User Guide
Page 29
... panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 20/20W User's Guide 29 See Chapter 2 on page 37 for a third WAN connection. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for connecting publicly accessible servers...
... panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 20/20W User's Guide 29 See Chapter 2 on page 37 for a third WAN connection. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for connecting publicly accessible servers...
User Guide
Page 49
... Redirect Set up and manage port forwarding rules. Firewall Firewall Create and manage level-3 traffic rules. VPN IPSec VPN VPN Connection Configure IPSec tunnels. SSL VPN Access Privilege Configure SSL VPN access rights for an installed 3G card. ZyWALL USG 20/20W User's Guide 49 WLAN (For USG 20W only) Configure settings for load balancing and link High Availability (HA). Routing Policy Route Create and manage routing policies. Session Limit Limit the number of IP addresses to set the ZyWALL's flexible ports as LAN1 or DMZ. Zone Configure zones used...
... Redirect Set up and manage port forwarding rules. Firewall Firewall Create and manage level-3 traffic rules. VPN IPSec VPN VPN Connection Configure IPSec tunnels. SSL VPN Access Privilege Configure SSL VPN access rights for an installed 3G card. ZyWALL USG 20/20W User's Guide 49 WLAN (For USG 20W only) Configure settings for load balancing and link High Availability (HA). Routing Policy Route Create and manage routing policies. Session Limit Limit the number of IP addresses to set the ZyWALL's flexible ports as LAN1 or DMZ. Zone Configure zones used...
User Guide
Page 147
... for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. Figure 105 Configuration > Object > User/Group > User > Add 3 Use the Add icon in the Configuration > Object > User/Group > User screen to set up the remaining user accounts in similar fashion. 7.13.2 Create the WLAN Interface 1 Click Configuration > Network > Interface > WLAN > Add to wlan_user. ZyWALL USG 20/20W User's Guide 147 For each WLAN user, set up a user account containing the user name and password the WLAN user needs...
... for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. Figure 105 Configuration > Object > User/Group > User > Add 3 Use the Add icon in the Configuration > Object > User/Group > User screen to set up the remaining user accounts in similar fashion. 7.13.2 Create the WLAN Interface 1 Click Configuration > Network > Interface > WLAN > Add to wlan_user. ZyWALL USG 20/20W User's Guide 147 For each WLAN user, set up a user account containing the user name and password the WLAN user needs...
User Guide
Page 168
... an installed WLAN card is . MAC Address Range This field displays the MAC addresses used to open the screen where you can change it is none. Each physical port has one of the ZyWALL's extension slots or USB ports. Down - Speed / Duplex - This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the status that are currently established. Firmware Version This field displays the version number and...
... an installed WLAN card is . MAC Address Range This field displays the MAC addresses used to open the screen where you can change it is none. Each physical port has one of the ZyWALL's extension slots or USB ports. Down - Speed / Duplex - This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the status that are currently established. Firmware Version This field displays the version number and...
User Guide
Page 170
... disabled or did not receive an IP address and subnet mask via DHCP. This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the interface. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide This shows how many licensed services there are . For Ethernet interfaces: Inactive - Action Extension Slot Slot Device Status Licensed Service Status # Status Name If this interface is a member of the device connected...
... disabled or did not receive an IP address and subnet mask via DHCP. This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the interface. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide This shows how many licensed services there are . For Ethernet interfaces: Inactive - Action Extension Slot Slot Device Status Licensed Service Status # Status Name If this interface is a member of the device connected...
User Guide
Page 182
... connected. The WLAN interface is disabled. This field displays how the interface gets its IP address from a DHCP server. This field displays the current IP address and subnet mask assigned to the network. 182 ZyWALL USG 20/20W User's Guide The Ethernet interface is enabled. DHCP Client - Chapter 9 Monitor Table 28 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Port Status This field displays the physical port number. This interface gets its IP address. Down - This field displays the port speed and duplex setting...
... connected. The WLAN interface is disabled. This field displays how the interface gets its IP address from a DHCP server. This field displays the current IP address and subnet mask assigned to the network. 182 ZyWALL USG 20/20W User's Guide The Ethernet interface is enabled. DHCP Client - Chapter 9 Monitor Table 28 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Port Status This field displays the physical port number. This interface gets its IP address. Down - This field displays the port speed and duplex setting...
User Guide
Page 223
... IP address of the interface. Click Apply to save your changes back to open a screen that uses the object whenever the interface's IP address settings change LAN1's IP address, the ZyWALL automatically updates the corresponding interface-based, LAN1 subnet address object. ZyWALL USG 20/20W User's Guide 223 To remove a virtual interface, select it is a static IP address (STATIC) or dynamically assigned (DHCP). To turn on page 222.) The WAN interface's Edit > Configuration screen is shown here as an example. If the IP address is inactive. To access...
... IP address of the interface. Click Apply to save your changes back to open a screen that uses the object whenever the interface's IP address settings change LAN1's IP address, the ZyWALL automatically updates the corresponding interface-based, LAN1 subnet address object. ZyWALL USG 20/20W User's Guide 223 To remove a virtual interface, select it is a static IP address (STATIC) or dynamically assigned (DHCP). To turn on page 222.) The WAN interface's Edit > Configuration screen is shown here as an example. If the IP address is inactive. To access...
