALL USG 20/20W User’s Guide 740.
ZyWALL USG 20/20W User’s Guide 741 C HAPTER 51 Product Specifications The following specific ations a re subj ect to change without notice. See Chapter 2 on page 37 for a gener al overvi ew of key feat ures. This table provides b asic device specifications.
Chapter 51 Product Specifications ZyWALL USG 20/20W User’s Guide 742 This table give s details about the Z yW ALL’ s features. T able 230 ZyWALL Feature Specifications FEATUR E # of MAC 5 (USG 20).
Chapter 51 Product Specifications ZyWALL USG 20/20W User’s Guide 743 Service Groups 50 Maximum service object in one group 64 Schedule Objects 16 ISP Account 4 Maximum Number of LDAP Groups 2 Maximu.
Chapter 51 Product Specifications ZyWALL USG 20/20W User’s Guide 744 The following table, which is not exhaustiv e, lists standards ref erenced by Zy WALL features.
Chapter 51 Product Specifications ZyWALL USG 20/20W User’s Guide 745 51.1 Power Adaptor S pecifications Built-in service, DNS server RFCs 1034, 1035, 112 3, 1183, 1535, 1536, 17 06, 1712, 1750, 1876.
Chapter 51 Product Specifications ZyWALL USG 20/20W User’s Guide 746 T able 233 European Plug Standards AC POWER ADAPT OR MODEL P SA18R -120P (ZE)-R INPUT POWER 100-240VAC, 50/60HZ, 0.
ZyWALL USG 20/20W User’s Guide 747 A PPENDIX A Log Descriptions This appendix provides descript ions of example log message s for the ZLD-based Z yW ALLs. The logs do not all apply to all of the ZLD-based Z yW ALLs. Y ou will not necessecarily see al l of these logs in your device.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 748 T able 240 Blocked Web Site Logs LOG MESSAGE DESCRIPTION %s :%s The rating server responded that the web site is in a specified category and access was blocked according to a content filter profile.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 749 %s: Proxy mode is detected The system detected a proxy connection and blocked access according to a profile. %s: website host %s: Forbidden Web site The web site is in forbidden web site list.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 750 Black List checking has been activated. The anti-spam black list has been turned on. Black List checking has been deactivated. The anti-spam black list has been turned off . Black List rule %d has been added.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 751 T able 242 SSL VPN Logs LOG MESSAGE DESCRIPTION %s %s from %s has logged in SSLVPN A user has logged into SSL VPN. The first %s is the type of user account. The second %s is the user ’ s user name.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 752 The %s address-object is wrong type for 'network' in SSL Policy %s. The listed address object (first %s ) is n ot the right kin d to be specified as a network in the listed SSL VPN policy (second %s).
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 753 %s %s from %s has been logged out SSLVPN (re- auth timeout) The specified user was signed out by the device due to a re- authentication timeout. The first %s is the type of user account.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 754 The Z ySH logs deal with internal system errors. T able 243 ZySH Logs LOG MESSAGE DESCRIPTION Invalid message queue.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 755 Can't remove %s 1st:zysh list name Table OPS %s: cannot retrieve entries from table! 1st:zysh table name %s: index is out of range.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 756 T able 244 ADP Logs LOG MESSAGE DESCRIPTION from <zone> to <zone> [type=<type>] <message> , Action: <action>, Severity: <severity> The Z yWALL detected an anomaly in traffic tr aveling between the specified zones.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 757 T able 245 User Logs LOG MESSAGE DESCRIP TION %s %s from %s has logged in ZyWALL A user logged into the ZyW ALL. 1st %s: The type of user account. 2nd %s: The user ’s user name. 3rd %s: The name of the servi ce the user is using (HT TP , HTTPS, F TP , T el net , SSH, o r co nsole ).
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 758 Failed login attempt to ZyWALL from %s (login on a lockout address) A login attempt came from an IP address that the Z yWALL has locked out. %u.%u.%u.%u: the source address of the user’ s login attempt Failed login attempt to ZyWALL from %s (reach the max.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 759 Registration has failed. Because of lack must fields. The device received an incomplete response from the myZ yXEL.com serv er and it caused a parsing error for the device. %s:Trial service activation has failed:%s.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 760 Do device register. The device started device registration. Do trial service activation. The device started tr ail service activation. Do standard service activation. The device started standard service activ ation.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 761 Build query message failed. Some information was missing in the packets that the device sent to the server . Resolve server IP has failed. The device could not resolv e the m yZ yXEL.com server's FQDN to an IP address through gethostbyname().
