User Guide
Page 2
... is recommended you use the Command-Line Interface (CLI) to configure the ZyWALL. • Web Configurator Online Help Click the help icon in Windows 7 Video Example 85 Bandwidth Management Video Example 100 AppPatrol Video Example 117 2 ZyWALL USG100-PLUS User's Guide KEEP THIS GUIDE FOR FUTURE REFERENCE. Videos Web... IPv6-in-IPv4 Tunnel Video Example 42 Content Filtering Video Example 56 ZyWALL IPSec VPN Client Configuration Provisioning Video Example 72 SSL VPN Video Example 74 Configuring L2TP VPN on the ZyWALL Video Example 80 Configuring L2TP VPN in any screen for help for ...
... is recommended you use the Command-Line Interface (CLI) to configure the ZyWALL. • Web Configurator Online Help Click the help icon in Windows 7 Video Example 85 Bandwidth Management Video Example 100 AppPatrol Video Example 117 2 ZyWALL USG100-PLUS User's Guide KEEP THIS GUIDE FOR FUTURE REFERENCE. Videos Web... IPv6-in-IPv4 Tunnel Video Example 42 Content Filtering Video Example 56 ZyWALL IPSec VPN Client Configuration Provisioning Video Example 72 SSL VPN Video Example 74 Configuring L2TP VPN on the ZyWALL Video Example 80 Configuring L2TP VPN in any screen for help for ...
User Guide
Page 4
... Configure Bandwidth Management 93 5.2 How to Configure a Trunk for WAN Load Balancing 100 5.3 How to Use Multiple Static Public WAN IP Addresses for LAN-to-WAN Traffic 103 5.4 How to Configure DNS Inbound Load Balancing 104 5.5 How to Allow Public Access to a Web Server 106 5.6 How to Manage Voice... Server to Authenticate User Accounts based on Groups 122 6.3 How to Use SSH for Secure Telnet Access 123 6.4 How to Manage ZyWALL Configuration Files 124 6.5 How to Manage ZyWALL Firmware 125 6.6 How to Download and Upload a Shell Script 126 6.7 How to Save System Logs to a USB Storage ...
... Configure Bandwidth Management 93 5.2 How to Configure a Trunk for WAN Load Balancing 100 5.3 How to Use Multiple Static Public WAN IP Addresses for LAN-to-WAN Traffic 103 5.4 How to Configure DNS Inbound Load Balancing 104 5.5 How to Allow Public Access to a Web Server 106 5.6 How to Manage Voice... Server to Authenticate User Accounts based on Groups 122 6.3 How to Use SSH for Secure Telnet Access 123 6.4 How to Manage ZyWALL Configuration Files 124 6.5 How to Manage ZyWALL Firmware 125 6.6 How to Download and Upload a Shell Script 126 6.7 How to Save System Logs to a USB Storage ...
User Guide
Page 12
... Status Displays general interface information and packet statistics. AppPatrol Statistics Displays bandwidth and protocol statistics. VPN Monitor IPSec Displays and manages the active IPSec SAs. Log Lists log entries. 12 ZyWALL USG100-PLUS User's Guide IP/MAC Binding Lists the devices that the ZyWALL has detected. Login Users Lists the users currently logged into...
... Status Displays general interface information and packet statistics. AppPatrol Statistics Displays bandwidth and protocol statistics. VPN Monitor IPSec Displays and manages the active IPSec SAs. Log Lists log entries. 12 ZyWALL USG100-PLUS User's Guide IP/MAC Binding Lists the devices that the ZyWALL has detected. Login Users Lists the users currently logged into...
User Guide
Page 14
... Configuration Provisioning Set who can retrieve VPN rule settings from the ZyWALL using the ZyWALL IPSec VPN Client. Global Setting Configure the ZyWALL's SSL VPN settings that bypass content filtering policies. IM Manage instant messenger traffic. Streaming Manage streaming traffic. BWM BWM Enable and configure bandwidth management rules. Black/White List Set up a black list to identify...
