User Guide
Page 97
... registrations and upgrade licenses. 7.1.2 What you can also purchase and enter a license key to register it. myZyXEL.com myZyXEL.com is ZyXEL's online services center where you Need to Know This section introduces the topics covered in this chapter. You can have the UAG use ...the content filtering subscription service. Refer to access myZyXEL.com via that UAG. See the respective User's Guide chapters for the UAG. UAG715 User's Guide 97 You can register your UAG and manage subscription services available for more SSL VPN tunnels. Alternatively, go to http://www...
... registrations and upgrade licenses. 7.1.2 What you can also purchase and enter a license key to register it. myZyXEL.com myZyXEL.com is ZyXEL's online services center where you Need to Know This section introduces the topics covered in this chapter. You can have the UAG use ...the content filtering subscription service. Refer to access myZyXEL.com via that UAG. See the respective User's Guide chapters for the UAG. UAG715 User's Guide 97 You can register your UAG and manage subscription services available for more SSL VPN tunnels. Alternatively, go to http://www...
User Guide
Page 291
...a message to display on the screen when a user logs out and the SSL VPN connection is terminated successfully. Leave this screen. For example, www.zyxel.com is a fully qualified domain name where "www" is the host. Specify a message to display on the screen when a user logs in this ... 111 VPN > SSL VPN > Global Setting LABEL DESCRIPTION Global Settings Network Extension Local IP Specify the IP address of the UAG's DDNS entries. UAG715 User's Guide 291 Figure 191 VPN > SSL VPN > Global Setting Chapter 23 SSL VPN The following table describes the labels in and an SSL...
...a message to display on the screen when a user logs out and the SSL VPN connection is terminated successfully. Leave this screen. For example, www.zyxel.com is a fully qualified domain name where "www" is the host. Specify a message to display on the screen when a user logs in this ... 111 VPN > SSL VPN > Global Setting LABEL DESCRIPTION Global Settings Network Extension Local IP Specify the IP address of the UAG's DDNS entries. UAG715 User's Guide 291 Figure 191 VPN > SSL VPN > Global Setting Chapter 23 SSL VPN The following table describes the labels in and an SSL...
User Guide
Page 292
... user to locate it. The graphic should use a resolution of a different resolution to 103 x 29 pixels. Click Reset Logo to Default to display the ZyXEL company logo on the remote user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 ...Custom Logo Follow the steps below to upload a custom logo to display on the remote user's web browser. Figure 192 Example Logo Graphic Display 292 UAG715 User's Guide Click Browse to locate the graphic file on the remote user computer. Make sure the file is in GIF, JPG, or PNG ...
... user to locate it. The graphic should use a resolution of a different resolution to 103 x 29 pixels. Click Reset Logo to Default to display the ZyXEL company logo on the remote user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 ...Custom Logo Follow the steps below to upload a custom logo to display on the remote user's web browser. Figure 192 Example Logo Graphic Display 292 UAG715 User's Guide Click Browse to locate the graphic file on the remote user computer. Make sure the file is in GIF, JPG, or PNG ...
User Guide
Page 305
UAG715 User's Guide 305 Chapter 25 ZyWALL SecuExtender Figure 209 ZyWALL SecuExtender Log Example 2009/03/12 13:35:50 ][SecuExtender Agent][DETAIL] Build Datetime: Feb ... disconnect the SSL VPN tunnel. 25.6 Uninstalling the ZyWALL SecuExtender Do the following if you need to remove the ZyWALL SecuExtender. 1 Click start > All Programs > ZyXEL > ZyWALL SecuExtender > Uninstall ZyWALL SecuExtender. 2 In the confirmation screen, click Yes.
UAG715 User's Guide 305 Chapter 25 ZyWALL SecuExtender Figure 209 ZyWALL SecuExtender Log Example 2009/03/12 13:35:50 ][SecuExtender Agent][DETAIL] Build Datetime: Feb ... disconnect the SSL VPN tunnel. 25.6 Uninstalling the ZyWALL SecuExtender Do the following if you need to remove the ZyWALL SecuExtender. 1 Click start > All Programs > ZyXEL > ZyWALL SecuExtender > Uninstall ZyWALL SecuExtender. 2 In the confirmation screen, click Yes.
User Guide
Page 334
... block access to use the external database content filtering (see the Licensing > Registration screens). 334 UAG715 User's Guide When a matching policy is www.zyxel.com.tw. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the domain name is found, the content filter allows or blocks...categorized based on the policy numbers). The UAG blocks the request if the default policy is news/pressroom.php. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the file path is set up a content filter policy. • You must configure an address object, a schedule...
... block access to use the external database content filtering (see the Licensing > Registration screens). 334 UAG715 User's Guide When a matching policy is www.zyxel.com.tw. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the domain name is found, the content filter allows or blocks...categorized based on the policy numbers). The UAG blocks the request if the default policy is news/pressroom.php. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the file path is set up a content filter policy. • You must configure an address object, a schedule...
User Guide
Page 352
... > Content Filter > Filter Profile > Custom Service (continued) LABEL DESCRIPTION Restricted Web Features Select the check box(es) to delete it. 352 UAG715 User's Guide Cookies are allowed. When a proxy server is located on a computer's hard drive. These are sites that you want to allow ...this to restrict a feature. Enter host names such as a wildcard to 127 characters (0-9a-z-). For example, entering "*zyxel.com" also allows "www.zyxel.com", "partner.zyxel.com", "press.zyxel.com", and so on the Trusted Web Sites list to modify it. For example, enter "*.com" to modify ...
... > Content Filter > Filter Profile > Custom Service (continued) LABEL DESCRIPTION Restricted Web Features Select the check box(es) to delete it. 352 UAG715 User's Guide Cookies are allowed. When a proxy server is located on a computer's hard drive. These are sites that you want to allow ...this to restrict a feature. Enter host names such as a wildcard to 127 characters (0-9a-z-). For example, entering "*zyxel.com" also allows "www.zyxel.com", "partner.zyxel.com", "press.zyxel.com", and so on the Trusted Web Sites list to modify it. For example, enter "*.com" to modify ...
User Guide
Page 358
...-users • operator • sync • admin • any • devicehaecived • ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd To access this screen, go to the User screen... name from 1 to be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on page 357), and click either the Add icon or an Edit icon. 358 UAG715 User's Guide
...-users • operator • sync • admin • any • devicehaecived • ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd To access this screen, go to the User screen... name from 1 to be alphabetical (A-Z a-z), an underscore (_), or a dash (-). Other limitations on page 357), and click either the Add icon or an Edit icon. 358 UAG715 User's Guide
User Guide
Page 385
... this screen to open a screen where you can modify the entry's settings. Edit Double-click an entry or select it before doing so. For example, o=ZyXEL, c=US. 33.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to create a new entry. The UAG confirms you... > Active Directory (or LDAP) LABEL DESCRIPTION Add Click this screen. Remove To remove an entry, select it and click Remove. Base DN This specifies a directory. UAG715 User's Guide 385
... this screen to open a screen where you can modify the entry's settings. Edit Double-click an entry or select it before doing so. For example, o=ZyXEL, c=US. 33.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to create a new entry. The UAG confirms you... > Active Directory (or LDAP) LABEL DESCRIPTION Add Click this screen. Remove To remove an entry, select it and click Remove. Base DN This specifies a directory. UAG715 User's Guide 385
User Guide
Page 386
... Directory (or LDAP) > Add The following table describes the labels in the AD or LDAP server(s) or the AD or LDAP server(s) is down. 386 UAG715 User's Guide Specify the port number on all AD or LDAP server(s) in this case, user authentication fails. Search time limit This is only for... 127 alphanumerical characters). Specify the directory (up to which the UAG sends authentication requests. Enter the description of the AD or LDAP server. For example, o=ZyXEL, c=US. You can use up to 63 alphanumerical characters) for LDAP.
... Directory (or LDAP) > Add The following table describes the labels in the AD or LDAP server(s) or the AD or LDAP server(s) is down. 386 UAG715 User's Guide Specify the port number on all AD or LDAP server(s) in this case, user authentication fails. Search time limit This is only for... 127 alphanumerical characters). Specify the directory (up to which the UAG sends authentication requests. Enter the description of the AD or LDAP server. For example, o=ZyXEL, c=US. You can use up to 63 alphanumerical characters) for LDAP.
User Guide
Page 435
...select it and click Edit to be able to modify the entry's settings. Domain Zone A hyphen (-) displays for the www.zyxel.com.tw fully qualified domain name. For example, zyxel.com.tw is the index number of a DNS server. Type DNS Server Query Via MX Record (for . This is ... screen. If the UAG connects through which the UAG sends DNS queries to resolve domain zones for features like VPN, DDNS and the time server. UAG715 User's Guide 435 To remove an entry, select it and click Remove. The default record is a host's fully qualified domain name. Table 176 ...
...select it and click Edit to be able to modify the entry's settings. Domain Zone A hyphen (-) displays for the www.zyxel.com.tw fully qualified domain name. For example, zyxel.com.tw is the index number of a DNS server. Type DNS Server Query Via MX Record (for . This is ... screen. If the UAG connects through which the UAG sends DNS queries to resolve domain zones for features like VPN, DDNS and the time server. UAG715 User's Guide 435 To remove an entry, select it and click Remove. The default record is a host's fully qualified domain name. Table 176 ...
User Guide
Page 436
... the IP address in the Address/PTR Record table to use frequently. To apply other configured rule. For example, www.zyxel.com is a fully qualified domain name, where "www" is the host, "zyxel" is the second-level domain, and "com" is the top level domain. This way you take this action. It... does not match any other behavior, configure a rule that traffic will match so the UAG will not have to add an address/PTR record. 436 UAG715 User's Guide If the UAG receives a DNS query for an FQDN for which the computer is allowed or denied to remove it before doing so...
... the IP address in the Address/PTR Record table to use frequently. To apply other configured rule. For example, www.zyxel.com is a fully qualified domain name, where "www" is the host, "zyxel" is the second-level domain, and "com" is the top level domain. This way you take this action. It... does not match any other behavior, configure a rule that traffic will match so the UAG will not have to add an address/PTR record. 436 UAG715 User's Guide If the UAG receives a DNS query for an FQDN for which the computer is allowed or denied to remove it before doing so...
User Guide
Page 437
... domain zone for example, *.example.com). Underscores are not allowed. as a prefix in the FQDN for a wildcard domain name (for the www.zyxel.com.tw fully qualified domain name. 39.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain...query the DNS server to exit this screen. A domain zone is the top level domain. Figure 288 Configuration > System > DNS > Domain Zone Forwarder Add UAG715 User's Guide 437 IP Address OK Cancel Use "*." Enter the IP address of a server. Figure 287 Configuration > System > DNS > Address/PTR Record ...
... domain zone for example, *.example.com). Underscores are not allowed. as a prefix in the FQDN for a wildcard domain name (for the www.zyxel.com.tw fully qualified domain name. 39.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain...query the DNS server to exit this screen. A domain zone is the top level domain. Figure 288 Configuration > System > DNS > Domain Zone Forwarder Add UAG715 User's Guide 437 IP Address OK Cancel Use "*." Enter the IP address of a server. Figure 287 Configuration > System > DNS > Address/PTR Record ...
User Guide
Page 438
... DHCP client. Each host or domain can send a query to the recorded name server IP address. For example, zyxel.com.tw is mapping to one of the UAG's local networks. You also need to your customized settings and exit ... assigns DNS server information. You cannot use 0.0.0.0. N/A displays for any DNS server IP address fields for the www.zyxel.com.tw fully qualified domain name. Select DNS Server(s) from other domain, external e-mail from ISP if your domain...the host. You cannot use 0.0.0.0. Figure 289 Configuration > System > DNS > MX Record Add 438 UAG715 User's Guide
... DHCP client. Each host or domain can send a query to the recorded name server IP address. For example, zyxel.com.tw is mapping to one of the UAG's local networks. You also need to your customized settings and exit ... assigns DNS server information. You cannot use 0.0.0.0. N/A displays for any DNS server IP address fields for the www.zyxel.com.tw fully qualified domain name. Select DNS Server(s) from other domain, external e-mail from ISP if your domain...the host. You cannot use 0.0.0.0. Figure 289 Configuration > System > DNS > MX Record Add 438 UAG715 User's Guide
User Guide
Page 464
... of variables include such as number of GetNext operations. • Set - In SNMPv1, when a manager wants to retrieve the next object variable from www.zyxel.com. 464 UAG715 User's Guide SNMP itself is the console through which network administrators perform network management functions. Allows the manager to communicate for object variables within...
... of variables include such as number of GetNext operations. • Set - In SNMPv1, when a manager wants to retrieve the next object variable from www.zyxel.com. 464 UAG715 User's Guide SNMP itself is the console through which network administrators perform network management functions. Allows the manager to communicate for object variables within...
User Guide
Page 487
... factory defaults. You only need to use the command line interface if you want to five minutes. Find the firmware package at www.zyxel.com in the Web Configurator to the configuration file when you can take up to upload in this configuration file. The firmware update can... not turn off or reset the UAG while the firmware update is included when you try to determine if you must use the write command. UAG715 User's Guide 487 Use the Firmware Package screen to a valid configuration. Select this file and click Apply to reset all of a configuration file...
