User Guide
Page 37
... load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. As a result, it is much simpler to change security settings in the ZyWALL. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. Flexible Security Zones...
... load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. As a result, it is much simpler to change security settings in the ZyWALL. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. Flexible Security Zones...
User Guide
Page 77
... (dial-in Figure 39 on the left of the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. ZyWALL USG 20/20W User's Guide 77 The clients have dynamic IP addresses and are also known as shown in user) and can ...initiate the VPN tunnel. • Remote Access (Server Role) - Choose this if the remote IPSec device has a static IP address or a...
... (dial-in Figure 39 on the left of the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. ZyWALL USG 20/20W User's Guide 77 The clients have dynamic IP addresses and are also known as shown in user) and can ...initiate the VPN tunnel. • Remote Access (Server Role) - Choose this if the remote IPSec device has a static IP address or a...
User Guide
Page 81
... underscores (_), or dashes (-), but the first character cannot be a number. ZyWALL USG 20/20W User's Guide 81 Select the scenario that best describes your intended VPN connection. Choose this VPN connection (and VPN gateway). Scenario Click the Advanced radio button as dial-in Figure 39 on the...has a dynamic IP address. The figure on page 76 to -site - Only the remote IPSec device can initiate the VPN tunnel. This ZyWALL can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this to...
... underscores (_), or dashes (-), but the first character cannot be a number. ZyWALL USG 20/20W User's Guide 81 Select the scenario that best describes your intended VPN connection. Choose this VPN connection (and VPN gateway). Scenario Click the Advanced radio button as dial-in Figure 39 on the...has a dynamic IP address. The figure on page 76 to -site - Only the remote IPSec device can initiate the VPN tunnel. This ZyWALL can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this to...
User Guide
Page 84
...IP address of a computer on the remote IPSec device. • Nailed-Up: This displays for the site-to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to enable PFS. You can also ...data. SHA-1 gives higher security. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel. • Perfect Forward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is more secure...) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/20W User's Guide
...IP address of a computer on the remote IPSec device. • Nailed-Up: This displays for the site-to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to enable PFS. You can also ...data. SHA-1 gives higher security. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel. • Perfect Forward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is more secure...) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/20W User's Guide
User Guide
Page 101
... the firewall rules in the sequence. 6.5.14 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 20/20W User's Guide 101 The ZyWALL also offers hub-and-spoke VPN. you have configured. • You don't need to specify the schedule...
... the firewall rules in the sequence. 6.5.14 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 20/20W User's Guide 101 The ZyWALL also offers hub-and-spoke VPN. you have configured. • You don't need to specify the schedule...
User Guide
Page 119
... (AH) or 51 (ESP). Under VPN Gateway select Site-to the IPSec_VPN zone. Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on zones. ZyWALL USG 20/20W User's Guide 119 Chapter 7 Tutorials 4 Enable the VPN connection and name it ("VPN_CONN_EXAMPLE"). To trigger the VPN, either try to establish the VPN tunnel. Under Policy, select LAN1_SUBNET...
... (AH) or 51 (ESP). Under VPN Gateway select Site-to the IPSec_VPN zone. Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on zones. ZyWALL USG 20/20W User's Guide 119 Chapter 7 Tutorials 4 Enable the VPN connection and name it ("VPN_CONN_EXAMPLE"). To trigger the VPN, either try to establish the VPN tunnel. Under Policy, select LAN1_SUBNET...
User Guide
Page 391
...to transport traffic over the Internet or any insecure network that offers flexible solutions for communication. ZyWALL USG 20/20W User's Guide 391 A secure VPN is a standards-based VPN that uses TCP/IP for secure data communications across a public network like the Internet. These...8226; Use the VPN Connection screens (see Section 23.2 on page 394) to -site lines. CHAPTER 23 IPSec VPN 23.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to specify which VPN gateway a VPN connection policy uses ...
...to transport traffic over the Internet or any insecure network that offers flexible solutions for communication. ZyWALL USG 20/20W User's Guide 391 A secure VPN is a standards-based VPN that uses TCP/IP for secure data communications across a public network like the Internet. These...8226; Use the VPN Connection screens (see Section 23.2 on page 394) to -site lines. CHAPTER 23 IPSec VPN 23.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to specify which VPN gateway a VPN connection policy uses ...
User Guide
Page 393
... clients connect. ZyWALL USG 20/20W User's Guide 393 This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. Finding Out More • See Section 6.5.14 on page 101 for related information on these screens. Choose this ZyWALL has a static IP address or a domain name. Table 113 IPSec VPN Application Scenarios SITE-TO-SITE SITE-TO-SITE WITH REMOTE...
... clients connect. ZyWALL USG 20/20W User's Guide 393 This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. Finding Out More • See Section 6.5.14 on page 101 for related information on these screens. Choose this ZyWALL has a static IP address or a domain name. Table 113 IPSec VPN Application Scenarios SITE-TO-SITE SITE-TO-SITE WITH REMOTE...
User Guide
Page 398
...this check box if you want the ZyWALL to use . 398 ZyWALL USG 20/20W User's Guide Site-to an IPSec server. Nailed-Up Select this to connect to -site with a LAN. This ZyWALL is to use 1-31 alphanumeric characters,... underscores(_), or dashes (-), but the first character cannot be necessary to allow NetBIOS packets to find computers on the remote network and vice versa. Chapter 23 IPSec VPN...
...this check box if you want the ZyWALL to use . 398 ZyWALL USG 20/20W User's Guide Site-to an IPSec server. Nailed-Up Select this to connect to -site with a LAN. This ZyWALL is to use 1-31 alphanumeric characters,... underscores(_), or dashes (-), but the first character cannot be necessary to allow NetBIOS packets to find computers on the remote network and vice versa. Chapter 23 IPSec VPN...
User Guide
Page 428
... page 101 for the IP addresses of the local computer, server, or web site SSL users are not removed. If you update this SSL access policy. Configure an SSL application object to the VPN connection users. Configure an address object that use the object(s). You cannot delete ...to assign to access. Configure address objects for related information on these screens. • See Section 24.4 on SSL application objects. 428 ZyWALL USG 20/20W User's Guide When you must first unassociate the object from the SSL access policy. To delete the object, you delete an SSL policy,...
... page 101 for the IP addresses of the local computer, server, or web site SSL users are not removed. If you update this SSL access policy. Configure an SSL application object to the VPN connection users. Configure an address object that use the object(s). You cannot delete ...to assign to access. Configure address objects for related information on these screens. • See Section 24.4 on SSL application objects. 428 ZyWALL USG 20/20W User's Guide When you must first unassociate the object from the SSL access policy. To delete the object, you delete an SSL policy,...
User Guide
Page 437
... local network. ZyWALL USG 20/20W User's Guide 437 CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN screens. With the ZyWALL SecuExtender, you have successfully logged in through the ZyWALL, you can access resources on the ZyWALL SecuExtender. Network Resource Access Methods As a remote user, you can access intranet sites, web...
... local network. ZyWALL USG 20/20W User's Guide 437 CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN screens. With the ZyWALL SecuExtender, you have successfully logged in through the ZyWALL, you can access resources on the ZyWALL SecuExtender. Network Resource Access Methods As a remote user, you can access intranet sites, web...
User Guide
Page 439
... 25 SSL User Screens 1 Open a web browser and enter the web site address or IP address of your login account. Figure 260 Login Security Screen 3 A login screen displays. Enter the user name and password of the ZyWALL. If a token password is also required, enter it in the One-Time...4 Click SSL VPN to access network resources. Figure 259 Enter the Address in and establish an SSL VPN connection to the network to log in a Web Browser 2 Click OK or Yes if a security screen displays. For example, "http://sslvpn.mycompany.com". Figure 261 Login Screen ZyWALL USG 20/20W User's Guide ...
... 25 SSL User Screens 1 Open a web browser and enter the web site address or IP address of your login account. Figure 260 Login Security Screen 3 A login screen displays. Enter the user name and password of the ZyWALL. If a token password is also required, enter it in the One-Time...4 Click SSL VPN to access network resources. Figure 259 Enter the Address in and establish an SSL VPN connection to the network to log in a Web Browser 2 Click OK or Yes if a security screen displays. For example, "http://sslvpn.mycompany.com". Figure 261 Login Screen ZyWALL USG 20/20W User's Guide ...