... Configuration Provisioning Set who can retrieve VPN rule settings from the ZyWALL using the ZyWALL IPSec VPN Client. Global Setting Configure the ZyWALL's SSL VPN settings that bypass content filtering policies. IM Manage instant messenger traffic. Streaming Manage streaming traffic. BWM BWM Enable and configure bandwidth management rules. Black/White List Set up a black list to identify...
User Guide
Page 93
... on page 113 5.1 How to the WAN. The ZyWALL applies bandwidth management before sending the packets out a WAN interface. • Inbound traffic comes back from LAN1 and goes to Configure Bandwidth Management Bandwidth management is initiated from the WAN to the LAN1 device. For... example, a LAN1 to WAN connection is very useful when applications are competing for limited bandwidth. ZyWALL USG100-PLUS User's Guide 93 You can...
... on page 113 5.1 How to the WAN. The ZyWALL applies bandwidth management before sending the packets out a WAN interface. • Inbound traffic comes back from LAN1 and goes to Configure Bandwidth Management Bandwidth management is initiated from the WAN to the LAN1 device. For... example, a LAN1 to WAN connection is very useful when applications are competing for limited bandwidth. ZyWALL USG100-PLUS User's Guide 93 You can...
User Guide
Page 94
... a 50 Mbps downstream and 5 Mbps upstream VDSL line and you prefer to configure specific bandwidth management rules for SIP Traffic. Table 9 50 Mbps / 5 Mbps Connection Any to (or ... support. See the following section if you want to allocate bandwidth for the following: • SIP: Up to 10 simultaneous 100 Kbps calls guaranteed • Video conferencing: Up to 10 ...'s upstream (egress) bandwidth to be equal to WAN Bandwidth Allocation Example GUARANTEED K / MAXIMUM K OR MAX B.U. Enable Maximize Bandwidth Usage (Max B.U.) on the LAN or DMZ. 94 ZyWALL USG100-PLUS User's Guide...
... a 50 Mbps downstream and 5 Mbps upstream VDSL line and you prefer to configure specific bandwidth management rules for SIP Traffic. Table 9 50 Mbps / 5 Mbps Connection Any to (or ... support. See the following section if you want to allocate bandwidth for the following: • SIP: Up to 10 simultaneous 100 Kbps calls guaranteed • Video conferencing: Up to 10 ...'s upstream (egress) bandwidth to be equal to WAN Bandwidth Allocation Example GUARANTEED K / MAXIMUM K OR MAX B.U. Enable Maximize Bandwidth Usage (Max B.U.) on the LAN or DMZ. 94 ZyWALL USG100-PLUS User's Guide...
User Guide
Page 95
...In the Add Policy screen, select Enable and type SIP Any-to-WAN as the outgoing interface. Leave the incoming interface to -WAN Bandwidth Management Example • Set inbound guaranteed and maximum rates as the service type. Note: Use App Patrol Service for the HTTP traffic in both... more than they upload to the Internet. • Set fourth highest priority (4) for the services classified by the ZyWALL's IDP packet inspection signatures. Click OK. Set the inbound and outbound guaranteed bandwidth to 1000 (kbps) and maximum bandwidth to 2000 kbps. ZyWALL USG100-PLUS User's Guide 95
...In the Add Policy screen, select Enable and type SIP Any-to-WAN as the outgoing interface. Leave the incoming interface to -WAN Bandwidth Management Example • Set inbound guaranteed and maximum rates as the service type. Note: Use App Patrol Service for the HTTP traffic in both... more than they upload to the Internet. • Set fourth highest priority (4) for the services classified by the ZyWALL's IDP packet inspection signatures. Click OK. Set the inbound and outbound guaranteed bandwidth to 1000 (kbps) and maximum bandwidth to 2000 kbps. ZyWALL USG100-PLUS User's Guide 95
User Guide
Page 96
...to 10240 (kbps) and set priority 4. Set the guaranteed inbound bandwidth to 46080 (kbps). Chapter 5 Managing Traffic Figure 36 HTTP Any-to-WAN Bandwidth Management Example Outbound: Bandwidth not managed BWM Inbound: 10240 kbps guaranteed 46080 kbps maximum 1 In the ...Configuration > BWM screen, click Add. 2 In the Add Policy screen, select Enable and type HTTP Any-to-WAN as the outgoing interface. Set the outbound priority to 4. Click OK. 96 ZyWALL...
