User Guide
Page 2
... explains how to use the Web Configurator to ensure that screen and supplementary information. 2 UAG715 User's Guide Every effort has been made to configure the UAG. • Web Configurator Online Help Click the help icon in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how...
... explains how to use the Web Configurator to ensure that screen and supplementary information. 2 UAG715 User's Guide Every effort has been made to configure the UAG. • Web Configurator Online Help Click the help icon in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how...
User Guide
Page 11
....1.3 Before You Begin ...256 22.2 The VPN Connection Screen ...256 22.2.1 The VPN Connection Add/Edit (IKE) Screen 257 22.2.2 The VPN Connection Add/Edit Manual Key Screen 263 22.3 The VPN Gateway Screen ...265 22.3.1 The VPN Gateway Add/Edit Screen 266 22.4 IPSec VPN Background Information 272 Chapter 23... Connection ...305 25.6 Uninstalling the ZyWALL SecuExtender 305 Chapter 26 Bandwidth Management...307 26.1 Overview ...307 26.1.1 What You Can Do in this Chapter 307 UAG715 User's Guide 11
....1.3 Before You Begin ...256 22.2 The VPN Connection Screen ...256 22.2.1 The VPN Connection Add/Edit (IKE) Screen 257 22.2.2 The VPN Connection Add/Edit Manual Key Screen 263 22.3 The VPN Gateway Screen ...265 22.3.1 The VPN Gateway Add/Edit Screen 266 22.4 IPSec VPN Background Information 272 Chapter 23... Connection ...305 25.6 Uninstalling the ZyWALL SecuExtender 305 Chapter 26 Bandwidth Management...307 26.1 Overview ...307 26.1.1 What You Can Do in this Chapter 307 UAG715 User's Guide 11
User Guide
Page 78
... Web sites and the number of times each one You use the Traffic Statistics screen to tell the UAG when to stop it manually in the onesecond interval before the screen updated. you have to start and when to start and stop collecting information for more information...since it was last connected. Please see Table 22 on page 79 for these reports. Figure 60 Monitor > System Status > Traffic Statistics 78 UAG715 User's Guide Chapter 6 Monitor Table 21 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION TxPkts This field displays the number of packets...
... Web sites and the number of times each one You use the Traffic Statistics screen to tell the UAG when to stop it manually in the onesecond interval before the screen updated. you have to start and when to start and stop collecting information for more information...since it was last connected. Please see Table 22 on page 79 for these reports. Figure 60 Monitor > System Status > Traffic Statistics 78 UAG715 User's Guide Chapter 6 Monitor Table 21 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION TxPkts This field displays the number of packets...
User Guide
Page 85
...storage device. the USB device is not supported (unknown) by the UAG, such as NTFS. Unused - the connected USB storage device was manually unmounted by using the USB storage device so you can remove it . This button is grayed out if the file system is operating normally or...open the following table describes the labels in this threshold). Mounting - the use the USB storage device. the UAG is mounting the USB storage device. UAG715 User's Guide 85 Ready - Click Remove Now to which the UAG applied a VPN 1-1 mapping rule. Detail none - no USB storage device is ...
...storage device. the USB device is not supported (unknown) by the UAG, such as NTFS. Unused - the connected USB storage device was manually unmounted by using the USB storage device so you can remove it . This button is grayed out if the file system is operating normally or...open the following table describes the labels in this threshold). Mounting - the use the USB storage device. the UAG is mounting the USB storage device. UAG715 User's Guide 85 Ready - Click Remove Now to which the UAG applied a VPN 1-1 mapping rule. Detail none - no USB storage device is ...
User Guide
Page 88
.... For example, use "*abc" (without the quotation marks) to navigate the pages of entries. This field displays N/A if the IPSec SA uses manual keys. A * in the SA. The whole VPN connection or policy name has to match if you want to specify any type) of characters ... disconnects the IPSec SA. Timeout This field displays how many entries you do the following: • View a list of active SSL VPN connections. 88 UAG715 User's Guide For example, use "a?c" (without the quotation marks) to display on . A VPN connection or policy name named "testacc" for this screen...
.... For example, use "*abc" (without the quotation marks) to navigate the pages of entries. This field displays N/A if the IPSec SA uses manual keys. A * in the SA. The whole VPN connection or policy name has to match if you want to specify any type) of characters ... disconnects the IPSec SA. Timeout This field displays how many entries you do the following: • View a list of active SSL VPN connections. 88 UAG715 User's Guide For example, use "a?c" (without the quotation marks) to display on . A VPN connection or policy name named "testacc" for this screen...
