User Guide
Page 13
...6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ......Configure a Cellular Interface 111 7.3 How to Configure Load Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20...
...6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ......Configure a Cellular Interface 111 7.3 How to Configure Load Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20...
User Guide
Page 50
... Configure the default LDAP settings. RADIUS-Default Configure the default RADIUS settings. Certificate My Certificates Create and manage the ZyWALL's certificates. Trusted Certificates Import and manage certificates from trusted sources. SSL Application Create SSL web application objects. 50 ZyWALL USG 20/20W... manage groups of RADIUS servers. Default Active Directory- DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Setting Manage default settings for all users, general settings for user sessions, and rules to identify legitimate e-mail. Auth. Create...
... Configure the default LDAP settings. RADIUS-Default Configure the default RADIUS settings. Certificate My Certificates Create and manage the ZyWALL's certificates. Trusted Certificates Import and manage certificates from trusted sources. SSL Application Create SSL web application objects. 50 ZyWALL USG 20/20W... manage groups of RADIUS servers. Default Active Directory- DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Setting Manage default settings for all users, general settings for user sessions, and rules to identify legitimate e-mail. Auth. Create...
User Guide
Page 51
... server. System Host Name Configure the system and domain name for the ZyWALL. DNS Configure the DNS server and address records for the ZyWALL. SNMP Configure SNMP communities and services. Log & Report Email Daily Report Configure where and how to send... down the ZyWALL. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Endpoint Security Create Endpoint Security (EPS) objects. ZyWALL USG 20/20W User's Guide 51 USB Storage Configure the settings for the ZyWALL. WWW Service Control Configure HTTP, HTTPS...
... server. System Host Name Configure the system and domain name for the ZyWALL. DNS Configure the DNS server and address records for the ZyWALL. SNMP Configure SNMP communities and services. Log & Report Email Daily Report Configure where and how to send... down the ZyWALL. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Endpoint Security Create Endpoint Security (EPS) objects. ZyWALL USG 20/20W User's Guide 51 USB Storage Configure the settings for the ZyWALL. WWW Service Control Configure HTTP, HTTPS...
User Guide
Page 74
... address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not configure a DNS server, you must know the IP...
... address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for VPN, DDNS and the time server. Leave the field as 0.0.0.0 if you do not configure a DNS server, you must know the IP...
User Guide
Page 75
... disconnects from the PPPoE server. 0 means no timeout. This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). This is how many seconds the connection can use later in the main Quick Setup screen to open the VPN ... connection will not time out. The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to connect with your ISP. Click Next. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL...
... disconnects from the PPPoE server. 0 means no timeout. This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). This is how many seconds the connection can use later in the main Quick Setup screen to open the VPN ... connection will not time out. The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to connect with your ISP. Click Next. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL...
User Guide
Page 98
...settings, such as the interface on a private network behind the ZyWALL available outside the private network. When you create a zone, the ZyWALL does not create any firewall rules, or configure remote management for background information. The ZyWALL helps maintain this mapping. The ZyWALL only checks regular (through-ZyWALL...Zone and then the Add icon. 6.5.8 DDNS Dynamic DNS maps a domain name to the ZyWALL. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20/20W User's Guide MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.9 NAT Use ...
...settings, such as the interface on a private network behind the ZyWALL available outside the private network. When you create a zone, the ZyWALL does not create any firewall rules, or configure remote management for background information. The ZyWALL helps maintain this mapping. The ZyWALL only checks regular (through-ZyWALL...Zone and then the Add icon. 6.5.8 DDNS Dynamic DNS maps a domain name to the ZyWALL. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20/20W User's Guide MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.9 NAT Use ...
User Guide
Page 101
... 7 on page 107. ZyWALL USG 20/20W User's Guide 101 Make sure each rule is in the correct place in order. The ZyWALL also offers hub-and-spoke VPN. Chapter 6 Configuration Basics 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service). 2 Create an address object for assigning to clients, DNS and WINS server addresses...