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 762 Content-Filter service has expired. The content filtering service period has expired. The device can find this through either a service expir ation day check via MyZ yXEL.com server or by the device’ s own count.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 763 [DPD] No response from peer. Using existing Phase-1 SA in %u seconds. Trying with Phase-1 rekey. The device’ s DPD feature has not detected a response from the remote IPSec router . %u is the retry time.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 764 [SA] : Tunnel [%s] Phase 1 key group mismatch %s is the tunnel name. When negotiating Phase-1, the DH group of the attribute list `attrs' did not match the security policy . [SA] : Tunnel [%s] Phase 1 negotiation mode mismatch %s is the tunnel name.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 765 IKE Packet Retransmit When retransmitting the IKE packets. Phase 1 IKE SA process done When Phase 1 negotiation is complete. Recv Main Mode request from [%s] %s is the remote name; When receiving a request to enter Main mode.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 766 XAUTH succeed! My name: %s %s is the my xauth name. This indicates that my name is valid.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 767 Outbound transform operation fail After encryption or hardware accelerated processing, the hardware acceler ator dropped a packet (e.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 768 Firewall %s %s rule %d has been moved to %d. 1st %s is from zone, 2nd %s is to zone, 1st %d is the old index of the rule 2nd %d is the new index of the rule Firewall %s %s rule %d has been deleted.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 769 The policy route %d uses empty source address group! Use an empty object group. %d: the policy route rule number The policy route %d uses empty destination address group! Use an empty object group.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 770 T able 252 Built-in Services Logs LOG MESSAGE DESCRIPTION User on %u.%u.%u.%u has been denied access from %s HT TP/HTT PS/TELNET/SSH/FTP/SNMP access to the device was d en ied . %u.%u.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 771 SNMP port has been changed to port %s. An administrator changed the port number for SNMP . %s is port number assigned by user SNMP port has been changed to default port. An administrator changed the port number for SNMP back to the default (161).
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 772 DNS access control rule %u has been moved to %d. An administrator mo ved the rule %u to index %d. %u is previous index %d variable is current index The default record of Zone Forwarder have reached the maximum number of 128 DNS servers.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 773 Access control rule %u of %s was modified. An access control rule was modified successfully . %u is the index of the access control rule. %s is HT TP/HT TPS/SSH/SNMP/FTP/TELNET . Access control rule %u of %s was deleted.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 774 DHCP Server executed with cautious mode disabled DHCP Server ex ecuted with cautious mode disabled. Received packet is not an ARP response packet A packet was received but it is not an ARP response packet.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 775 Device is rebooted by administrator! An administr ator restarted the device. Insufficient memory. Cannot allocate system memory . Connect to dyndns server has failed. Cannot connect to members.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 776 Update the profile %s has failed because the feature requested is only available to donators. Update profile failed because the feature requested is only av ailable to donators, %s is the profile name.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 777 DDNS profile %s has been renamed as %s. Rename DDNS profile, 1st %s is the original profile name, 2nd %s is the new profile name. DDNS profile %s has been deleted. Delete DDNS profile, %s is the profile name, DDNS Initialization has failed.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 778 The connectivity- check is activate for %s interface The link status of interface is still activate after check of connectivity check process.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 779 Can't get MAC address of %s interface! The connectivity check process can't get MAC address of interface. %s: interface name To send ARP REQUEST error! The connectivity check process can't send ARP request packet.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 780 RIP redistribute static routes has been enabled. RIP redistribute static routes has been enabled. RIP on interface %s has been deactivated. RIP on interface %s has been deactiv ated. %s: Interface Name RIP direction on interface %s ha s been changed to BiDir.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 781 Invalid OSPF %s authentication of area %s. OSPF md5 or text authentication has been set without setting md5 authentication id and key , or text authentication key first. Invalid OSPF virtual- link %d md5 authentication of area %s.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 782 %s SIP ALG has succeeded. The SIP ALG has been turned on or off . %s: Enable or Disable Extra signal port of SIP ALG has been modified. Extra SIP ALG port has been changed. Signal port of SIP ALG has been modified.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 783 Prepare to import "%s" into "My Certificate" %s is the name of a certificate request. Prepare to import "%s" into Trusted Certificate" %s is the name of a certificate request.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 784 Export X509 certificate "%s" from "My Certificate" failed The device was not able to export a x509 format certificate from My Certificates. %s is the certificate request name.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 785 15 CRL is too old. 16 CRL is not v alid. 17 CRL signature was not verified correctly . 18 CRL was not found (anywhere). 19 CRL was not added to the cache. 20 CRL decoding failed. 21 CRL is not currently v alid, but in the future.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 786 (%s MTU - 8) < %s MTU, %s may not work correctly. An administrator configured ethernet, vlan or bridge and this interface is base interface of PPP interface.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 787 Interface %s is disconnected. A PPP interface disconnected successfully . %s: interface name. Interface %s connect failed: Peer not responding. The interface’ s connection w ill be terminated because the server did not send any LCP packets.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 788 "SIM card of interface cellular%d in %s is damaged or not inserted. Please remove the device, then check the SIM card. The SIM card for the c ellular de vice associated with the listed cellular interface (%d) cannot be detected.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 789 Interface cellular%d required authentication password.Please set password in cellular%d edit page. Y ou need to manually enter the password for the listed cellular interface (%d). "Cellular%d (IMSI=%s or ESN=%s) over time budget!(budget = %d seconds).
