User Guide
Page 5
... device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. Disclaimer Graphics in operating systems, operating system versions, or if you took to ensure that you received your device. ZyWALL USG 100/200 Series User's Guide 5 Every effort has been made to solve it. Please have the following information ready when you contact an office. • Product model and serial number...
... device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. Disclaimer Graphics in operating systems, operating system versions, or if you took to ensure that you received your device. ZyWALL USG 100/200 Series User's Guide 5 Every effort has been made to solve it. Please have the following information ready when you contact an office. • Product model and serial number...
User Guide
Page 14
....1 Create the Address Objects 168 7.12.2 Configure NAT ...168 7.12.3 Set Up a Firewall Rule 169 7.13 How to Use an IPPBX on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
....1 Create the Address Objects 168 7.12.2 Configure NAT ...168 7.12.3 Set Up a Firewall Rule 169 7.13 How to Use an IPPBX on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 15
... Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 176 7.14.1 Create the Public IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example...
... Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 176 7.14.1 Create the Public IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example...
User Guide
Page 33
... management, Instant Messaging (IM) and Peer to add an IEEE 802.11b/g-compliant wireless LAN. The ZyWALL also provides two separate LAN networks. You can also use a 3G cellular card (not included) for connecting publicly accessible servers. ZyWALL USG 100/200 Series User's Guide 33 Alternatively, you set ports to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can set up the network and enforce security policies efficiently. The DeMilitarized Zone (DMZ...
... management, Instant Messaging (IM) and Peer to add an IEEE 802.11b/g-compliant wireless LAN. The ZyWALL also provides two separate LAN networks. You can also use a 3G cellular card (not included) for connecting publicly accessible servers. ZyWALL USG 100/200 Series User's Guide 33 Alternatively, you set ports to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can set up the network and enforce security policies efficiently. The DeMilitarized Zone (DMZ...
User Guide
Page 53
... of IP addresses to each supported interface. OSPF Configure device-level OSPF settings, including areas and virtual links. DDNS Profile Define and manage the ZyWALL's DDNS domain names. IP/MAC Binding Summary Configure IP to set the ZyWALL's flexible ports as LAN1, WLAN, or DMZ. Firewall Firewall Create and manage level-3 traffic rules. VPN Gateway Configure IKE tunnels. ALG Configure SIP, H.323, and FTP pass-through settings. ZyWALL USG 100/200 Series User's Guide 53 Bridge Create and manage bridges and virtual bridge interfaces. Exempt List Configure ranges...
... of IP addresses to each supported interface. OSPF Configure device-level OSPF settings, including areas and virtual links. DDNS Profile Define and manage the ZyWALL's DDNS domain names. IP/MAC Binding Summary Configure IP to set the ZyWALL's flexible ports as LAN1, WLAN, or DMZ. Firewall Firewall Create and manage level-3 traffic rules. VPN Gateway Configure IKE tunnels. ALG Configure SIP, H.323, and FTP pass-through settings. ZyWALL USG 100/200 Series User's Guide 53 Bridge Create and manage bridges and virtual bridge interfaces. Exempt List Configure ranges...
User Guide
Page 56
... Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for an out of band management connection through a modem connected to the AUX port. WWW Service Control Configure HTTP, HTTPS, and general authentication. FTP Configure FTP server settings. Log Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to upload firmware. Shutdown Turn off the ZyWALL. 56 ZyWALL USG 100/200 Series User's Guide Log & Report Email Daily Report...
... Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for an out of band management connection through a modem connected to the AUX port. WWW Service Control Configure HTTP, HTTPS, and general authentication. FTP Configure FTP server settings. Log Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to upload firmware. Shutdown Turn off the ZyWALL. 56 ZyWALL USG 100/200 Series User's Guide Log & Report Email Daily Report...
User Guide
Page 64
... by your IP address settings. 64 ZyWALL USG 100/200 Series User's Guide Chapter 4 Installation Setup Wizard 4.1.1 Internet Access Setup - Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is used as your ISP did not assign you are configuring the first WAN interface. • Encapsulation: Choose the Ethernet option when the WAN port is the security zone to which this screen to set the previous screen's IP Address Assignment field to configure and the first WAN interface's type of encapsulation...
... by your IP address settings. 64 ZyWALL USG 100/200 Series User's Guide Chapter 4 Installation Setup Wizard 4.1.1 Internet Access Setup - Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is used as your ISP did not assign you are configuring the first WAN interface. • Encapsulation: Choose the Ethernet option when the WAN port is the security zone to which this screen to set the previous screen's IP Address Assignment field to configure and the first WAN interface's type of encapsulation...
User Guide
Page 93
Use interfaces in configuring VPN, zones, trunks, device HA, DDNS, policy routes, static routes, HTTP redirect, and NAT. You use to dial out. Each VLAN can only be part of the same (lan1, ext-wlan or dmz) interface. • PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). Use zones to being used as IP alias), virtual VLAN interfaces, and virtual bridge interfaces. • The auxiliary interface, along with one Ethernet interface. • Bridge interfaces create a software connection between Ethernet or VLAN interfaces at the layer2 (data link, MAC address) level...