...to 10240 (kbps) and set priority 4. Set the guaranteed inbound bandwidth to 46080 (kbps). Chapter 5 Managing Traffic Figure 36 HTTP Any-to-WAN Bandwidth Management Example Outbound: Bandwidth not managed BWM Inbound: 10240 kbps guaranteed 46080 kbps maximum 1 In the ...Configuration > BWM screen, click Add. 2 In the Add Policy screen, select Enable and type HTTP Any-to-WAN as the outgoing interface. Set the outbound priority to 4. Click OK. 96 ZyWALL...
User Guide
Page 97
... the DMZ FTP server but up to 10240 kbps outbound for the FTP traffic. ZyWALL USG100-PLUS User's Guide 97 Select wan1 as the incoming interface and dmz as the service type. Figure 37 FTP WAN-to-DMZ Bandwidth Management Example Outbound: 5120 kbps guaranteed 10240 kbps maximum BWM BWM Inbound: 792 kbps... Enable and type FTP WAN-to the DMZ FTP server. • Set the fifth highest priority (5) for uploading to -DMZ as the policy's name. Chapter 5 Managing Traffic 5.1.6 FTP WAN-to-DMZ Bandwidth Management Example Suppose the office has an FTP server on the DMZ.
... the DMZ FTP server but up to 10240 kbps outbound for the FTP traffic. ZyWALL USG100-PLUS User's Guide 97 Select wan1 as the incoming interface and dmz as the service type. Figure 37 FTP WAN-to-DMZ Bandwidth Management Example Outbound: 5120 kbps guaranteed 10240 kbps maximum BWM BWM Inbound: 792 kbps... Enable and type FTP WAN-to the DMZ FTP server. • Set the fifth highest priority (5) for uploading to -DMZ as the policy's name. Chapter 5 Managing Traffic 5.1.6 FTP WAN-to-DMZ Bandwidth Management Example Suppose the office has an FTP server on the DMZ.
User Guide
Page 98
Chapter 5 Managing Traffic 5.1.7 FTP LAN-to-DMZ Bandwidth Management Example FTP traffic from the LAN1 to the DMZ can use more bandwidth since the interfaces support up to 1 Gbps connections, but give it lower priority and limit it to avoid interference with other traffic. • Limit both outbound and inbound traffic to -DMZ Bandwidth Management Example BWM Inbound: 50 Mbps Outbound: 50 Mbps BWM 98 ZyWALL USG100-PLUS User's Guide Figure 38 FTP LAN-to 50 Mbps. • Set fifth highest priority (5) for the FTP traffic.
Chapter 5 Managing Traffic 5.1.7 FTP LAN-to-DMZ Bandwidth Management Example FTP traffic from the LAN1 to the DMZ can use more bandwidth since the interfaces support up to 1 Gbps connections, but give it lower priority and limit it to avoid interference with other traffic. • Limit both outbound and inbound traffic to -DMZ Bandwidth Management Example BWM Inbound: 50 Mbps Outbound: 50 Mbps BWM 98 ZyWALL USG100-PLUS User's Guide Figure 38 FTP LAN-to 50 Mbps. • Set fifth highest priority (5) for the FTP traffic.
User Guide
Page 99
Do not select the Maximize Bandwidth Usage. Click Apply. ZyWALL USG100-PLUS User's Guide 99 Click OK. Finally, in the BWM screen, select Enable BWM. Select lan1 as the incoming interface and dmz as the policy's name. Type 10240 (kbps) with priority 5 for both the inbound and outbound guaranteed bandwidth. Chapter 5 Managing Traffic 1 In the Configuration > BWM screen, click Add. 2 In the Add Policy screen, select Enable and type FTP LAN-to 51200 (kbps). Select App Patrol Service and ftp as the service type. Set the maximum to -DMZ as the outgoing interface.