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 790 Duplicated interface name. A duplicate name was not permitted for an interface. This Interface can not be renamed. An interface’s name cannot be changed. Virtual interface is not supported o n this type of interface.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 791 name=%s,status=%s,TxP kts=%u, RxPkts=%u,Colli.=%u,T xB/s=%u, RxB/s=%u,UpTime=%s This log is sent to the VRPT server to show the specified PPP/ Cellular interface’s statistics and uptime.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 792 Station association has failed. Maximum associations have reached the maximum number.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 793 T able 261 Port Grouping Logs LOG MESSAGE DESCRIPTION Interface %s li nks up because of changing Port Group.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 794 ERROR:#%s, %s R un script failed, this log will be what wrong CLI command is and what error message is. 1st %s is CLI command. 2nd %s is error message when apply CLI command. WARNING:#%s, %s Run script failed, this log will be what wrong CLI command is and what warning message is.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 795 T able 265 E-mail Daily Report Logs LOG MESSAGE DESC RIPTION Email Daily Report has been activated.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 796 T able 267 Auth. Policy Logs LOG MESSAGE DESCRIPTION Auth. P olicy featuer is disabled. The auth. policy feature is not enabled. Auth. policy %d is disabled. The specified auth. policy rule is not activ ated.
Appendix A Log Descriptions ZyWALL USG 20/20W User’s Guide 797 Windows version check fail in %s A user ’s computer did not match the Windows version check in the specified EPS object. EPS checking result is pass. A user’ s computer passed the EPS check.
Appendix A Log Desc rip tio ns ZyWALL USG 20/20W User’s Guide 798.
ZyWALL USG 20/20W User’s Guide 799 A PPENDIX B Common Services The following table lists some commonly-used services and their associated protocols and port numbers. F or a comprehe ns ive list of port numbers, ICMP type/ code numbers and services , visit the IANA (Internet Assigned Number Authority) web site.
Appendix B Commo n Servic es ZyWALL USG 20/20W User’s Guide 800 ESP (IPSEC_TUNNEL) User -Defin ed 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
Appendix B Common Services ZyWALL USG 20/20W User’s Guide 801 PPTP TCP 1723 Point -to-Point T unneling Protocol enables secure transfer of data ov er public networks. This is the control channel. PPTP_TUNNEL (GRE) User -Defin ed 47 PPTP (Point -to-Point T unneling Protocol) enables secure transfer of data over public networks.
Appendix B Commo n Servic es ZyWALL USG 20/20W User’s Guide 802 TFTP UDP 69 T rivial File T ransfer Protocol is an Internet file transfer protocol similar to FTP , but uses the UDP (User Datagram Protoco l) rather than TCP (T ransmission Control Protocol).
ZyWALL USG 20/20W User’s Guide 803 A PPENDIX C W ireless LANs Wireless LAN T opologies This section discuss es ad-hoc and infr astructure wi reless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configur ation is an in depend ent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B , C).
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 804 with each other . When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with eac h other .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 805 An ESSID (ES S IDentification) uniquely id entifies each ESS . All access points and their associated wirel ess clients within the same ESS must ha ve the same ESSID in order to comm unicate.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 806 wireless gatewa y , but out-of -range of ea ch other , so they cannot "hear" each other , that is they do not know if the channel is currently being used. Therefore, they are consider ed hi dden from each other .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 807 Note: Enabling the R TS Threshold causes redundant n etwork overhead that could negatively affe ct the throughput performance instead of providin g a remedy .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 808 (and vice versa) at 11 Mbps o r lowe r depe nding on range. IEEE 802.11g has sever al intermediate rate steps between the maximum and minimum data r ates.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 809 accounting and control features. It is su pported by Windows XP and a number of network devices. Some adva ntages of IEEE 802.1x are: • User based identification that allows fo r roaming.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 810 The following types of RADIUS messag es are exchanged between the access point and the RADIUS server for user accounting: •A c c o u n t i n g - R e q u e s t Sent by the ac cess point requesting accounting.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 81 1 authentication method does not support data encryption wi th dynamic session key . Y ou must configure WEP encry ption keys for data encryption.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 812 Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For ad ded security , certificate-based au thenti cations (EAP- TLS, EAP- TTLS and PEAP) use dynamic k eys for data encryption .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 813 use Advanc ed Encryption Standard (AES) in the Counter mode with Cipher b lock chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP . TKIP uses 128-bit k eys that are dynami cal ly generated and d istributed by the authentication server .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 814 authentication. These two features are op tional and ma y not be supported in all wireless dev ices. K ey caching allows a wireless client to stor e the PMK it deriv ed through a successful authentication wit h an AP .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 815 4 The RADIUS server distribut es the PMK to the AP . The AP th en sets up a key hierarchy and management system, usin g the PMK to dynamic ally generate unique data encryption k eys.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 816 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create tempor al encryption keys. They use these keys to encrypt data exchanged between them.
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 817 Antenna Overview An antenna couples RF signals onto air . A tr ansmitter within a wireless device sends an RF signal to the antenna, whic h propagates the signal through the air . The antenna also operates in reverse by capturing RF signals fr om the air .
Appendix C Wireless LANs ZyWALL USG 20/20W User’s Guide 818 • Omni-directional antennas send t he RF sign al out in all directions on a horiz ontal plane. The cover age area is torus-sh aped (like a donut) which makes these antennas ideal for a room environment.