User Guide
Page 92
.... Select one or more URL entries and click Delete to the web site's URL was allowed before the URL entry is discarded from the cache manually. Point the triangle down to display the URLs to which access was blocked or allowed. Table 34 Monitor > Anti-X > Content Filter > Cache LABEL URL ...external content filtering database. URL Remaining Time (minutes) URL Cache Setup Click the column heading to clear all web site addresses from the cache. 92 UAG715 User's Guide Click this button to sort the entries. This is the number of minutes left before the blocked URLs.
.... Select one or more URL entries and click Delete to the web site's URL was allowed before the URL entry is discarded from the cache manually. Point the triangle down to display the URLs to which access was blocked or allowed. Table 34 Monitor > Anti-X > Content Filter > Cache LABEL URL ...external content filtering database. URL Remaining Time (minutes) URL Cache Setup Click the column heading to clear all web site addresses from the cache. 92 UAG715 User's Guide Click this button to sort the entries. This is the number of minutes left before the blocked URLs.
User Guide
Page 111
... the network connected to a local network. You use . The subnet mask indicates what part of the gateway. The lower the number, the higher the priority. UAG715 User's Guide 111 You can be up to change this interface. If you may also need to 60 characters long. Clear this to specify the... IP address, subnet mask, and gateway manually. Enter the IP address of the IP address is the same for the interface. Enter the priority of your LAN interface, you want to disable...
... the network connected to a local network. You use . The subnet mask indicates what part of the gateway. The lower the number, the higher the priority. UAG715 User's Guide 111 You can be up to change this interface. If you may also need to 60 characters long. Clear this to specify the... IP address, subnet mask, and gateway manually. Enter the IP address of the IP address is the same for the interface. Enter the priority of your LAN interface, you want to disable...
User Guide
Page 113
... a log if a device connected to this interface enforce links between specific IP addresses and specific MAC addresses. This stops anyone else from manually using the interface's IP Pool Start Address and Pool Size. Configure a list of static IP addresses the UAG assigns to computers connected to... this entry's MAC address. Click this to assign this to 60 characters long. UAG715 User's Guide 113 Custom Defined - The WINS server keeps a mapping table of the computer names on your network and the IP addresses ...
... a log if a device connected to this interface enforce links between specific IP addresses and specific MAC addresses. This stops anyone else from manually using the interface's IP Pool Start Address and Pool Size. Configure a list of static IP addresses the UAG assigns to computers connected to... this entry's MAC address. Click this to assign this to 60 characters long. UAG715 User's Guide 113 Custom Defined - The WINS server keeps a mapping table of the computer names on your network and the IP addresses ...
User Guide
Page 114
...Authentication is enabled. Select this interface only receives routing information. Either enter the MAC address in which this screen without saving. 114 UAG715 User's Guide Click PPPoE/PPTP if this interface. The highest-priority interface identifies the DR, and the second-highest-priority interface identifies... Set the priority to zero if the interface can be up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of the device or computer whose MAC you are 1, 2, and 1 and 2. Select ...
...Authentication is enabled. Select this interface only receives routing information. Either enter the MAC address in which this screen without saving. 114 UAG715 User's Guide Click PPPoE/PPTP if this interface. The highest-priority interface identifies the DR, and the second-highest-priority interface identifies... Set the priority to zero if the interface can be up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of the device or computer whose MAC you are 1, 2, and 1 and 2. Select ...
User Guide
Page 117
.... This field displays the ISP account used by this to open a screen where you can create (and delete) User Configuration PPP interfaces. UAG715 User's Guide 117 To disconnect an interface, select it and click Activate. This field displays the name of which settings use this in testing...an entry or select it before you configure a PPPoE or PPTP interface. The UAG confirms you want to remove it and click Edit to manually establish the connection for an example. To connect an interface, select it is disconnected. You might use the entry. The activate (light bulb...
.... This field displays the ISP account used by this to open a screen where you can create (and delete) User Configuration PPP interfaces. UAG715 User's Guide 117 To disconnect an interface, select it and click Activate. This field displays the name of which settings use this in testing...an entry or select it before you configure a PPPoE or PPTP interface. The UAG confirms you want to remove it and click Edit to manually establish the connection for an example. To connect an interface, select it is disconnected. You might use the entry. The activate (light bulb...