... 7 on page 107. ZyWALL USG 20/20W User's Guide 101 Make sure each rule is in the correct place in order. The ZyWALL also offers hub-and-spoke VPN. Chapter 6 Configuration Basics 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service). 2 Create an address object for assigning to clients, DNS and WINS server addresses...
User Guide
Page 105
... to set which addresses (address objects) the access can be used to configure the HTTP management access. MENU ITEM(S) Configuration > Log & Report ZyWALL USG 20/20W User's Guide 105 Chapter 6 Configuration Basics WHERE USED Policy routes, firewall, content filter, user groups, VPN 6.7 System This section introduces some of the management features in the ZyWALL. MENU ITEM(S) Configuration > System > DNS, WWW...
... to set which addresses (address objects) the access can be used to configure the HTTP management access. MENU ITEM(S) Configuration > Log & Report ZyWALL USG 20/20W User's Guide 105 Chapter 6 Configuration Basics WHERE USED Policy routes, firewall, content filter, user groups, VPN 6.7 System This section introduces some of the management features in the ZyWALL. MENU ITEM(S) Configuration > System > DNS, WWW...
User Guide
Page 205
... General screen to the ZyWALL's configured list of DNSBL domains and did not receive a response in time. This column displays when you display the entries by Sender Mail Address. Occurrence This field displays how many queries that were sent to set whether the ZyWALL forwards or drops sessions...that the ZyWALL has determined to list the top e-mail addresses from the sender. Select Sender Email Address to be spam. It shows the source IP address of e-mails that the ZyWALL has detected. This column displays when you display the entries by Sender IP. ZyWALL USG 20/20W User...
... General screen to the ZyWALL's configured list of DNSBL domains and did not receive a response in time. This column displays when you display the entries by Sender Mail Address. Occurrence This field displays how many queries that were sent to set whether the ZyWALL forwards or drops sessions...that the ZyWALL has determined to list the top e-mail addresses from the sender. Select Sender Email Address to be spam. It shows the source IP address of e-mails that the ZyWALL has detected. This column displays when you display the entries by Sender IP. ZyWALL USG 20/20W User...
User Guide
Page 229
... for the network. In this case, the ZyWALL can allocate 10.10.10.10 to tcp. The DHCP server(s) may be blank. First DNS Server, Second DNS Server, Third DNS Server Specify the IP addresses up to three DNS servers for the first address (network address), ...is a DHCP Relay. ZyWALL USG 20/20W User's Guide 229 These fields appear if the ZyWALL is Internal or General. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL Check Port DHCP Setting DESCRIPTION This field only displays when you set the Check Method to 10...
... for the network. In this case, the ZyWALL can allocate 10.10.10.10 to tcp. The DHCP server(s) may be blank. First DNS Server, Second DNS Server, Third DNS Server Specify the IP addresses up to three DNS servers for the first address (network address), ...is a DHCP Relay. ZyWALL USG 20/20W User's Guide 229 These fields appear if the ZyWALL is Internal or General. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL Check Port DHCP Setting DESCRIPTION This field only displays when you set the Check Method to 10...
User Guide
Page 255
...Relay - If this interface. DHCP Settings DHCP Select what part of traffic, in the network. DHCP Server - Choices are 0 - 1048576. Type the maximum size of another network. The DHCP server(s) may be on the network. ZyWALL USG 20/20W User's Guide 255 Ingress Bandwidth...Interfaces Table 60 Configuration > Network > Interface > WLAN > Add (No Security) LABEL DESCRIPTION IP Address Enter the IP address for future use. This setting is reserved for this interface. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to ...
...Relay - If this interface. DHCP Settings DHCP Select what part of traffic, in the network. DHCP Server - Choices are 0 - 1048576. Type the maximum size of another network. The DHCP server(s) may be on the network. ZyWALL USG 20/20W User's Guide 255 Ingress Bandwidth...Interfaces Table 60 Configuration > Network > Interface > WLAN > Add (No Security) LABEL DESCRIPTION IP Address Enter the IP address for future use. This setting is reserved for this interface. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to ...