ZyWALL USG 20/20W User’s Guide 819 A PPENDIX D Importing Certificates This appendix shows you how to import public key certificates into yo ur web browser . Public key certificates are used by web br owsers to ensure that a secure web site is legitimate.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 820 1 If your device’ s W eb Configur ator is set to use S SL certificati on, then the first time you browse to i t you are presented with a certif ication error . Figure 455 Internet Explorer 7: Cert ification Error 2 Click Continue to this website (not recommended) .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 821 4 In the Certificate dialog bo x, click Install Certificate . Figure 458 Internet Explorer 7: Cert ificate 5 In the Certificate Import Wizard , click Next .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 822 6 If you w ant Internet E xplorer to Automatically select certificate store based on the type of certificate , click Next again and then go to step 9.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 823 8 In the Select Certificate Store dialog box, choose a location in which to sa ve the certificate and then clic k OK . Figure 462 Internet Explorer 7: Select Certificate S tore 9 In the Completing the Certificate Import Wizard screen, click Finish .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 824 10 If you are presented with another Security Warning , c lick Yes . Figure 464 Internet Explorer 7: Securit y W arning 11 Finally , click OK when presented with the successful certificate installation message.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 825 Inst alling a St and-Alone Certific ate File in Internet Explorer Rather t han browsing to a Z yXEL W e b Co nfigur ator and installing a public key certificate when prompted, y ou can install a stand- alone certific ate file if one has been issued to you.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 826 1 Open Internet Explorer and click Tools > Internet Options . Figure 469 Internet Explorer 7: T ools Menu 2 In the Internet Options dialog box, cl ick Conte nt > Certificates .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 827 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certif icate that yo u w ant to delete, and then click Remove . Figure 471 Internet Explorer 7: Cert ificates 4 In the Certificates confirmation, click Yes .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 828 6 The next time you go to the web site that issued the public key certificat e you just removed, a certification error appears. Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional; however , the screens can also apply to Firefox 2 on all platforms.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 829 3 The certificate is stored and you ca n now connect securely to the W eb Configurator . A sealed padlock appears in the address bar , which you can click to open the Page Info > Security windo w to view the web page’ s security informat ion.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 830 1 Open Firefox and click Tools > Options . Figure 476 Firefox 2: T ools Menu 2 In the Options dialog bo x, click Advanced > Encryption > View Certificat es .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 831 3 In the Certificate Manager dialog box, cl ick Web S ites > Import . Figure 478 Firefox 2: Cert ificate Manager 4 Use the Select File dialog bo x to locate the certificate and then click Op en .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 832 Removing a Certificate in Firefox This section shows y ou how to remove a public key certificate in Fi refox 2. 1 Open Firefox and click Tools > Options . Figure 480 Firefox 2: T ools Menu 2 In the Options dialog bo x, click Advanced > Encryption > View Certificat es .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 833 3 In the Certificate Manager dialog box, select the Web Sites tab , select the certificate that you w ant to remove, and then click Delete . Figure 482 Firefox 2: Cert ificate Manager 4 In the Delete Web Site Certificates dialog bo x, click OK .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 834 1 If your device’ s W eb Configur ator is set to use S SL certificati on, then the first time you browse to i t you are presented with a certif ication error . 2 Click Install to accept the certi ficate.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 835 Inst alling a St and-Alone Ce rtificate File in Opera Rather t han browsing to a Z yXEL W e b Co nfigur ator and installing a public key certificate when prompted, y ou can install a stand- alone certific ate file if one has been issued to you.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 836 2 In Preferences , click Advanced > Security > Manage certificates . Figure 487 Opera 9: Prefer ences.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 837 3 In the Certificates Manager , click Authorities > Import . Figure 488 Opera 9: Certificate manage r 4 Use the Import certificate dialog box to locate the certificate and then click Open.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 838 5 In the Install authority certificate dialog box, c lick In stall . Figure 490 Opera 9: Inst all authority certificate 6 Next, click OK .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 839 1 Open Opera and click Tools > Preferences . Figure 492 Opera 9: T ools Menu 2 In Preferences , Advanced > Security > Manage certificates .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 840 3 In the Certificates manager , select the Authorities tab, select th e certific ate that you wa nt to rem ove, a nd th en c lick Delete .
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 841 2 Click Continue . Figure 495 Konquero r 3.5: Server Authentication 3 Click Forever when prompted to accept the certificate.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 842 Inst alling a St and-Alone Ce rtificate File in Konqueror Rather t han browsing to a Z yXEL W e b Co nfigur ator and installing a public key certificate when prompted, y ou can install a stand- alone certific ate file if one has been issued to you.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 843 3 The next time you vi sit the web site, click t he padlock in the address bar to open the KDE SSL Inf ormation window to view the web page’ s security details. Removing a Certificate in Konqueror This section shows y ou how to remove a public key certificate in K onqueror 3.
Appendix D Importing Certificates ZyWALL USG 20/20W User’s Guide 844 4 The next time you go to the web site that issued the public key certificat e you just removed, a certification error appears.
