User Guide
Page 3
...by menu item as defined in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference... Guide Intended Audience This manual is intended for ZyWALL application examples. • Subsequent chapters are needed to configure a feature and how to use that menu item. • To find the information you use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you ...
...by menu item as defined in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference... Guide Intended Audience This manual is intended for ZyWALL application examples. • Subsequent chapters are needed to configure a feature and how to use that menu item. • To find the information you use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you ...
User Guide
Page 5
...the methods listed above, you installed updated firmware/software for contact information. See http://www.zyxel.com/web/contact_us.php for your device. ZyWALL USG 20/20W User's Guide 5 Disclaimer Graphics in this manual is accurate. If you cannot contact your device. • Brief description of the problem.... • Date that the information in which you received your vendor, then contact a ZyXEL office for the region in this book may differ slightly from others who use ZyXEL products and share your vendor. Learn from the product due to differences in operating systems, ...
...the methods listed above, you installed updated firmware/software for contact information. See http://www.zyxel.com/web/contact_us.php for your device. ZyWALL USG 20/20W User's Guide 5 Disclaimer Graphics in this manual is accurate. If you cannot contact your device. • Brief description of the problem.... • Date that the information in which you received your vendor, then contact a ZyXEL office for the region in this book may differ slightly from others who use ZyXEL products and share your vendor. Learn from the product due to differences in operating systems, ...
User Guide
Page 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ... Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ... Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
User Guide
Page 35
...you may temporarily lose access to shut down and then manually turn off or remove the power. It does not stop or start the system processes when you apply configuration files or run shell scripts although you turn off . ZyWALL USG 20/20W User's Guide 35 It does not turn off the ...power. Wait for the device to network resources. The ZyWALL does not stop the system processes or write cached data to the local storage and...
...you may temporarily lose access to shut down and then manually turn off or remove the power. It does not stop or start the system processes when you apply configuration files or run shell scripts although you turn off . ZyWALL USG 20/20W User's Guide 35 It does not turn off the ...power. Wait for the device to network resources. The ZyWALL does not stop the system processes or write cached data to the local storage and...
User Guide
Page 184
... bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User's Guide Please see Table 30 on the number of records shown in this to have to start and when to its last-saved settings. You can click the Refresh button to update it manually in the Traffic Statistics screen. The ...progress is a limit on page 186 for these reports. You cannot schedule data collection; If the ZyWALL has already been collecting data, the collection period displays to the...
... bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User's Guide Please see Table 30 on the number of records shown in this to have to start and when to its last-saved settings. You can click the Refresh button to update it manually in the Traffic Statistics screen. The ...progress is a limit on page 186 for these reports. You cannot schedule data collection; If the ZyWALL has already been collecting data, the collection period displays to the...
User Guide
Page 196
... Unused - To access this screen. Click Use It to stop the ZyWALL from the USB storage device. Deactivated - OutofSpace - the ZyWALL is unmounting the USB storage device. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide Table 37 Monitor > System Status > USB Storage LABEL ...can remove it . none - Filesystem This field displays what percentage that makes. the connected USB storage device was manually unmounted by the ZyWALL. This button is grayed out if the file system is less than the disk space full threshold (see Section 43...
... Unused - To access this screen. Click Use It to stop the ZyWALL from the USB storage device. Deactivated - OutofSpace - the ZyWALL is unmounting the USB storage device. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide Table 37 Monitor > System Status > USB Storage LABEL ...can remove it . none - Filesystem This field displays what percentage that makes. the connected USB storage device was manually unmounted by the ZyWALL. This button is grayed out if the file system is less than the disk space full threshold (see Section 43...
User Guide
Page 197
.... You can use a keyword or regular expression. Search Click this button to search for more details. This field displays N/A if the IPSec SA uses manual keys. ZyWALL USG 20/20W User's Guide 197 Disconnect Select an IPSec SA and click this IPSec SA. Algorithm This field displays the encryption and authentication algorithms used in the...
.... You can use a keyword or regular expression. Search Click this button to search for more details. This field displays N/A if the IPSec SA uses manual keys. ZyWALL USG 20/20W User's Guide 197 Disconnect Select an IPSec SA and click this IPSec SA. Algorithm This field displays the encryption and authentication algorithms used in the...
User Guide
Page 198
...mark or asterisk. 9.13 The SSL Connection Monitor Screen The ZyWALL keeps track of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide There could be any number (of traffic that...SA was established. A VPN connection named "testabc" would not match. A * in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. Use this screen to update the information in the display. 9.12.1 Regular Expressions in Searching ...client portal. This field displays N/A if the IPSec SA uses manual keys.
...mark or asterisk. 9.13 The SSL Connection Monitor Screen The ZyWALL keeps track of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide There could be any number (of traffic that...SA was established. A VPN connection named "testabc" would not match. A * in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. Use this screen to update the information in the display. 9.12.1 Regular Expressions in Searching ...client portal. This field displays N/A if the IPSec SA uses manual keys.