User Guide
Page 119
... > Add LABEL DESCRIPTION Show Advanced Settings / Hide Advanced Settings Click this button to display a greater or lesser number of this to specify the IP address manually. Clear this interface. It can use alphanumeric and characters, and it costs money to keep the connection available. Select this PPPoE/PPTP interface uses. The... case, the DHCP server configures the IP address automatically. In this interface. The subnet mask and gateway are always defined automatically in PPPoE/PPTP interfaces. UAG715 User's Guide 119
... > Add LABEL DESCRIPTION Show Advanced Settings / Hide Advanced Settings Click this button to display a greater or lesser number of this to specify the IP address manually. Clear this interface. It can use alphanumeric and characters, and it costs money to keep the connection available. Select this PPPoE/PPTP interface uses. The... case, the DHCP server configures the IP address automatically. In this interface. The subnet mask and gateway are always defined automatically in PPPoE/PPTP interfaces. UAG715 User's Guide 119
User Guide
Page 120
... Check Default Gateway Check this to turn on the same network as part of seconds between connection check attempts. Select this interface. 120 UAG715 User's Guide Select icmp to have the same priority, the UAG uses the one that can receive from the network through the gateway.... to make sure it is still available. Select the method that domain name or IP address in kilobits per second, the UAG can manually configure a policy route to associate traffic with the gateway you specify to make sure it is still available. Enter the number of traffic...
... Check Default Gateway Check this to turn on the same network as part of seconds between connection check attempts. Select this interface. 120 UAG715 User's Guide Select icmp to have the same priority, the UAG uses the one that can receive from the network through the gateway.... to make sure it is still available. Select the method that domain name or IP address in kilobits per second, the UAG can manually configure a policy route to associate traffic with the gateway you specify to make sure it is still available. Enter the number of traffic...
User Guide
Page 125
...interface. Select this interface. Gateway Enter the subnet mask of traffic, in bytes, that was configured first. Allowed values are 0 - 1048576. UAG715 User's Guide 125 Table 46 Configuration > Network > Interface > VLAN > Edit LABEL Show Advanced Settings / Hide Advanced Settings General Settings Enable ... if you select Use Fixed IP Address. The UAG decides which gateway to specify the IP address, subnet mask, and gateway manually. Enter the maximum amount of configuration fields. Maximum Transmission Unit. Usually, this interface. You can be on the model. This...
...interface. Select this interface. Gateway Enter the subnet mask of traffic, in bytes, that was configured first. Allowed values are 0 - 1048576. UAG715 User's Guide 125 Table 46 Configuration > Network > Interface > VLAN > Edit LABEL Show Advanced Settings / Hide Advanced Settings General Settings Enable ... if you select Use Fixed IP Address. The UAG decides which gateway to specify the IP address, subnet mask, and gateway manually. Enter the maximum amount of configuration fields. Maximum Transmission Unit. Usually, this interface. You can be on the model. This...
User Guide
Page 127
From ISP - the DHCP clients use the IP address of this interface. This stops anyone else from manually using subnet broadcasting; Click this entry's MAC address. Enter the IP address to assign to another device's MAC address. See Section 11.2...This field is a sequential value, and it is bound to a device with a specific entry. BiDir - This field is effective when RIP is enabled. UAG715 User's Guide 127 select this VLAN attempts to create a new entry. Enter a description to assign this static DHCP entry. This interface receives routing information. ...
From ISP - the DHCP clients use the IP address of this interface. This stops anyone else from manually using subnet broadcasting; Click this entry's MAC address. Enter the IP address to assign to another device's MAC address. See Section 11.2...This field is a sequential value, and it is bound to a device with a specific entry. BiDir - This field is effective when RIP is enabled. UAG715 User's Guide 127 select this VLAN attempts to create a new entry. Enter a description to assign this static DHCP entry. This interface receives routing information. ...
User Guide
Page 128
...can consist of alphanumeric characters and the underscore, and it can not be up to associate traffic with peer border routers, you can manually configure a policy route to 16 characters long. Type the ID for MD5 authentication. The ID can be the DR or BDR. ... WAN_TRUNK Configure Policy Route OK Cancel MD5 - Select an authentication method, or disable authentication. Type the password for bridge interfaces. 128 UAG715 User's Guide The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR. Set the priority to ...
...can consist of alphanumeric characters and the underscore, and it can not be up to associate traffic with peer border routers, you can manually configure a policy route to 16 characters long. Type the ID for MD5 authentication. The ID can be the DR or BDR. ... WAN_TRUNK Configure Policy Route OK Cancel MD5 - Select an authentication method, or disable authentication. Type the password for bridge interfaces. 128 UAG715 User's Guide The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR. Set the priority to ...
User Guide
Page 133
Clear this to enable this interface. Enter a description of the bridge interface. This field displays the interfaces that can become part of this button to belong. It is not used in the table below. An interface is not available in the following situations: Member IP Address Assignment Get Automatically Use Fixed IP Address IP Address • There is a virtual interface on . Select this to disable this interface. This field is read-only if you are part of it • It is already used elsewhere. For example, br0, br3, and so on top of the bridge interface. You ...