ZyWALL USG 20/20W User’s Guide 845 A PPENDIX E Open Sof tware Announcement s End-User License Agreement for “ZyW ALL USG 20” WARNING: Z yXEL Communications Corp . IS WILLING T O LICENSE THE SOFTWARE T O YOU ONL Y UPON THE CONDITION THA T YOU ACCEPT ALL OF THE TERMS CONT AINED IN THIS LICENSE AG REEMENT .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 846 therein shall remain at al l times with Z yXEL. Any other use of the Soft ware by an y other entity is strictl y forbidden and is a violation of this License Agreement.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 847 Y ou acknowledge that the Software contai ns propri etary trade sec rets of Z yXEL and you hereby agree to maintai n the con.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 848 THIS LICENSE AGRE EMENT IS EXPRES SL Y MADE SUBJECT T O ANY APPLICABLE LAWS, REGULA TIONS, ORDERS, OR OTHE R RESTRICT IONS ON THE EXPOR T OF THE SOFTWARE OR INFORMA TION ABOU T SUCH SOFTWARE WHICH MA Y BE IMPOSED FROM TIME T O TIME.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 849 NOTE: Some components of this product incorpor ate source code co vered under the open source code licenses.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 850 The above copyri ght notice and this permis sion notice shall be included in all copies or substantial portions of the Software.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 851 ------------ --- /* ================== =============== ================= * Copyright (c) 1998-2008 The OpenSSL Project.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 852 * * 5. Products derived from this software ma y not be called "OpenSSL" * no r may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 853 * * This product includes cryptograp hic software wri tten by Eric Y oung * (eay@cryptsoft.com). This produc t includes softw are written by Tim * Hudson (tjh @cryptsoft.com).
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 854 * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or te xtual) provided with the packag e.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 855 * IMPLIED WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PA RT I C U L A R P U R P O S E * ARE DISCLAIMED .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 856 This is the BSD license wit hout the obnoxious advertising claus e. It's also known as the "modified BSD license.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 857 OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. This Product incl udes httpd softwa re developed by t he Apache Software Foundation under Apache License.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 858 work of authorship. F or the purposes of this License, Derivativ e W orks shall not include works that remain separable from, or merely link (or bind by n ame) to t he interfaces of , the W or k and Derivative W orks thereof .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 859 (b) Y ou must cause an y modified files t o carry prominent notices stat ing that Y ou changed the files ; and (c) Y ou m us.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 860 8. Limitation of Liabil ity . In no event and under no legal theory , whether in tort (including negligence), contract, or .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 861 THIS SOF TWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NO T LIMITED TO , THE IMPLIED WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A P A R TICULAR PURPOSE ARE DISCLAIMED .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 862 Public License is the better strategy to use in any particular case, based on the explanations below . When we speak of free software, we are referring to freedom of use, not price.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 863 derivati ve of the original library . The ordinary Gener al Public License theref ore permits such linking only if the entire co mbination fits its criteria of freedom. The Lesser Gener al Public License permits more lax cri teria for linking other code wi th the library .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 864 software library or work which has been distri buted under these terms. A "work based on the Library" means eithe.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 865 part of a whole which is a work based on the Li brary , the distribution of t he whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every p art regardless of who wrote it.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 866 significant if the work can be link ed without the Library , or if the work is itself a library .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 867 include anything that is normally dist ribute d (in either sour ce or binary form ) with the major components (compiler , kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 868 License. If you cannot distribute so as to satisf y simultaneously y our obligations under this License and an y other pertinent obligations, then as a consequence you may not distribut e the Library at all.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 869 NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBR ARY , TO THE EXTENT PERMI T TED BY APP LICABLE LAW .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 870 commit to using it. (Some other Free Softw are Foundati on software is cov ered by the GNU Libr ary Gener al Public License inst ead.) Y ou can apply it t o your programs, too.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 871 copying, distribution and modificati on are not covered by this License; they are outside its scope.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 872 Program) on a volume of a storage or distribution medium does not bring the other work under the sc ope of this License.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 873 all its terms and conditions for copying, distributing or modifyi ng the Program or works based on it.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 874 Program does not specify a version number of this License, you may choose any version ever published by the Free Softw are Foundation.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 875 The Regents of the University of California . All rights reserved. R edistribution and use in source and binary forms, with .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 876 NONINFRINGE MENT . IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DA MAGES OR OTHER LIABILITY .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 877 Copyright 1999-2003 The OpenLD AP F oundation, R edwood City , California, USA. All Rights R eserved. P ermission to copy and distribute verbat im copies of this document is gr anted.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 878 disclaimer and license as libpng-0.96, with the following indivi duals added to the list of Contributing Authors: To m L a n e Glenn Randers-P ehrson Willem v an Schaik libpng versions 0.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 879 2. Altered versions must be plainl y mark ed as such and must not be misrepresented as being the original source. 