User Guide
Page 256
...Setting Enable RIP If this field is a sequential value, and it can use . The ZyWALL provides these IP addresses. select the DNS server that they are currently using the interface's IP Pool Start Address and Pool Size. Select an entry and click this to enable RIP in this interface. 256 ZyWALL USG 20...Security) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to help identify this static DHCP entry. ZyWALL - Configure a list of static IP addresses the ZyWALL assigns to computers connected to create a new entry. Click this to specify these IP addresses to a ...
...Setting Enable RIP If this field is a sequential value, and it can use . The ZyWALL provides these IP addresses. select the DNS server that they are currently using the interface's IP Pool Start Address and Pool Size. Select an entry and click this to enable RIP in this interface. 256 ZyWALL USG 20...Security) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to help identify this static DHCP entry. ZyWALL - Configure a list of static IP addresses the ZyWALL assigns to computers connected to create a new entry. Click this to specify these IP addresses to a ...
User Guide
Page 280
... and DNS server information to the network. The ZyWALL sends packets to the gateway when it into smaller fragments. If two or more gateways have the same priority, the ZyWALL uses the one or more DHCP servers you can move through the interface. Related Setting Configure WAN TRUNK Configure Policy.... 280 ZyWALL USG 20/20W User's Guide the ZyWALL does not provide any ) on the same network as part of traffic, in kilobits per second, the ZyWALL can send through the interface to the screen where you specify. Enter the IP address of traffic, in bytes, that was configured first....
... and DNS server information to the network. The ZyWALL sends packets to the gateway when it into smaller fragments. If two or more gateways have the same priority, the ZyWALL uses the one or more DHCP servers you can move through the interface. Related Setting Configure WAN TRUNK Configure Policy.... 280 ZyWALL USG 20/20W User's Guide the ZyWALL does not provide any ) on the same network as part of traffic, in kilobits per second, the ZyWALL can send through the interface to the screen where you specify. Enter the IP address of traffic, in bytes, that was configured first....
User Guide
Page 286
... be a DHCP relay or a DHCP server. DHCP Settings Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set the bandwidth restrictions very high, you effectively remove the restrictions. In the ZyWALL, some interfaces can assign its IP address to another ...server. and provide the IP address, subnet mask, gateway, and available network information to DHCP clients. 286 ZyWALL USG 20/20W User's Guide The maximum number of DNS servers) on different networks. In this case, the interface can specify more efficiently. The smaller the MTU...
... be a DHCP relay or a DHCP server. DHCP Settings Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set the bandwidth restrictions very high, you effectively remove the restrictions. In the ZyWALL, some interfaces can assign its IP address to another ...server. and provide the IP address, subnet mask, gateway, and available network information to DHCP clients. 286 ZyWALL USG 20/20W User's Guide The maximum number of DNS servers) on different networks. In this case, the interface can specify more efficiently. The smaller the MTU...
User Guide
Page 331
... domain name to a dynamic IP address. Note: You must set up a dynamic DNS account with the ZyWALL. See the listed websites for details about the DNS services offered by each. You must have a public WAN IP address to edit the configuration of the current IP address. As a result, anyone can... SERVICE TYPES SUPPORTED WEBSITE DynDNS Dynamic DNS, Static DNS, and Custom DNS www.dyndns.com Dynu Basic, Premium www.dynu.com No-IP No-IP www.no-ip.com Peanut Hull Peanut Hull www.oray.cn 3322 3322 Dynamic DNS, 3322 Static DNS www.3322.org ZyWALL USG 20/20W User's Guide 331
... domain name to a dynamic IP address. Note: You must set up a dynamic DNS account with the ZyWALL. See the listed websites for details about the DNS services offered by each. You must have a public WAN IP address to edit the configuration of the current IP address. As a result, anyone can... SERVICE TYPES SUPPORTED WEBSITE DynDNS Dynamic DNS, Static DNS, and Custom DNS www.dyndns.com Dynu Basic, Premium www.dynu.com No-IP No-IP www.no-ip.com Peanut Hull Peanut Hull www.oray.cn 3322 3322 Dynamic DNS, 3322 Static DNS www.3322.org ZyWALL USG 20/20W User's Guide 331
User Guide
Page 334
... The Dynamic DNS Add/Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the ZyWALL or to edit the configuration of configuration fields. Table 93 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this ...button to open this DDNS entry in this DDNS entry. Profile Profile Name When you are using. 334 ZyWALL USG 20/20W...