User Guide
Page 203
...manually. Point the triangle up the processing of minutes left before the URLs to remove them from the cache. Remaining Time This is the number of web access requests but will speed up to display the blocked URLs before the URL entry is the index number of content filter cache entries. ZyWALL USG 20/20W... (TTL) (1 to sort the entries. Setting this button to the web site's URL was allowed before discarding it take longer for the ZyWALL to which access was allowed. URL This is to keep an entry in the external content filtering database. This sets how long the...
...manually. Point the triangle up the processing of minutes left before the URLs to remove them from the cache. Remaining Time This is the number of web access requests but will speed up to display the blocked URLs before the URL entry is the index number of content filter cache entries. ZyWALL USG 20/20W... (TTL) (1 to sort the entries. Setting this button to the web site's URL was allowed before discarding it take longer for the ZyWALL to which access was allowed. URL This is to keep an entry in the external content filtering database. This sets how long the...
User Guide
Page 227
... interface, you use alphanumeric characters, hyphens, and underscores, and it can be up to specify the IP address, subnet mask, and gateway manually. Use Fixed IP Address IP Address Subnet Mask Gateway You should be up to the default WAN trunk. The gateway should not select this ... the packet to belong. This is External or General. This option appears when Interface Properties is the MAC address that the Ethernet interface uses. ZyWALL USG 20/20W User's Guide 227 Port This is the same for the interface. You can be on the interface, you may also need to change a...
... interface, you use alphanumeric characters, hyphens, and underscores, and it can be up to specify the IP address, subnet mask, and gateway manually. Use Fixed IP Address IP Address Subnet Mask Gateway You should be up to the default WAN trunk. The gateway should not select this ... the packet to belong. This is External or General. This option appears when Interface Properties is the MAC address that the Ethernet interface uses. ZyWALL USG 20/20W User's Guide 227 Port This is the same for the interface. You can be on the interface, you may also need to change a...
User Guide
Page 230
...names on your network and the IP addresses that you want to send to the DHCP clients. Choices are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide select this static DHCP entry. Static DHCP Table Configure a list of the WINS (Windows Internet Naming Service) server that they are..., Second WINS Server Type the IP address of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using . Select the RIP direction from manually using a bound IP address on page 314 for IP/MAC Binding Violation...
...names on your network and the IP addresses that you want to send to the DHCP clients. Choices are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide select this static DHCP entry. Static DHCP Table Configure a list of the WINS (Windows Internet Naming Service) server that they are..., Second WINS Server Type the IP address of static IP addresses the ZyWALL assigns to computers connected to the interface. Otherwise, the ZyWALL assigns an IP address dynamically using . Select the RIP direction from manually using a bound IP address on page 314 for IP/MAC Binding Violation...
User Guide
Page 231
... Same-as-Area - This field is available if the Authentication is MD5. This section appears when Interface Properties is Text. ZyWALL USG 20/20W User's Guide 231 authenticate OSPF routing information using MD5 encryption This field is available if the Authentication is External or General. By...OSPF. disable authentication Text - As a result, this option to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can not be between 1 and 65...
... Same-as-Area - This field is available if the Authentication is MD5. This section appears when Interface Properties is Text. ZyWALL USG 20/20W User's Guide 231 authenticate OSPF routing information using MD5 encryption This field is available if the Authentication is External or General. By...OSPF. disable authentication Text - As a result, this option to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can not be between 1 and 65...
User Guide
Page 234
...every PPPoE/PPTP interface. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide Disconnect To disconnect an interface, select it and click Remove. You might use the entry. Activate To... page 232 for a Dial-on an entry, select it and click Inactivate. You might use this in testing the interface orto manually establish the connection for an example. # This field is a sequential value, and it is described in testing the interface. Object...
...every PPPoE/PPTP interface. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide Disconnect To disconnect an interface, select it and click Remove. You might use the entry. Activate To... page 232 for a Dial-on an entry, select it and click Inactivate. You might use this in testing the interface orto manually establish the connection for an example. # This field is a sequential value, and it is described in testing the interface. Object...
User Guide
Page 237
... is traffic. Click Show Advanced Settings to display fewer settings. In this button to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. ZyWALL USG 20/20W User's Guide 237 Advance Settings General Settings Enable Interface Select this to enable this if the PPPoE... of configuration Settings / Hide fields. You can be up to have the ZyWALL establish the PPPoE/PPTP connection only when there is read -only. Clear this to specify the IP address manually. ISP Setting Account Profile Select the ISP account that this option if there is...
... is traffic. Click Show Advanced Settings to display fewer settings. In this button to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. ZyWALL USG 20/20W User's Guide 237 Advance Settings General Settings Enable Interface Select this to enable this if the PPPoE... of configuration Settings / Hide fields. You can be up to have the ZyWALL establish the PPPoE/PPTP connection only when there is read -only. Clear this to specify the IP address manually. ISP Setting Account Profile Select the ISP account that this option if there is...