3. This Copyright notice ma y not be remo ve d or alt ered from any source or altered source distribution.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 880 This Product includes pcmcia-cs software under the MPL License Mozilla Public Licen se V ersion 1.1 1. Definitions. 1.0.1. "Commercial Use" means distribution or ot herwise making the Covered Code available to a third party .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 881 1.8.1. "Licensable" means having the rig ht to grant, to the maximum extent possibl e, whether at the time of th e initial g rant or subseque ntly acquired, any an d all of the rights convey ed herein.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 882 2.1. The Initial Developer Gr ant. The Initial Developer hereby gr ants Y ou a world-wide, roy alty-free, non-exclusive license, subjec t to third part y intellect ual property claims: a.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 883 The Modifications which Y ou create or to which Y ou contribute are go verned by the terms of this License, including without limitation Section 2.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 884 (b) Contributor APIs If Contributor's Modifications include an application progr amming interface and Contributor has .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 885 alone, not by the Initial Developer or an y Contributor . Y ou hereby agree to indemn ify the Initia l Developer a nd every Contrib utor for any liab ility incurre d by the Initial Developer or such Contributor as a result of any such terms Y ou offer .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 886 "MOZILLAPL", "MOZPL", "Netscape", "MPL ", "NPL" or any confusingly simila.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 887 payment arr angement are not mutually agr eed upon in writing b y the parties or the litigation claim is not wi thdrawn, the rig hts granted by P articipant to Y ou under Sections 2.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 888 11. Miscellaneous This License represents the complete agreement concerning subject matter hereof . If any provision of this License is held to be unenforceab le, such provision shall be reformed only to the extent ne cessary to mak e it enforceable.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 889 The Original Code is ______________________________ ________. The Initial Developer of the Original Code is ________________________. P ortions created by ______________________ are Copyright (C) ______ _______________________.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 890 End-User License Agreement for “ZyW ALL USG 20W” WARNING: Z yXEL Communi cations Corp. IS WILLING T O LICENSE THE SOFTWARE T O YOU ONL Y UPON THE CONDITION THA T YOU ACCEPT ALL OF THE TERMS CONT AINED IN THIS LICENSE AG REEMENT .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 891 4. R estrictions Y ou may not publish, displa y , disclose, sell, rent, lease, modify , store, loan, distribute, or create deriv ative works of the Software, or any part thereof .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 892 THE SOFTWARE IS PROVIDED "AS IS ." T O THE MAXIMUM EXTENT PERMIT TE D BY LAW , Z yXEL DISCLAIMS ALL W ARRANTIES O.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 893 Z yXEL SHALL HA VE THE RIGHT , A T ITS OWN EXPENSE, UPON REASONABLE PRIOR NOTICE, T O PERIODICALL Y INSPECT AN D AUDIT Y OUR RECORDS T O ENSURE YOUR COMPLIANCE WITH THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 894 be reproduced or tr ansmitted in any fo rm or by any means, electronic or mechanical, for an y purpose, except th e express written permission of Z yXEL Communications Corporation.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 895 an X11-style license This is a Free Softwa re License This license is compatible with The GNU General Public License, V ersi.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 896 * are met: * * 1. Redist ributions of source co de must retain the abov e copyright * notice, this list of conditions and the following disclaimer .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 897 * acknowledgment: * "This prod uct includes softwa re developed by the OpenSSL Project * for use in the OpenSSL T oolkit (http://www.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 898 Origin al SSLea y License ------------ ----------- /* Copyright (C) 1995- 1998 Eric Y oung (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Y oung (eay@crypt soft.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 899 * are met: * 1. Redist ributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 900 * OR SERVICES; LOSS OF USE, DA T A, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY ,.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 901 • Redi stributions in binary form must rep roduce the above copyright notice, this list of con ditions a nd the following disclaim er in the docume ntation an d/or other materials provided with the distribution.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 902 TERMS AND CONDITIO NS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 903 by , or on behalf of , the Licensor for th e purpose of discussing and improving the W o rk, but excluding communication that is conspicuously marked or otherwi se designated in writing b y the copyright owner as "Not a Contrib ution.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 904 within the So urce form or doc umentation , if provided along with the Derivati ve W orks; or , within a display gener ated by the Deriv ative W orks, if and wherever such third-party notices norm ally appear .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 905 rights consistent with thi s License. However , in accepting such obligations, Y ou may act only on Y our own behalf and on .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 906 This software consis ts of voluntary contribut ions made by many individ uals on behalf of the Apache Softw are Found ati on. F or more infor mation on the Apache Software F oundation, pleas e see <http://www .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 907 translate to cert ain responsibilities for you if you d istribute copies of the li brary or if you modi fy it. For example, if you distribute copi es of the libr ary , whether gratis or for a fee, you must give the recipients all t he rights that we gav e you.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 908 For examp le, on rare occasions, there may be a special need to encour age the widest possible use of a cert ain library , so that i t becomes a de-facto standard. T o achieve th is, non-free prog rams mus t be allowed to use the lib rary .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 909 are outside its scope. The act of runnin g a progr am using the Libr ary is not restricted, and output from such a progra m is covered only if its contents constitute a work based on the Library (ind ependent of the use of the Library in a tool for writing it).
