User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference ...163 Dashboard ...165 Monitor ...177 Registration... VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W ...
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference ...163 Dashboard ...165 Monitor ...177 Registration... VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W ...
User Guide
Page 11
... the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User...
... the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User...
User Guide
Page 12
Finish 80 5.5.4 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide WAN...
Finish 80 5.5.4 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide WAN...
User Guide
Page 13
... Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96...
... Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96...
User Guide
Page 18
... 22.1.3 Firewall Rule Example Applications 376 22.1.4 Firewall Rule Configuration Example 379 22.2 The Firewall Screen ...381 22.2.1 Configuring the Firewall Screen 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 22.1.3 Firewall Rule Example Applications 376 22.1.4 Firewall Rule Configuration Example 379 22.2 The Firewall Screen ...381 22.2.1 Configuring the Firewall Screen 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. The ZyWALL provides excellent throughput with minimal configuration. 1.2 Wall-mounting Do the following to attach your company. The DeMilitarized Zone (DMZ) ...forwarding, policy routing, DHCP server and many other powerful features. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for a third WAN connection. ZyWALL USG 20/20W User's Guide 29 You can set up the network and enforce security policies efficiently. ...
The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. The ZyWALL provides excellent throughput with minimal configuration. 1.2 Wall-mounting Do the following to attach your company. The DeMilitarized Zone (DMZ) ...forwarding, policy routing, DHCP server and many other powerful features. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for a third WAN connection. ZyWALL USG 20/20W User's Guide 29 You can set up the network and enforce security policies efficiently. ...
User Guide
Page 37
...configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. Virtual Private Networks (VPN) Use IPSec, SSL to zones. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W... User's Guide 37 You can add interfaces and VPN tunnels to provide secure communication between these ports. • One or more information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ...
...configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. Virtual Private Networks (VPN) Use IPSec, SSL to zones. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W... User's Guide 37 You can add interfaces and VPN tunnels to provide secure communication between these ports. • One or more information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ...
User Guide
Page 39
... remote users. Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service. See also Chapter 7 on page 107 for your network. ZyWALL USG 20/20W User's Guide 39 You can configure the ZyWALL to provide SSL VPN network access to your...
... remote users. Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service. See also Chapter 7 on page 107 for your network. ZyWALL USG 20/20W User's Guide 39 You can configure the ZyWALL to provide SSL VPN network access to your...
User Guide
Page 48
... services. 48 ZyWALL USG 20/20W User's Guide You can also log out individual users and delete related session information. Anti-X Statistics Content Filter Report Collect and display content filter statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IP...
... services. 48 ZyWALL USG 20/20W User's Guide You can also log out individual users and delete related session information. Anti-X Statistics Content Filter Report Collect and display content filter statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IP...
User Guide
Page 49
... (For USG 20W only) Configure settings for an installed 3G card. Zone Configure zones used to which the ZyWALL does not apply IP/MAC binding. NAT Set up and manage HTTP redirection rules. Auth. Session Limit Limit the number of interfaces) for load balancing and link High Availability (HA). SSL VPN Access Privilege Configure SSL VPN access rights...
... (For USG 20W only) Configure settings for an installed 3G card. Zone Configure zones used to which the ZyWALL does not apply IP/MAC binding. NAT Set up and manage HTTP redirection rules. Auth. Session Limit Limit the number of interfaces) for load balancing and link High Availability (HA). SSL VPN Access Privilege Configure SSL VPN access rights...
User Guide
Page 61
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you selected Auto as the IP Address Assignment in the ... address. • Gateway IP Address: Enter the IP address of a computer before you selected static IP address assignment. Options are: ZyWALL USG 20/20W User's Guide 61 Select an authentication protocol for VPN, DDNS and the time server. Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. The following fields display if...
Leave the field as 0.0.0.0 if you do not want to configure DNS servers. 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you selected Auto as the IP Address Assignment in the ... address. • Gateway IP Address: Enter the IP address of a computer before you selected static IP address assignment. Options are: ZyWALL USG 20/20W User's Guide 61 Select an authentication protocol for VPN, DDNS and the time server. Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. The following fields display if...
User Guide
Page 62
...MSCHAP-V2 - Auto displays if you selected Auto as 0.0.0.0 if you do not want to configure DNS servers. The DNS server is extremely important because without it . 62 ZyWALL USG 20/20W User's Guide The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields ... server's IP address(es). Use up to resolve domain names for VPN, DDNS and the time server. If you do not configure a DNS server, you do not want the connection to an IP address and vice versa. Your ZyWALL accepts CHAP only. • PAP - Chapter 4 Installation Setup Wizard...
...MSCHAP-V2 - Auto displays if you selected Auto as 0.0.0.0 if you do not want to configure DNS servers. The DNS server is extremely important because without it . 62 ZyWALL USG 20/20W User's Guide The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields ... server's IP address(es). Use up to resolve domain names for VPN, DDNS and the time server. If you do not configure a DNS server, you do not want the connection to an IP address and vice versa. Your ZyWALL accepts CHAP only. • PAP - Chapter 4 Installation Setup Wizard...