... factory defaults. You only need to use the command line interface if you want to five minutes. Find the firmware package at www.zyxel.com in the Web Configurator to the configuration file when you can take up to upload in this configuration file. The firmware update can... not turn off or reset the UAG while the firmware update is included when you try to determine if you must use the write command. UAG715 User's Guide 487 Use the Firmware Package screen to a valid configuration. Select this file and click Apply to reset all of a configuration file...
User Guide
Page 515
... error at one site to which you assign the VPN tunnel and the zone from a computer at the other. Before doing so, ensure that both ZyXEL IPSec routers and check the settings in the routing table. Here are some general suggestions. See Chapter 10 on the zone to a computer at one... 500 and UDP port 4500 for the VPN tunnel. If you enable NAT traversal, the remote IPSec device must also have been learnt by -side. UAG715 User's Guide 515 Regular firewall rules check packets the UAG sends before testing your new VPN connection. This depends on page 153. • Make sure...
... error at one site to which you assign the VPN tunnel and the zone from a computer at the other. Before doing so, ensure that both ZyXEL IPSec routers and check the settings in the routing table. Here are some general suggestions. See Chapter 10 on the zone to a computer at one... 500 and UDP port 4500 for the VPN tunnel. If you enable NAT traversal, the remote IPSec device must also have been learnt by -side. UAG715 User's Guide 515 Regular firewall rules check packets the UAG sends before testing your new VPN connection. This depends on page 153. • Make sure...
User Guide
Page 520
Chapter 46 Troubleshooting 1 Make sure the SYS LED is on and not blinking. 2 Press the RESET button and hold it until the SYS LED begins to restart. You should be able to access the UAG using the default settings. 46.2 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for the UAG to blink. (This usually takes about five seconds.) 3 Release the RESET button, and wait for more troubleshooting suggestions. 520 UAG715 User's Guide
Chapter 46 Troubleshooting 1 Make sure the SYS LED is on and not blinking. 2 Press the RESET button and hold it until the SYS LED begins to restart. You should be able to access the UAG using the default settings. 46.2 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for the UAG to blink. (This usually takes about five seconds.) 3 Release the RESET button, and wait for more troubleshooting suggestions. 520 UAG715 User's Guide
User Guide
Page 521
...in a retrieval system, translated into any language, or transmitted in a commercial environment. UAG715 User's Guide 521 These limits are designed to radio communications. Operation of ZyXEL Communications Corporation. The contents of this publication may cause harmful interference to provide reasonable ...or by region. In a domestic environment this product's documentation and certifications. Viewing Certifications Go to http://www.zyxel.com to view this product may cause radio interference in material or workmanship for details about the Warranty Period ...
...in a retrieval system, translated into any language, or transmitted in a commercial environment. UAG715 User's Guide 521 These limits are designed to radio communications. Operation of ZyXEL Communications Corporation. The contents of this publication may cause harmful interference to provide reasonable ...or by region. In a domestic environment this product's documentation and certifications. Viewing Certifications Go to http://www.zyxel.com to view this product may cause radio interference in material or workmanship for details about the Warranty Period ...
User Guide
Page 522
... vendor for further information. • Make sure to connect the cables to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at the applicable collection point for North American products. Appendix A Legal Information Note Repair or replacement, as...cord and do NOT place the product where anyone can expose you bought the device at www.zyxel.com. Used electrical and electronic equipment should not be treated separately. 522 UAG715 User's Guide To obtain the services of merchantability or fitness for the region in Europe). ...
... vendor for further information. • Make sure to connect the cables to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at the applicable collection point for North American products. Appendix A Legal Information Note Repair or replacement, as...cord and do NOT place the product where anyone can expose you bought the device at www.zyxel.com. Used electrical and electronic equipment should not be treated separately. 522 UAG715 User's Guide To obtain the services of merchantability or fitness for the region in Europe). ...
User Guide
Page 531
... content 274 Dead Peer Detection (DPD) 271 Diffie-Hellman key group 274 encryption algorithms 273 extended authentication 276 UAG715 User's Guide Index ID type 274 IP address, remote IPSec router 272 IP address, ZyXEL device 272 local identity 275 main mode 272, 275 NAT traversal 276 negotiation mode 272 password 277 peer...
... content 274 Dead Peer Detection (DPD) 271 Diffie-Hellman key group 274 encryption algorithms 273 extended authentication 276 UAG715 User's Guide Index ID type 274 IP address, remote IPSec router 272 IP address, ZyXEL device 272 local identity 275 main mode 272, 275 NAT traversal 276 negotiation mode 272 password 277 peer...