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 910 3. Y ou may opt to apply the terms of th e ordinary GNU General Public License instead of this License to a given copy of the Libr ary .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 91 1 6. As an except ion to the Sections abov e, you may also combine or link a "work that uses the Library" with the .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 912 7. Y ou may place library facilities that are a work based on the Lib rary side-by -side in a single libr ary together with.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 913 other circumstances. It is not the purpose of this section to induce you t o infringe any patents or other property right cl.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 914 LIBRARY IS WITH Y OU. SHOULD THE LI BRAR Y PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESS ARY SERV ICING, REP AIR OR CORRECTION.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 915 or use pieces of it in new free progra ms; and that y ou know you can do these things . T o protect your right s, we need to make restrictions that forb id anyone to deny you these rights or to ask y ou to surrender the rights.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 916 publish on each copy an appropriate copy right notice and disclaimer of warr anty; keep intact all t he notices that refer to this License and to the absence of any warr anty; and give an y other recipients of the Program a c opy of this License along with the Program.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 917 a) Accompany it with the complete corre sponding machine-readable source c ode, which must be distributed under the te rms o.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 918 herein. Y ou are not responsible for e nforcin g compliance by third p arties to this License.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 919 Our decision will be guided by the two go als of preserving the free status of all derivati ves of our free software and of promoting the s haring and reuse of software gener ally .
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 920 Re distributions in binary f o rm must reproduce the above cop yright notice, this list of conditions and the followi ng disclaim er in the documentation and/or other materials provided with the dis tribution.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 921 This Product includes openldap software under the OpenLdap License The Public License V ersion 2.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 922 This copy of the libpng notices is provided for your con venience. In case of any discrepancy between this copy and the notice s in t he file png.h that is included in the libpng distribution, t he latter shall prev ail.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 923 libpng-0.88, with the fol lowing individuals added to t he list of Contributing Authors: John Bowler Ke v i n B ra c e y Sam Bushell Magnus Holmgren Greg Roelofs To m Ta n n e r libpng versions 0.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 924 format in commercial products. If y ou use this s ource code in a product, acknowledgment is not required but would be appreciated.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 925 1.0.1. "Commercial Use" means distribution or ot herwise making the Covered Code available to a third party . 1.1. "Contributor" means each e ntity that creates or contributes to the creation of Modificati ons.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 926 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modificati ons. When Covered Code is released as a series of files, a Mod ification is: a.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 927 The Initial Developer hereby gr ants Y ou a world-wide, roy alty-free, non-exclusive license, subjec t to third part y intellect ual property claims: a.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 928 The Modifications which Y ou create or to which Y ou contribute are go verned by the terms of this License, including without limitation Section 2.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 929 (b) Contributor APIs If Contributor's Modifications include an application progr amming interface and Contributor has knowledge of patent lice nses which are reason ably necessary to implement that API, Contributor must also include this information in the legal fi le.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 930 alone, not by the Initial Developer or an y Contributor . Y ou hereby agree to indemn ify the Initia l Developer a nd every Contrib utor for any liab ility incurre d by the Initial Developer or such Contributor as a result of any such terms Y ou offer .
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 931 "MOZILLAPL", "MOZPL", "Netscape", "MPL ", "NPL" or any confusingly similar.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 932 payment arr angement are not mutually agr eed upon in writing b y the parties or the litigation claim is not wi thdrawn, the rig hts granted by P articipant to Y ou under Sections 2.
Appendix E Open Software Announcements ZyWALL USG 20/20W User’s Guide 933 11. Miscellaneous This License represents the complete agreement concerning subject matter hereof . If any provision of this License is held to be unenforceab le, such provision shall be reformed only to the extent ne cessary to mak e it enforceable.
Appendix E O pen Software Announcements ZyWALL USG 20/20W User’s Guide 934 The Original Code is ______________________________ ________. The Initial Developer of the Original Code is ________________________. P ortions created by ______________________ are Copyright (C) ______ _______________________.
ZyWALL USG 20/20W User’s Guide 935 A PPENDIX F Legal Information Copyright Copyright © 2011 by Z yXEL Communications Corpor ation. The contents of this publication ma y not be reproduced in an y pa.
Appendix F Legal Informati on ZyWALL USG 20/20W User’s Guide 936 • This device may not cause harmful interference. • This dev ice must acc ept any inte rference received, including interference that may cause undesired operations.
Appendix F Legal Information ZyWALL USG 20/20W User’s Guide 937 Notices Changes or modifications not expressly appro ved by the party responsible for compliance could v oid the user's authority to oper ate the equipment. This Class B digital appar atus complies wi th Canadian ICES-003.
Appendix F Legal Informati on ZyWALL USG 20/20W User’s Guide 938 T o obtain the services of this w arrant y , co ntac t you r vend or . Y ou may al so re fer to the warr anty policy for the region in wh ich you bought the devic e at http:// www .zyxel.
Index ZyWALL USG 20/20W User’s Guide 939 Index Symbols Numerics 3322 Dynamic DNS 331 3DES 416 3G 111 3G see also cellular 239 A AAA Base DN 576 Bind DN 576 , 579 directory structure 575 Distinguishe.