User Guide
Page 64
...8226; Zone This is optional and depends on the interface you selected static IP address assignment. The ZyWALL uses these (in the order you do not want to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The DNS server is extremely important because without it, you must follow the "c:id...Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. Otherwise, type the Idle Timeout in the previous screen. • First / Second DNS Server: These fields display if you are configuring to connect with a modem or router. • Type a Base ...
...8226; Zone This is optional and depends on the interface you selected static IP address assignment. The ZyWALL uses these (in the order you do not want to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The DNS server is extremely important because without it, you must follow the "c:id...Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. Otherwise, type the Idle Timeout in the previous screen. • First / Second DNS Server: These fields display if you are configuring to connect with a modem or router. • Type a Base ...
User Guide
Page 69
In the Web Configurator, click Configuration > Quick Setup to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator. This chapter provides information on page 76. See the feature-specific... Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to open a wizard to another computer or network. See Section 5.4 on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup ...
In the Web Configurator, click Configuration > Quick Setup to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator. This chapter provides information on page 76. See the feature-specific... Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to open a wizard to another computer or network. See Section 5.4 on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup ...
User Guide
Page 74
...ZyWALL USG 20/20W User's Guide Figure 37 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in this interface uses to connect to access it . It displays the IP address of a computer before you must know the IP address of a machine in the order you do not configure ...a DNS server, you can access it . Click Next to the previous screen. Server IP This field only appears for mapping a domain name to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 ...
...ZyWALL USG 20/20W User's Guide Figure 37 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in this interface uses to connect to access it . It displays the IP address of a computer before you must know the IP address of a machine in the order you do not configure ...a DNS server, you can access it . Click Next to the previous screen. Server IP This field only appears for mapping a domain name to resolve domain names for VPN, DDNS and the time server. Leave the field as 0.0.0.0 ...
User Guide
Page 75
...with your ISP. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This identifies the interface you specified a connection ID, it displays ...means no timeout. This field displays to which security zone this interface and Internet connection will not time out. Yes means the ZyWALL uses the idle timeout. Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION User Name Nailed-Up Idle Timeout...
...with your ISP. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This identifies the interface you specified a connection ID, it displays ...means no timeout. This field displays to which security zone this interface and Internet connection will not time out. Yes means the ZyWALL uses the idle timeout. Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION User Name Nailed-Up Idle Timeout...
User Guide
Page 116
Figure 66 VPN Example LAN LAN 116 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 20/20W User's Guide Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 65 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard.
Figure 66 VPN Example LAN LAN 116 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 20/20W User's Guide Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 65 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard.
User Guide
Page 615
Remote User Screen Links Available SSL application names are to be able to access. ZyWALL USG 20/20W User's Guide 615 Depending on the application type, remote users can configure the following SSL application on the ZyWALL. • Web-based A web-based application allows remote users to access an intranet site using a ... the name of the local computer, server, or web site SSL users are displayed as links in SSL VPN. You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in this Chapter • Use...
Remote User Screen Links Available SSL application names are to be able to access. ZyWALL USG 20/20W User's Guide 615 Depending on the application type, remote users can configure the following SSL application on the ZyWALL. • Web-based A web-based application allows remote users to access an intranet site using a ... the name of the local computer, server, or web site SSL users are displayed as links in SSL VPN. You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in this Chapter • Use...
User Guide
Page 948
Index transport encapsulation 399 tunnel encapsulation 399 VPN gateway 394 IPSec SA active protocol 421 and firewall 376, 733 and to-ZyWALL firewall 733 authentication algorithms 415, 416 authentication key (manual keys) 423 destination NAT ... for outbound traffic 424 status 196 transport mode 422 tunnel mode 422 when IKE SA is disconnected 421 IPSec VPN configuration overview 101 prerequisites 100, 101 see also IPSec troubleshooting 732 tutorial 116 where used 101 ISP account CHAP 613...LDAP load balancing 289 algorithms 290, 294 least load first 290 round robin 295 ZyWALL USG 20/20W User's Guide
Index transport encapsulation 399 tunnel encapsulation 399 VPN gateway 394 IPSec SA active protocol 421 and firewall 376, 733 and to-ZyWALL firewall 733 authentication algorithms 415, 416 authentication key (manual keys) 423 destination NAT ... for outbound traffic 424 status 196 transport mode 422 tunnel mode 422 when IKE SA is disconnected 421 IPSec VPN configuration overview 101 prerequisites 100, 101 see also IPSec troubleshooting 732 tutorial 116 where used 101 ISP account CHAP 613...LDAP load balancing 289 algorithms 290, 294 least load first 290 round robin 295 ZyWALL USG 20/20W User's Guide
User Guide
Page 950
... of feature application 91 OSPF 315 and Ethernet interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering... Stubby Area (NSSA) 316 stub areas 316 types of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide
... of feature application 91 OSPF 315 and Ethernet interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering 310 port triggering... Stubby Area (NSSA) 316 stub areas 316 types of 316 OSPF routers 317 area border (ABR) 317 autonomous system boundary (ASBR) 318 backbone (BR) 318 ZyWALL USG 20/20W User's Guide