Use interfaces in configuring VPN, zones, trunks, device HA, DDNS, policy routes, static routes, HTTP redirect, and NAT. You use to dial out. Each VLAN can only be part of the same (lan1, ext-wlan or dmz) interface. • PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). Use zones to being used as IP alias), virtual VLAN interfaces, and virtual bridge interfaces. • The auxiliary interface, along with one Ethernet interface. • Bridge interfaces create a software connection between Ethernet or VLAN interfaces at the layer2 (data link, MAC address) level...
User Guide
Page 125
... default trunk and click Apply. For each WLAN user, set up a user account containing the user name and password the WLAN user needs to enter to connect to use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. ZyWALL USG 100/200 Series User's Guide 125 You can configure the WLAN interfaces before or after you can use on page 923 for authentication. 7.4.1 Set Up User Accounts The ZyWALL supports TTLS using different SSIDs. You can install a wireless LAN card...
... default trunk and click Apply. For each WLAN user, set up a user account containing the user name and password the WLAN user needs to enter to connect to use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. ZyWALL USG 100/200 Series User's Guide 125 You can configure the WLAN interfaces before or after you can use on page 923 for authentication. 7.4.1 Set Up User Accounts The ZyWALL supports TTLS using different SSIDs. You can install a wireless LAN card...
User Guide
Page 243
... or to update the IP address for virtual interfaces on the interface since it was last connected. If there is a Expand icon (plus-sign) next to the name, click this to update its IP address, this might happen if the interface is down. ZyWALL USG 100/200 Series User's Guide 243 This VRRP group is not functioning in the virtual router. This field displays the zone to the network. This...
... or to update the IP address for virtual interfaces on the interface since it was last connected. If there is a Expand icon (plus-sign) next to the name, click this to update its IP address, this might happen if the interface is down. ZyWALL USG 100/200 Series User's Guide 243 This VRRP group is not functioning in the virtual router. This field displays the zone to the network. This...
User Guide
Page 301
... routes from this interface to an external network (like the Internet). These IP address fields configure an IP address on the interface, you must manually configure a policy route to add routing and SNAT settings for the network connected to a local network. ZyWALL USG 100/200 Series User's Guide 301 Interface Properties Interface Type This is field is to WAN traffic. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which type of the screen's options do not automatically adjust and you may also need...
... routes from this interface to an external network (like the Internet). These IP address fields configure an IP address on the interface, you must manually configure a policy route to add routing and SNAT settings for the network connected to a local network. ZyWALL USG 100/200 Series User's Guide 301 Interface Properties Interface Type This is field is to WAN traffic. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which type of the screen's options do not automatically adjust and you may also need...
User Guide
Page 318
... card. Connected Device This displays the manufacturer and model name of device settings. Idle timeout This value specifies the time in seconds (0~360) that you inserted one of the 3G device's profiles of your 3G card if you are allowed. 318 ZyWALL USG 100/200 Series User's Guide APN Select Custom to do otherwise). Spaces are configuring for use alphanumeric and characters, and it displays none. Table 67 Configuration > Network > Interface > Cellular > Add...
... card. Connected Device This displays the manufacturer and model name of device settings. Idle timeout This value specifies the time in seconds (0~360) that you inserted one of the 3G device's profiles of your 3G card if you are allowed. 318 ZyWALL USG 100/200 Series User's Guide APN Select Custom to do otherwise). Spaces are configuring for use alphanumeric and characters, and it displays none. Table 67 Configuration > Network > Interface > Cellular > Add...
User Guide
Page 328
... to the wireless interface at the same time. The key is not used elsewhere. It is not sent over the network. Virtual Access Point Settings SSID (Service Set IDentity) The SSID identifies the Service Set with one another. Select none to prevent wireless clients in this wireless LAN interface. Radius Server IP Address Radius Server Port Radius Server Secret IP Address Assignment Select the check box to 60 characters long. Enter a password (up to enable wireless user authentication through scanning. To make your wireless network more secure, change the default SSID to...
... to the wireless interface at the same time. The key is not used elsewhere. It is not sent over the network. Virtual Access Point Settings SSID (Service Set IDentity) The SSID identifies the Service Set with one another. Select none to prevent wireless clients in this wireless LAN interface. Radius Server IP Address Radius Server Port Radius Server Secret IP Address Assignment Select the check box to 60 characters long. Enter a password (up to enable wireless user authentication through scanning. To make your wireless network more secure, change the default SSID to...
User Guide
Page 336
... external authentication server and the ZyWALL. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter. Idle Timeout Group Key Update Timer Note: If wireless station authentication is allowed. Chapter 13 Interfaces Table 73 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Radius Server Port Enter the RADIUS server's listening port number (the default is also supported in WPA-PSK mode. 13.7 WLAN Interface MAC Filter The MAC filter allows you to give specific wireless clients exclusive access...
... external authentication server and the ZyWALL. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter. Idle Timeout Group Key Update Timer Note: If wireless station authentication is allowed. Chapter 13 Interfaces Table 73 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Radius Server Port Enter the RADIUS server's listening port number (the default is also supported in WPA-PSK mode. 13.7 WLAN Interface MAC Filter The MAC filter allows you to give specific wireless clients exclusive access...
User Guide
Page 422
... IP address subnet or IP address range this NAT rule supports for the selected destination IP address (Original IP). Port Mapping Type Use the drop-down list box to packets received on the rule's specified incoming interface. 422 ZyWALL USG 100/200 Series User's Guide this NAT rule supports. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on page 423 for the traffic it sends to also access the server...
... IP address subnet or IP address range this NAT rule supports for the selected destination IP address (Original IP). Port Mapping Type Use the drop-down list box to packets received on the rule's specified incoming interface. 422 ZyWALL USG 100/200 Series User's Guide this NAT rule supports. Protocol Type Original Port Mapped Port Original Start Port Original End Port Mapped Start Port Mapped End Port Enable NAT Loopback See Appendix B on page 423 for the traffic it sends to also access the server...
User Guide
Page 526
... the ZyWALL or your network administrator, you how to access the login screen. If instructed by your network administrator). Chapter 27 SSL User Screens System Requirements Here are the browser and computer system requirements for Internet Explorer are shown. 526 ZyWALL USG 100/200 Series User's Guide Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address...
... the ZyWALL or your network administrator, you how to access the login screen. If instructed by your network administrator). Chapter 27 SSL User Screens System Requirements Here are the browser and computer system requirements for Internet Explorer are shown. 526 ZyWALL USG 100/200 Series User's Guide Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address...
User Guide
Page 858
... server port number for a service if needed, however you can access which is the password for the incoming Get and GetNext requests from the management station. Destination Type the IP address of the station to send your SNMP traps to access the ZyWALL using this screen. You can be used to the SNMP manager. Get Community Enter the Get Community, which ZyWALL zones. 858 ZyWALL USG 100/200 Series User's Guide Table 248 Configuration...
... server port number for a service if needed, however you can access which is the password for the incoming Get and GetNext requests from the management station. Destination Type the IP address of the station to send your SNMP traps to access the ZyWALL using this screen. You can be used to the SNMP manager. Get Community Enter the Get Community, which ZyWALL zones. 858 ZyWALL USG 100/200 Series User's Guide Table 248 Configuration...
User Guide
Page 907
... a compatible 3G device installed or connected. Each VLAN interface is strongly recommended that all the wireless devices in your network support. I cannot configure a particular VLAN interface on top of an Ethernet interface even though I have the cellular interface enabled. • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ZyWALL has multiple WAN interfaces, make sure their IP addresses are on different subnets. Chapter 56 Troubleshooting created a cellular interface but...
... a compatible 3G device installed or connected. Each VLAN interface is strongly recommended that all the wireless devices in your network support. I cannot configure a particular VLAN interface on top of an Ethernet interface even though I have the cellular interface enabled. • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ZyWALL has multiple WAN interfaces, make sure their IP addresses are on different subnets. Chapter 56 Troubleshooting created a cellular interface but...
User Guide
Page 969
... the interface in Services Logs (continued) LOG MESSAGE DESCRIPTION Console baud has been An administrator changed . %d is default baud rate If interface is time zone value An administrator changed the time zone. If this interface is unlink/disconnect or link/connect, this log will be reapplied due to %s. %s is rule number ZyWALL USG 100/200 Series User's Guide 969 Set timezone to Device HA status is Stand-By DHCP Server on Interface %s will be run. Set timezone to the default (0). DNS access control...
... the interface in Services Logs (continued) LOG MESSAGE DESCRIPTION Console baud has been An administrator changed . %d is default baud rate If interface is time zone value An administrator changed the time zone. If this interface is unlink/disconnect or link/connect, this log will be reapplied due to %s. %s is rule number ZyWALL USG 100/200 Series User's Guide 969 Set timezone to Device HA status is Stand-By DHCP Server on Interface %s will be run. Set timezone to the default (0). DNS access control...
User Guide
Page 1118
... also bridge interfaces. backup, see trunks bandwidth management 362, 374 bridge, see also VLAN interfaces. types 292 virtual, see also auxiliary interface. Index external 97, 301 internal 97, 301 statistics 241 status 226, 241 troubleshooting 905 type 97, 301 types 93 interfaces 93, 115, 291 and DNS servers 364 and HTTP redirect 430 and layer-3 virtualization 292 and NAT 421 and physical ports 92, 292 and policy routes 385 and static routes 389 and VPN gateways...
... also bridge interfaces. backup, see trunks bandwidth management 362, 374 bridge, see also VLAN interfaces. types 292 virtual, see also auxiliary interface. Index external 97, 301 internal 97, 301 statistics 241 status 226, 241 troubleshooting 905 type 97, 301 types 93 interfaces 93, 115, 291 and DNS servers 364 and HTTP redirect 430 and layer-3 virtualization 292 and NAT 421 and physical ports 92, 292 and policy routes 385 and static routes 389 and VPN gateways...