User Guide
Page 238
... number of consecutive failures before the attempt is reserved for this to it into smaller fragments. Ingress Bandwidth This is a failure. Check Timeout Enter the number of each data packet, in kilobits per second, the ZyWALL can send through the gateway. Type the maximum size of seconds to use . Gateway Check this address Check Port Select this interface. Specify the port number to wait for a TCP connectivity check. 238 ZyWALL USG 20/20W User's Guide...
... number of consecutive failures before the attempt is reserved for this to it into smaller fragments. Ingress Bandwidth This is a failure. Check Timeout Enter the number of each data packet, in kilobits per second, the ZyWALL can send through the gateway. Type the maximum size of seconds to use . Gateway Check this address Check Port Select this interface. Specify the port number to wait for a TCP connectivity check. 238 ZyWALL USG 20/20W User's Guide...
User Guide
Page 243
... for the interface. Enter a description of configuration fields. Zero disables the idle timeout. ZyWALL USG 20/20W User's Guide 243 Select Custom to configure your ISP instructed you to use alphanumeric and characters, and it displays none. Enter the APN from the ISP's server. Select Device to do otherwise). Select the zone to which you are allowed. Then select the profile (use with a 3G card. You can...
... for the interface. Enter a description of configuration fields. Zero disables the idle timeout. ZyWALL USG 20/20W User's Guide 243 Select Custom to configure your ISP instructed you to use alphanumeric and characters, and it displays none. Enter the APN from the ISP's server. Select Device to do otherwise). Select the zone to which you are allowed. Then select the profile (use with a 3G card. You can...
User Guide
Page 254
... security or WEP security and click Advanced. It is 1812). Virtual Access Point Settings SSID (Service Set IDentity) The SSID identifies the Service Set with one another. Maximum Associations Specify the highest number of security to turn on the external authentication server and ZyWALL. 254 ZyWALL USG 20/20W User's Guide WLAN Security Settings Security Type Use this field to select the type of wireless clients that is difficult to which a wireless station is not sent over the network. Enter the IP address of this wireless LAN interface. The key...
... security or WEP security and click Advanced. It is 1812). Virtual Access Point Settings SSID (Service Set IDentity) The SSID identifies the Service Set with one another. Maximum Associations Specify the highest number of security to turn on the external authentication server and ZyWALL. 254 ZyWALL USG 20/20W User's Guide WLAN Security Settings Security Type Use this field to select the type of wireless clients that is difficult to which a wireless station is not sent over the network. Enter the IP address of this wireless LAN interface. The key...
User Guide
Page 262
.... Idle Timeout Group Key Update Timer Note: If wireless station authentication is allowed. The ZyWALL automatically disconnects a wireless station from accessing the ZyWALL (deny association) based on a periodic basis. You need to know the MAC addresses of automatically changing the group key for USG 20W only. The MAC filter allows you set the filter to be the same on the RADIUS server has priority. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter...
.... Idle Timeout Group Key Update Timer Note: If wireless station authentication is allowed. The ZyWALL automatically disconnects a wireless station from accessing the ZyWALL (deny association) based on a periodic basis. You need to know the MAC addresses of automatically changing the group key for USG 20W only. The MAC filter allows you set the filter to be the same on the RADIUS server has priority. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter...
User Guide
Page 270
.... DHCP Setting The DHCP settings are 576 - 1500. If a larger packet arrives, the ZyWALL divides it is 1500. Connectivity Check The ZyWALL can send through the interface. The ZyWALL decides which gateway to the network. Interface Parameters Egress Bandwidth Enter the maximum amount of seconds between connection check attempts. Check Fail Tolerance Enter the number of consecutive failures before the attempt is reserved for the OPT, LAN and DMZ interfaces. 270 ZyWALL USG 20/20W User's Guide...
.... DHCP Setting The DHCP settings are 576 - 1500. If a larger packet arrives, the ZyWALL divides it is 1500. Connectivity Check The ZyWALL can send through the interface. The ZyWALL decides which gateway to the network. Interface Parameters Egress Bandwidth Enter the maximum amount of seconds between connection check attempts. Check Fail Tolerance Enter the number of consecutive failures before the attempt is reserved for the OPT, LAN and DMZ interfaces. 270 ZyWALL USG 20/20W User's Guide...
User Guide
Page 282
... a description to an Ethernet 282 ZyWALL USG 20/20W User's Guide Check Period Enter the number of consecutive failures before the ZyWALL stops routing through the gateway. Check Fail Tolerance Enter the number of seconds between connection check attempts. To access this screen, click an Add icon next to help identify this entry's MAC address. IP Address Enter the IP address to assign to a device with the gateway you set the Check Method to it. Enter that the gateway allows. This field...
... a description to an Ethernet 282 ZyWALL USG 20/20W User's Guide Check Period Enter the number of consecutive failures before the ZyWALL stops routing through the gateway. Check Fail Tolerance Enter the number of seconds between connection check attempts. To access this screen, click an Add icon next to help identify this entry's MAC address. IP Address Enter the IP address to assign to a device with the gateway you set the Check Method to it. Enter that the gateway allows. This field...
User Guide
Page 310
... client computer's IP address. Port triggering is listed in from the remote server, the ZyWALL forwards the traffic to request a service (incoming service). The ZyWALL records the IP address of the client computer that sent the request. Chapter 13 Policy and Static Routes following example, you configure two services for each client computer. When the ZyWALL receives a new connection (trigger service) from the remote server) to game server 1 using a port number ranging between 5670 - 5678. The ZyWALL allows and forwards the traffic to take turns using a different port...
... client computer's IP address. Port triggering is listed in from the remote server, the ZyWALL forwards the traffic to request a service (incoming service). The ZyWALL records the IP address of the client computer that sent the request. Chapter 13 Policy and Static Routes following example, you configure two services for each client computer. When the ZyWALL receives a new connection (trigger service) from the remote server) to game server 1 using a port number ranging between 5670 - 5678. The ZyWALL allows and forwards the traffic to take turns using a different port...
User Guide
Page 342
... Port. For users connected to the same interface as the Mapped IP device, the ZyWALL uses that interface's IP address as the source address for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to also access the server. Port Mapping Type Use the drop-down list box to select how many original destination ports this NAT rule only applies to packets received on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide...
... Port. For users connected to the same interface as the Mapped IP device, the ZyWALL uses that interface's IP address as the source address for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to also access the server. Port Mapping Type Use the drop-down list box to select how many original destination ports this NAT rule only applies to packets received on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide...
User Guide
Page 420
... ZyWALL to provide a user name and password to establish a VPN tunnel, the authentication fails because it depends on the standard(s) the ZyWALL and remote IPSec router support. If you configure router A to check a user name and password that is AH, you can set up NAT traversal. • Enable NAT traversal on the ZyWALL and remote IPSec router. • Configure the NAT router to forward packets with telecommuters. If router A has this problem by the remote IPSec router. The routers cannot establish a VPN...
... ZyWALL to provide a user name and password to establish a VPN tunnel, the authentication fails because it depends on the standard(s) the ZyWALL and remote IPSec router support. If you configure router A to check a user name and password that is AH, you can set up NAT traversal. • Enable NAT traversal on the ZyWALL and remote IPSec router. • Configure the NAT router to forward packets with telecommuters. If router A has this problem by the remote IPSec router. The routers cannot establish a VPN...
User Guide
Page 438
... connection to the ZyWALL to access the login screen. If instructed by your network administrator). Chapter 25 SSL User Screens System Requirements Here are shown. 438 ZyWALL USG 20/20W User's Guide Example screens for Internet Explorer are the browser and computer system requirements for more information. Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address...
... connection to the ZyWALL to access the login screen. If instructed by your network administrator). Chapter 25 SSL User Screens System Requirements Here are shown. 438 ZyWALL USG 20/20W User's Guide Example screens for Internet Explorer are the browser and computer system requirements for more information. Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address...
User Guide
Page 557
... the interface's IP address settings change ge1's IP address, the ZyWALL automatically updates the corresponding interface-based, LAN subnet address object. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be blank. This value is RANGE. This field is only available if the Address Type is case-sensitive. This field cannot be a number. Enter the IP address of the network that this address object represents. ZyWALL USG 20/20W User's Guide...
... the interface's IP address settings change ge1's IP address, the ZyWALL automatically updates the corresponding interface-based, LAN subnet address object. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be blank. This value is RANGE. This field is only available if the Address Type is case-sensitive. This field cannot be a number. Enter the IP address of the network that this address object represents. ZyWALL USG 20/20W User's Guide...
User Guide
Page 947
gateway 285 general characteristics 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 where used 96 WLAN 218 Internet access troubleshooting 728, 734 Internet Control Message Protocol, see ICMP Internet Explorer 43 Internet Message Access Protocol, see IMAP 522 Internet Protocol Security, see IPSec IP alias, see...
gateway 285 general characteristics 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 where used 96 WLAN 218 Internet access troubleshooting 728, 734 Internet Control Message Protocol, see ICMP Internet Explorer 43 Internet Message Access Protocol, see IMAP 522 Internet Protocol Security, see IPSec IP alias, see...
User Guide
Page 957
... onboard flash 169 sessions 169, 173 user accounts for WLAN 147, 541 user authentication 539 external 540 local user database 575 user awareness 541 User Datagram Protocol, see UDP user group objects 539 user groups 539, 541 and content filtering 487 and firewall 386, 389 and policy routes 303, 304, 462, 464 ZyWALL USG 20/20W User's Guide Index configuration overview 104 user name rules 542 user objects 539 user portal links 615...
... onboard flash 169 sessions 169, 173 user accounts for WLAN 147, 541 user authentication 539 external 540 local user database 575 user awareness 541 User Datagram Protocol, see UDP user group objects 539 user groups 539, 541 and content filtering 487 and firewall 386, 389 and policy routes 303, 304, 462, 464 ZyWALL USG 20/20W User's Guide Index configuration overview 104 user name rules 542 user objects 539 user portal links 615...