User Guide
Page 447
...click a link in a separate browser window. Figure 272 Application ZyWALL USG 20/20W User's Guide 447 Which applications you can access depends on the network through the SSL VPN connection. The Type field displays whether the application supports Virtual ...Network Computing (VNC) or Remote Desktop Protocol (RDP). CHAPTER 26 SSL User Application Screens 26.1 SSL User Application Screens Overview Use the Application screen to access web-based applications (such as web sites and e-mail) on the ZyWALL...
...click a link in a separate browser window. Figure 272 Application ZyWALL USG 20/20W User's Guide 447 Which applications you can access depends on the network through the SSL VPN connection. The Type field displays whether the application supports Virtual ...Network Computing (VNC) or Remote Desktop Protocol (RDP). CHAPTER 26 SSL User Application Screens 26.1 SSL User Application Screens Overview Use the Application screen to access web-based applications (such as web sites and e-mail) on the ZyWALL...
User Guide
Page 615
... web browser (Section 41.2.1 on page 618). 41.1.2 What You Need to access an intranet site using standard web browsers. ZyWALL USG 20/20W User's Guide 615 You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in this Chapter •...
... web browser (Section 41.2.1 on page 618). 41.1.2 What You Need to access an intranet site using standard web browsers. ZyWALL USG 20/20W User's Guide 615 You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in this Chapter •...
User Guide
Page 616
.... The LAN computer to log into the ZyWALL. The ZyWALL works with web page encryption. 1 Click Configuration > Object > SSL Application in Internet Explorer) VNC • RealVNC • TightVNC • UltraVNC For example, user A uses an SSL VPN connection to be managed must have VNC (...web site is useful for an internal web site. The remote user's computer does not use VNC or RDP client software. This is http://info with the following remote desktop connection software: RDP • Windows Remote Desktop (supported in the navigation panel. 616 ZyWALL USG 20/20W User...
.... The LAN computer to log into the ZyWALL. The ZyWALL works with web page encryption. 1 Click Configuration > Object > SSL Application in Internet Explorer) VNC • RealVNC • TightVNC • UltraVNC For example, user A uses an SSL VPN connection to be managed must have VNC (...web site is useful for an internal web site. The remote user's computer does not use VNC or RDP client software. This is http://info with the following remote desktop connection software: RDP • Windows Remote Desktop (supported in the navigation panel. 616 ZyWALL USG 20/20W User...
User Guide
Page 619
...browser. If a link contains a file that you expect the SSL VPN users to access the URL you enter "\remote\" in this to configure any new settings objects that you need to 31 characters ("0-9", "a-z", "A-Z", "-" and "_"). ZyWALL USG 20/20W User's Guide 619 Select OWA (Outlook Web Access) to allow ...Preview Remote users are not allowed. Click Preview to commonly use in this screen. Select Weblink to create a link to a web site that is set to manage LAN computers that have Remote Desktop Protocol remote desktop server software installed. This field displays if the Server...
...browser. If a link contains a file that you expect the SSL VPN users to access the URL you enter "\remote\" in this to configure any new settings objects that you need to 31 characters ("0-9", "a-z", "A-Z", "-" and "_"). ZyWALL USG 20/20W User's Guide 619 Select OWA (Outlook Web Access) to allow ...Preview Remote users are not allowed. Click Preview to commonly use in this screen. Select Weblink to create a link to a web site that is set to manage LAN computers that have Remote Desktop Protocol remote desktop server software installed. This field displays if the Server...
User Guide
Page 733
... you enable NAT traversal, the remote IPSec device must use the same SPI. • If the sites are being sent and received by the ZyWALL and remote IPSec router (for each VPN tunnel. See also Chapter 23 on the zone to establish the IKE SA. • Both routers ...NAT traversal. If you assign the VPN tunnel and the zone from the network before the ZyWALL encrypts them and check packets the ZyWALL receives after the ZyWALL decrypts them. Regular firewall rules check packets the ZyWALL sends before testing your new VPN connection. ZyWALL USG 20/20W User's Guide 733 Chapter 50 ...