User Guide
Page 239
... is too low or it is unavailable. ZyWALL USG 20/20W User's Guide 239 Chapter 11 Interfaces Table 54 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with...
... is too low or it is unavailable. ZyWALL USG 20/20W User's Guide 239 Chapter 11 Interfaces Table 54 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with...
User Guide
Page 241
Figure 165 Configuration > Network > Interface > Cellular Chapter 11 Interfaces The following screen displays. The ZyWALL confirms you want to remove it is not associated with any interface. Select an entry and click Object References to open a screen where... Reset to return the screen to its last-saved settings. 11.5.1 Cellular Add/Edit Screen To change your changes back to manually establish the connection. ZyWALL USG 20/20W User's Guide 241 See Section 11.3.2 on an entry, select it and click Activate. You might use . Name Extension Slot Connected Device ISP...
Figure 165 Configuration > Network > Interface > Cellular Chapter 11 Interfaces The following screen displays. The ZyWALL confirms you want to remove it is not associated with any interface. Select an entry and click Object References to open a screen where... Reset to return the screen to its last-saved settings. 11.5.1 Cellular Add/Edit Screen To change your changes back to manually establish the connection. ZyWALL USG 20/20W User's Guide 241 See Section 11.3.2 on an entry, select it and click Activate. You might use . Name Extension Slot Connected Device ISP...
User Guide
Page 243
This is the USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Otherwise, it can be... or lesser number of device settings. Then select the profile (use one in the ZyWALL. You can use with a 3G card. ZyWALL USG 20/20W User's Guide 243 You might not nail up to do otherwise). This value specifies... a name for use alphanumeric and characters, and it displays none. The zone determines the security settings the ZyWALL uses for the interface. Connections with a GSM or HSDPA 3G card. Zero disables the idle timeout. Select...
This is the USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Otherwise, it can be... or lesser number of device settings. Then select the profile (use one in the ZyWALL. You can use with a 3G card. ZyWALL USG 20/20W User's Guide 243 You might not nail up to do otherwise). This value specifies... a name for use alphanumeric and characters, and it displays none. The zone determines the security settings the ZyWALL uses for the interface. Connections with a GSM or HSDPA 3G card. Zero disables the idle timeout. Select...
User Guide
Page 246
... the GSM network. This is recommended if you specified when a limit is the network to manually specify the type of 3G service for example when the home network is down , the ZyWALL's 3G Internet connection is also unavailable. If you select this, you may want to which ...(GSM) only to have a GSM network available to use a 2.5G or 2.75G network (respectively). Home network is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Device Settings Device Selection Select the 3G card to you, you are available. Select Home to have the card connect to set a limit...
... the GSM network. This is recommended if you specified when a limit is the network to manually specify the type of 3G service for example when the home network is down , the ZyWALL's 3G Internet connection is also unavailable. If you select this, you may want to which ...(GSM) only to have a GSM network available to use a 2.5G or 2.75G network (respectively). Home network is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Device Settings Device Selection Select the 3G card to you, you are available. Select Home to have the card connect to set a limit...
User Guide
Page 261
... > Add (WPA/WPA2 Security) The following table describes the WPA/WPA2-related wireless LAN security labels. Select Auth Method to be able to manually specify a RADIUS server's settings in this screen instead of the EAP-TLS authentication that you can configure the "default" authentication method object, but...Auth Method. Select Auth Server to be able to specify an authentication method object that uses certificates for authentication. ZyWALL USG 20/20W User's Guide 261 The ZyWALL's default configuration also includes an authentication method object named "default" that defines how the...
... > Add (WPA/WPA2 Security) The following table describes the WPA/WPA2-related wireless LAN security labels. Select Auth Method to be able to manually specify a RADIUS server's settings in this screen instead of the EAP-TLS authentication that you can configure the "default" authentication method object, but...Auth Method. Select Auth Server to be able to specify an authentication method object that uses certificates for authentication. ZyWALL USG 20/20W User's Guide 261 The ZyWALL's default configuration also includes an authentication method object named "default" that defines how the...
User Guide
Page 269
...is enabled if you are reserved.) Enter a description of the IP address is explained in the following table. Select the Ethernet interface on the ZyWALL. It is a DHCP client. Use Fixed IP Address IP Address You should be up to turn this to specify the IP address, subnet... mask, and gateway manually. The subnet mask indicates what part of this button to which the VLAN interface runs. The ZyWALL sends packets to the gateway when it can use a number from 0~4094. ZyWALL USG 20/20W User's Guide 269 Select this if the interface is ...
...is enabled if you are reserved.) Enter a description of the IP address is explained in the following table. Select the Ethernet interface on the ZyWALL. It is a DHCP client. Use Fixed IP Address IP Address You should be up to turn this to specify the IP address, subnet... mask, and gateway manually. The subnet mask indicates what part of this button to which the VLAN interface runs. The ZyWALL sends packets to the gateway when it can use a number from 0~4094. ZyWALL USG 20/20W User's Guide 269 Select this if the interface is ...