Clear this to enable this interface. Enter a description of the bridge interface. This field displays the interfaces that can become part of this button to belong. It is not used in the table below. An interface is not available in the following situations: Member IP Address Assignment Get Automatically Use Fixed IP Address IP Address • There is a virtual interface on . Select this to disable this interface. This field is read-only if you are part of it • It is already used elsewhere. For example, br0, br3, and so on top of the bridge interface. You ...
User Guide
Page 135
... are required before the attempt is not associated with this if IP addresses never expire Enable IP/MAC Binding Enable Logs for the connectivity check. UAG715 User's Guide 135 Chapter 8 Interfaces Table 51 Configuration > Network > Interface > Bridge > Edit (continued) LABEL Lease time DESCRIPTION Specify how ...the gateway allows. Use this to make sure it is still available. select this entry's MAC address. This stops anyone else from manually using the interface's IP Pool Start Address and Pool Size. Enter the MAC address to which to the gateway. You can use specific...
... are required before the attempt is not associated with this if IP addresses never expire Enable IP/MAC Binding Enable Logs for the connectivity check. UAG715 User's Guide 135 Chapter 8 Interfaces Table 51 Configuration > Network > Interface > Bridge > Edit (continued) LABEL Lease time DESCRIPTION Specify how ...the gateway allows. Use this to make sure it is still available. select this entry's MAC address. This stops anyone else from manually using the interface's IP Pool Start Address and Pool Size. Enter the MAC address to which to the gateway. You can use specific...
User Guide
Page 136
...> Network > Interface > Bridge > Edit (continued) LABEL DESCRIPTION Configure Policy Click Policy Route to go to the screen where you can manually configure a policy route Route to route packets. Cancel Click Cancel to exit this screen without saving. 8.7 Virtual Interfaces Use virtual interfaces to ...be created on page 253). virtual interfaces cannot be DHCP clients. Figure 90 Configuration > Network > Interface > Create Virtual Interface 136 UAG715 User's Guide Network policies (for virtual interfaces. OK Click OK to save your changes back to the virtual interface as well. ...
...> Network > Interface > Bridge > Edit (continued) LABEL DESCRIPTION Configure Policy Click Policy Route to go to the screen where you can manually configure a policy route Route to route packets. Cancel Click Cancel to exit this screen without saving. 8.7 Virtual Interfaces Use virtual interfaces to ...be created on page 253). virtual interfaces cannot be DHCP clients. Figure 90 Configuration > Network > Interface > Create Virtual Interface 136 UAG715 User's Guide Network policies (for virtual interfaces. OK Click OK to save your changes back to the virtual interface as well. ...
User Guide
Page 138
...). In this case, the interface is dropped. For example, if there is an optional setting for this to assign the IP address and subnet mask manually. Table 54 Example: Routing Table Entry for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.100 The gateway is a default router at 200....200.200.100, you can specify it might not find any . 138 UAG715 User's Guide In this packet, you should send this case, the UAG creates the following entry in the routing table. In PPPoE/PPTP interfaces, the...
...). In this case, the interface is dropped. For example, if there is an optional setting for this to assign the IP address and subnet mask manually. Table 54 Example: Routing Table Entry for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.100 The gateway is a default router at 200....200.200.100, you can specify it might not find any . 138 UAG715 User's Guide In this packet, you should send this case, the UAG creates the following entry in the routing table. In PPPoE/PPTP interfaces, the...
User Guide
Page 139
... to be a DHCP relay or a DHCP server. In DHCP, every network has at least one DHCP server. assign an IP address; UAG715 User's Guide 139 Each fragment is sent separately, and the original packet is called the maximum transmission unit (MTU). The maximum number of ...DHCP relay, the interface routes DHCP requests to all of writing, the UAG does not support ingress bandwidth management. This reduces the amount of manual configuration you set up and maintain IP addresses, subnet masks, gateways, and some interfaces can specify more work required to re-assemble packets ...
... to be a DHCP relay or a DHCP server. In DHCP, every network has at least one DHCP server. assign an IP address; UAG715 User's Guide 139 Each fragment is sent separately, and the original packet is called the maximum transmission unit (MTU). The maximum number of ...DHCP relay, the interface routes DHCP requests to all of writing, the UAG does not support ingress bandwidth management. This reduces the amount of manual configuration you set up and maintain IP addresses, subnet masks, gateways, and some interfaces can specify more work required to re-assemble packets ...