Index ZyWALL USG 20/20W User’s Guide 940 and VPN connections 394 and WWW 650 HOST 555 RANGE 556 SUBNET 556 types of 555 where used 104 address record 640 admin user troubleshooting 735 admin users 5.
Index ZyWALL USG 20/20W User’s Guide 941 double-encoding 484 IIS-backslash-evasion 484 IIS-unicode-codepoint-encoding 484 multi-slash-encoding 484 network -based 38 non-RFC -defined-char 484 non-RFC.
Index ZyWALL USG 20/20W User’s Guide 942 cellular 111 , 239 APN 243 band selection 246 interfaces 218 signal quality 194 , 195 SIM card 244 status 195 system 194 , 19 5 troubleshooting 729 , 730 Cen.
Index ZyWALL USG 20/20W User’s Guide 943 connection troubleshooting 732 connection monitor (in SSL) 19 8 connectivity check 228 , 238 , 24 5 , 270 , 282 , 400 console port 34 speed 636 content filte.
Index ZyWALL USG 20/20W User’s Guide 944 direct routes 301 directory 573 directory service 573 file structure 575 directory trav ersal attack 483 directory trav ersals 483 disclaimer 5 , 935 Disting.
Index ZyWALL USG 20/20W User’s Guide 945 Extended Service Set IDentification. See ESSID. Extended Service S et, See ESS 804 ext-user troubleshooting 735 F false negatives 472 false positives 472 , 4.
Index ZyWALL USG 20/20W User’s Guide 946 Quick Start 3 H H.323 132 , 358 additional signaling port 356 ALG 351 , 358 and firewall 352 and R TP 358 signaling port 356 hidden node 805 HSDPA 244 HT TP .
Index ZyWALL USG 20/20W User’s Guide 947 troubleshooting 729 types 89 interfaces 88 , 107 , 217 and DNS servers 287 and HT TP redirect 350 and layer-3 virtualization 21 8 and NA T 341 and physical p.
Index ZyWALL USG 20/20W User’s Guide 948 transport encapsulation 399 tunnel encapsul ation 399 VPN gateway 394 IPSec SA active protocol 421 and firewall 376 , 733 and to-Z yWALL firewall 73 3 authen.
Index ZyWALL USG 20/20W User’s Guide 949 see also trunks 289 session-oriented 290 spillover 291 tutorial 11 3 weighted round robin 290 local user database 575 log troubleshooting 737 log messages ca.
Index ZyWALL USG 20/20W User’s Guide 950 and address objects 306 and address objects (HOST) 34 1 and ALG 352 , 354 and firewall 382 and interfaces 341 and policy routes 298 , 305 and to-Z yWALL fire.
Index ZyWALL USG 20/20W User’s Guide 951 backup designated (BDR) 318 designated (DR) 318 internal (IR) 317 link state adv ertisemen ts priority 318 types of 317 other documentation 3 OT P (One- Time.
Index ZyWALL USG 20/20W User’s Guide 952 Po st Office Protocol, see POP 522 power off 35 , 725 power on 34 PPP 288 troubleshooting 729 PPP interfaces subnet mask 284 PPPoE 28 8 and RADIUS 288 TCP po.
Index ZyWALL USG 20/20W User’s Guide 953 configuration o verview 105 content filtering 200 daily 680 daily e-mail 680 specifications 186 traffic statistics 183 reset 738 vs reboot 723 RESET button 3.
Index ZyWALL USG 20/20W User’s Guide 954 Service Set IDentity , See SSID. 249 , 251 service subscription status 215 services 561 , 799 and firewall 386 and port triggering 306 subscription 212 where.
Index ZyWALL USG 20/20W User’s Guide 955 SecuExtender 449 see also SSL VPN 427 troubleshooting 734 user application screens 447 user screen bookmarks 444 user screens 437 , 443 user screens access m.
Index ZyWALL USG 20/20W User’s Guide 956 RST 480 SYN (synchronize) 481 SYN flood 481 technical reference 163 Te l n e t 666 and address groups 668 and address objects 668 and zones 668 with SSH 665 .
Index ZyWALL USG 20/20W User’s Guide 957 tutorials 107 U UDP 561 decoder 475 , 483 decoy portscan 480 distributed portscan 480 flood attack 483 messages 561 port numbers 562 portscan 479 portsweep 4.
Index ZyWALL USG 20/20W User’s Guide 958 lockout 550 prerequisites for force user authentication policies 104 reauthentication time 545 types of 539 user (type) 540 user names 542 UTF-8 decode 484 U.
Index ZyWALL USG 20/20W User’s Guide 959 Windows Internet Naming Service, see WINS Windows Internet Naming Service, see WINS. Windows Internet Naming Service.
An important point after buying a device ZyXEL Communications unified security gateway (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications unified security gateway yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications unified security gateway - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications unified security gateway you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications unified security gateway will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications unified security gateway, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications unified security gateway.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications unified security gateway. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications unified security gateway along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