... you enable NAT traversal, the remote IPSec device must use the same SPI. • If the sites are being sent and received by the ZyWALL and remote IPSec router (for each VPN tunnel. See also Chapter 23 on the zone to establish the IKE SA. • Both routers ...NAT traversal. If you assign the VPN tunnel and the zone from the network before the ZyWALL encrypts them and check packets the ZyWALL receives after the ZyWALL decrypts them. Regular firewall rules check packets the ZyWALL sends before testing your new VPN connection. ZyWALL USG 20/20W User's Guide 733 Chapter 50 ...
User Guide
Page 947
... 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 where used 96 WLAN 218 Internet access troubleshooting 728, 734 Internet Control Message Protocol, see ...HTTP redirect 350 and layer-3 virtualization 218 and NAT 341 and physical ports 88, 218 and policy routes 305 and static routes 309 and VPN gateways 394 and zones 88, 218 as DHCP relays 286 as DHCP servers 286, 630 backup, see trunks bandwidth management 285, 295 bridge,...
... 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 where used 96 WLAN 218 Internet access troubleshooting 728, 734 Internet Control Message Protocol, see ...HTTP redirect 350 and layer-3 virtualization 218 and NAT 341 and physical ports 88, 218 and policy routes 305 and static routes 309 and VPN gateways 394 and zones 88, 218 as DHCP relays 286 as DHCP servers 286, 630 backup, see trunks bandwidth management 285, 295 bridge,...
User Guide
Page 958
...site ZyXEL 4 web-based SSL application 615 configuration example 616 create 618 weblink 616 webroot-directory-traversal attack 485 weighted round robin (for load balancing) 290 white list (anti-spam) 521, 527, 529, 531 Wi-Fi Protected Access 812 958 ZyWALL USG 20/20W User's Guide Virtual Network Computing see VNC Virtual Private Network, see VPN... also IPSec SA status 174 troubleshooting 734 VPN connections and address objects 394 and policy routes 305, 733 VPN gateways and certificates 394 and extended authentication 394 and interfaces 394 and to-ZyWALL firewall 733 VRPT (Vantage Report) 683,...
...site ZyXEL 4 web-based SSL application 615 configuration example 616 create 618 weblink 616 webroot-directory-traversal attack 485 weighted round robin (for load balancing) 290 white list (anti-spam) 521, 527, 529, 531 Wi-Fi Protected Access 812 958 ZyWALL USG 20/20W User's Guide Virtual Network Computing see VNC Virtual Private Network, see VPN... also IPSec SA status 174 troubleshooting 734 VPN connections and address objects 394 and policy routes 305, 733 VPN gateways and certificates 394 and extended authentication 394 and interfaces 394 and to-ZyWALL firewall 733 VRPT (Vantage Report) 683,...
User Guide
Page 959
... wireless security 249, 808 Wizard Setup 59, 69 WLAN 146, 248 interfaces 218 interference 805 security parameters 816 see also HTTP, HTTPS 130, 646 www.zyxel.com 4 Z zones 88, 327 and firewall 374, 384 and FTP 670 and interfaces 88, 327 and SNMP 674 and SSH 665 and Telnet 668... and VPN 88, 327 and WWW 650 block intra-zone traffic 330, 382 configuration overview 98 default 90 extra-zone traffic 328 inter-zone traffic 328 intra-zone traffic 328 prerequisites 98 types of traffic 328 where used 98 ZyWALL terminology differences 91 ZyXEL web site 4 ZyWALL USG 20/20W User's Guide 959 ...
... wireless security 249, 808 Wizard Setup 59, 69 WLAN 146, 248 interfaces 218 interference 805 security parameters 816 see also HTTP, HTTPS 130, 646 www.zyxel.com 4 Z zones 88, 327 and firewall 374, 384 and FTP 670 and interfaces 88, 327 and SNMP 674 and SSH 665 and Telnet 668... and VPN 88, 327 and WWW 650 block intra-zone traffic 330, 382 configuration overview 98 default 90 extra-zone traffic 328 inter-zone traffic 328 intra-zone traffic 328 prerequisites 98 types of traffic 328 where used 98 ZyWALL terminology differences 91 ZyXEL web site 4 ZyWALL USG 20/20W User's Guide 959 ...