Do not select the Maximize Bandwidth Usage. Click Apply. ZyWALL USG100-PLUS User's Guide 99 Click OK. Finally, in the BWM screen, select Enable BWM. Select lan1 as the incoming interface and dmz as the policy's name. Type 10240 (kbps) with priority 5 for both the inbound and outbound guaranteed bandwidth. Chapter 5 Managing Traffic 1 In the Configuration > BWM screen, click Add. 2 In the Add Policy screen, select Enable and type FTP LAN-to 51200 (kbps). Select App Patrol Service and ftp as the service type. Set the maximum to -DMZ as the outgoing interface.
User Guide
Page 100
...two WAN connections to play this video. Chapter 5 Managing Traffic 5.1.8 Bandwidth Management Video Example Use Adobe Reader 9 or later or a recent version of Foxit Reader to the Internet. The application patrol service uses the ZyWALL's IDP packet inspection signatures to classify services. 5.2 ...cellular1) 100 ZyWALL USG100-PLUS User's Guide After clicking play again. 5.1.9 What Can Go Wrong? • The "outbound" in the guaranteed bandwidth settings apply to traffic going from the connection initiator to use App Patrol Service as the service type in the bandwidth management rules....
...two WAN connections to play this video. Chapter 5 Managing Traffic 5.1.8 Bandwidth Management Video Example Use Adobe Reader 9 or later or a recent version of Foxit Reader to the Internet. The application patrol service uses the ZyWALL's IDP packet inspection signatures to classify services. 5.2 ...cellular1) 100 ZyWALL USG100-PLUS User's Guide After clicking play again. 5.1.9 What Can Go Wrong? • The "outbound" in the guaranteed bandwidth settings apply to traffic going from the connection initiator to use App Patrol Service as the service type in the bandwidth management rules....
User Guide
Page 101
...ZyWALL USG100-PLUS User's Guide 101 Figure 39 Trunk Example For Dual WANs wan1: 1 Mbps wan2: 512 Kbps Figure 40 Trunk Example For WAN and 3G Interface wan1: 1 Mbps cellular1: 512 Kbps You do not have different bandwidth...) in the Egress Bandwidth field. Enter the available bandwidth (1000 kbps) in a 2:1 ratio. As these connections have to change many of the ZyWALL's settings from the ...load balancing settings. 5.2.1 Set Up Available Bandwidth on Ethernet Interfaces Here is how to set up the outgoing bandwidth on how much traffic the ZyWALL tries to set a limit on each WAN...
...ZyWALL USG100-PLUS User's Guide 101 Figure 39 Trunk Example For Dual WANs wan1: 1 Mbps wan2: 512 Kbps Figure 40 Trunk Example For WAN and 3G Interface wan1: 1 Mbps cellular1: 512 Kbps You do not have different bandwidth...) in the Egress Bandwidth field. Enter the available bandwidth (1000 kbps) in a 2:1 ratio. As these connections have to change many of the ZyWALL's settings from the ...load balancing settings. 5.2.1 Set Up Available Bandwidth on Ethernet Interfaces Here is how to set up the outgoing bandwidth on how much traffic the ZyWALL tries to set a limit on each WAN...
User Guide
Page 102
Chapter 5 Managing Traffic 2 Repeat the process to set the egress bandwidth for wan2 to 512 Kbps. 3 For 3G interface settings, go to Weighted Round Robin. Double-click the cellular1 entry and set the egress bandwidth for cellular1 to 512 Kbps. 5.2.2 Configure the WAN Trunk 1 Click Configuration > Network > Interface > Trunk. Add wan1 and enter 2 in... and set the Load Balancing Algorithm field to Configuration > Network > Interface > Cellular. Add wan2 (or cellular1) and enter 1 in the Weight column. Click OK. 102 ZyWALL USG100-PLUS User's Guide
Chapter 5 Managing Traffic 2 Repeat the process to set the egress bandwidth for wan2 to 512 Kbps. 3 For 3G interface settings, go to Weighted Round Robin. Double-click the cellular1 entry and set the egress bandwidth for cellular1 to 512 Kbps. 5.2.2 Configure the WAN Trunk 1 Click Configuration > Network > Interface > Trunk. Add wan1 and enter 2 in... and set the Load Balancing Algorithm field to Configuration > Network > Interface > Cellular. Add wan2 (or cellular1) and enter 1 in the Weight column. Click OK. 102 ZyWALL USG100-PLUS User's Guide