... The Dynamic DNS Add/Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the ZyWALL or to edit the configuration of configuration fields. Table 93 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this ...button to open this DDNS entry in this DDNS entry. Profile Profile Name When you are using. 334 ZyWALL USG 20/20W...
User Guide
Page 368
...service that you want to remove from the member list, and click the left . Keeping DNS as a member allows users' computers to remove it or them. Policy > Add Exceptional Service...on an entry, select it and click Edit to add them . Figure 223 Configuration > Auth. To remove an entry, select it and click Inactivate. In the field that ...settings. Double-click an entry or select it and click Activate. A screen appears. To turn off an entry, select it and click Remove. Use this table to create a new entry after the selected entry. To move the interface. ZyWALL USG 20...
...service that you want to remove from the member list, and click the left . Keeping DNS as a member allows users' computers to remove it or them. Policy > Add Exceptional Service...on an entry, select it and click Edit to add them . Figure 223 Configuration > Auth. To remove an entry, select it and click Inactivate. In the field that ...settings. Double-click an entry or select it and click Activate. A screen appears. To turn off an entry, select it and click Remove. Use this table to create a new entry after the selected entry. To move the interface. ZyWALL USG 20...
User Guide
Page 375
... going to the firewall rule, the user can configure a To-ZyWALL firewall rule (with from an interface which is activated whenever the user logs in the rule. ZyWALL USG 20/20W User's Guide 375 Chapter 22 Firewall To-ZyWALL Rules Rules with ZyWALL as the packet direction are the only firewall rules... that apply to an interface or VPN tunnel that is not included in to the ZyWALL, you can set up a rule based on...
... going to the firewall rule, the user can configure a To-ZyWALL firewall rule (with from an interface which is activated whenever the user logs in the rule. ZyWALL USG 20/20W User's Guide 375 Chapter 22 Firewall To-ZyWALL Rules Rules with ZyWALL as the packet direction are the only firewall rules... that apply to an interface or VPN tunnel that is not included in to the ZyWALL, you can set up a rule based on...
User Guide
Page 629
...access and from which IP addresses the access can upload and download the ZyWALL's firmware and configuration files using a terminal emulation program. • Use the System > DNS screen (see Section 43.6 on page 636) to configure the DNS (Domain Name System) server used for mapping a domain name to its... 43.7 on page 644) to configure settings for HTTP or HTTPS access to the ZyWALL and how the login and access user screens look. • Use the System > SSH screen (see Section 43.8 on page 661) to configure SSH (Secure SHell) used to access the ZyWALL. ZyWALL USG 20/20W User's Guide 629
...access and from which IP addresses the access can upload and download the ZyWALL's firmware and configuration files using a terminal emulation program. • Use the System > DNS screen (see Section 43.6 on page 636) to configure the DNS (Domain Name System) server used for mapping a domain name to its... 43.7 on page 644) to configure settings for HTTP or HTTPS access to the ZyWALL and how the login and access user screens look. • Use the System > SSH screen (see Section 43.8 on page 661) to configure SSH (Secure SHell) used to access the ZyWALL. ZyWALL USG 20/20W User's Guide 629
User Guide
Page 637
... the ISP. • You can also configure the ZyWALL to accept or discard DNS queries. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. • If your ZyWALL's DNS settings. Use the DNS screen to configure the ZyWALL to use a DNS server to the specified DHCP client devices. Figure 372 Configuration > System > DNS ZyWALL USG 20/20W User's Guide 637
... the ISP. • You can also configure the ZyWALL to accept or discard DNS queries. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. • If your ZyWALL's DNS settings. Use the DNS screen to configure the ZyWALL to use a DNS server to the specified DHCP client devices. Figure 372 Configuration > System > DNS ZyWALL USG 20/20W User's Guide 637
