User Guide
Page 3
...Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. Note: It is recommended you require. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, ...User's Guide Intended Audience This manual is intended for people who want to want more detailed information than what the real time online help provides. • It is highly recommended you read Chapter 7 on that menu item. • To find the information you use the Web Configurator to configure the ZyWALL. ZyWALL USG 20/20W User's Guide...
...Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. Note: It is recommended you require. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, ...User's Guide Intended Audience This manual is intended for people who want to want more detailed information than what the real time online help provides. • It is highly recommended you read Chapter 7 on that menu item. • To find the information you use the Web Configurator to configure the ZyWALL. ZyWALL USG 20/20W User's Guide...
User Guide
Page 4
... product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw Need More Help? This is available at www.zyxel.com. • Download Library Search for improvement to the following...
... product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw Need More Help? This is available at www.zyxel.com. • Download Library Search for improvement to the following...
User Guide
Page 5
... system versions, or if you took to ensure that the information in this book may differ slightly from others who use ZyXEL products and share your experiences as well. Customer Support Should problems arise that you received your device. • Brief description... About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in this manual is accurate. Learn from the product due to differences in which you should contact your device. See http://www.zyxel.com/web/contact_us.php for your vendor. ZyWALL USG 20/20W User's Guide 5 Every...
... system versions, or if you took to ensure that the information in this book may differ slightly from others who use ZyXEL products and share your experiences as well. Customer Support Should problems arise that you received your device. • Brief description... About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in this manual is accurate. Learn from the product due to differences in which you should contact your device. See http://www.zyxel.com/web/contact_us.php for your vendor. ZyWALL USG 20/20W User's Guide 5 Every...
User Guide
Page 6
... angle bracket ( > ) within a screen name denotes a mouse click. Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in bold font. ...use one or more characters and then press the [ENTER] key. "Select" or "choose" means for example, other words". 6 ZyWALL USG 20/20W User's Guide For example, Maintenance > Log > Log Setting means you to configure or helpful tips) or recommendations. Note: Notes tell you other ...
... angle bracket ( > ) within a screen name denotes a mouse click. Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in bold font. ...use one or more characters and then press the [ENTER] key. "Select" or "choose" means for example, other words". 6 ZyWALL USG 20/20W User's Guide For example, Maintenance > Log > Log Setting means you to configure or helpful tips) or recommendations. Note: Notes tell you other ...
User Guide
Page 7
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7
User Guide
Page 8
... to the right supply voltage (for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be treated separately. 8 ZyWALL USG 20/20W User's Guide always attach the plug to the power adaptor first before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device...
... to the right supply voltage (for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be treated separately. 8 ZyWALL USG 20/20W User's Guide always attach the plug to the power adaptor first before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 10
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
User Guide
Page 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
User Guide
Page 12
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Summary 79 5.5.3 VPN Express Wizard - Finish 80 5.5.4 VPN Advanced Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup ...
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Summary 79 5.5.3 VPN Express Wizard - Finish 80 5.5.4 VPN Advanced Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup ...
User Guide
Page 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
User Guide
Page 14
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 16
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
User Guide
Page 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
User Guide
Page 18
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
User Guide
Page 20
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
User Guide
Page 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
User Guide
Page 22
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide