User Guide
Page 9
...ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP VPN Example ...185 Technical Reference ...221 Dashboard ...223 Monitor ...237 Registration ...279 Signature Update ...285 Interfaces ...291 Trunks ...367 Policy and Static Routes ...377 Routing... SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
...ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP VPN Example ...185 Technical Reference ...221 Dashboard ...223 Monitor ...237 Registration ...279 Signature Update ...285 Interfaces ...291 Trunks ...367 Policy and Static Routes ...377 Routing... SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
User Guide
Page 13
... ...113 Chapter 7 Tutorials ...115 7.1 How to Configure Interfaces, Port Roles, and Zones 115 7.1.1 Configure a WAN Ethernet Interface 116 ZyWALL USG 100/200 Series User's Guide 13 Policy ...106 6.5.14 Firewall ...106 6.5.15 IPSec VPN ...107 6.5.16 SSL VPN ...107 6.5.17 L2TP VPN...User/Group ...111 6.7 System ...112 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 95 6.4 Packet Flow ...97 6.4.1 ZLD 2.20 Packet Flow Enhancements 97 6.4.2 Routing Table Checking Flow Enhancements 98 6.4.3 NAT Table Checking Flow 99 6.5 Feature Configuration Overview 100 6.5.1 Feature ...101...
... ...113 Chapter 7 Tutorials ...115 7.1 How to Configure Interfaces, Port Roles, and Zones 115 7.1.1 Configure a WAN Ethernet Interface 116 ZyWALL USG 100/200 Series User's Guide 13 Policy ...106 6.5.14 Firewall ...106 6.5.15 IPSec VPN ...107 6.5.16 SSL VPN ...107 6.5.17 L2TP VPN...User/Group ...111 6.7 System ...112 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 95 6.4 Packet Flow ...97 6.4.1 ZLD 2.20 Packet Flow Enhancements 97 6.4.2 Routing Table Checking Flow Enhancements 98 6.4.3 NAT Table Checking Flow 99 6.5 Feature Configuration Overview 100 6.5.1 Feature ...101...
User Guide
Page 15
... WAN Traffic 176 7.14.1 Create the Public IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device ...HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP ... 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
... WAN Traffic 176 7.14.1 Create the Public IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device ...HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP ... 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
User Guide
Page 17
... You Need to Know 368 14.2 The Trunk Summary Screen 372 14.3 Configuring a Trunk ...373 14.4 Trunk Technical Reference 375 Chapter 15 Policy and Static Routes ...377 15.1 Policy and Static Routes Overview 377 ZyWALL USG 100/200 Series User's Guide 17
... You Need to Know 368 14.2 The Trunk Summary Screen 372 14.3 Configuring a Trunk ...373 14.4 Trunk Technical Reference 375 Chapter 15 Policy and Static Routes ...377 15.1 Policy and Static Routes Overview 377 ZyWALL USG 100/200 Series User's Guide 17
User Guide
Page 18
....3 The OSPF Screen ...395 16.3.1 Configuring the OSPF Screen 399 16.3.2 OSPF Area Add/Edit Screen 402 16.3.3 Virtual Link Add/Edit Screen 403 16.4 Routing Protocol Technical Reference 404 Chapter 17 Zones ...407 17.1 Zones Overview ...407 17.1.1 What You Can Do in this Chapter 407 17.1.2 What You Need... Do in this Chapter 417 19.1.2 What You Need to Know 418 19.2 The NAT Screen ...418 19.2.1 The NAT Add/Edit Screen 420 18 ZyWALL USG 100/200 Series User's Guide
....3 The OSPF Screen ...395 16.3.1 Configuring the OSPF Screen 399 16.3.2 OSPF Area Add/Edit Screen 402 16.3.3 Virtual Link Add/Edit Screen 403 16.4 Routing Protocol Technical Reference 404 Chapter 17 Zones ...407 17.1 Zones Overview ...407 17.1.1 What You Can Do in this Chapter 407 17.1.2 What You Need... Do in this Chapter 417 19.1.2 What You Need to Know 418 19.2 The NAT Screen ...418 19.2.1 The NAT Add/Edit Screen 420 18 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 33
...also provides bandwidth management, Instant Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. Configure the ZyWALL USG 200's OPT Gigabit Ethernet port as a transparent firewall in an existing network with the ... efficiently. ZyWALL USG 100/200 Series User's Guide 33 The ZyWALL also provides two separate LAN networks. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP ...
...also provides bandwidth management, Instant Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. Configure the ZyWALL USG 200's OPT Gigabit Ethernet port as a transparent firewall in an existing network with the ... efficiently. ZyWALL USG 100/200 Series User's Guide 33 The ZyWALL also provides two separate LAN networks. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP ...
User Guide
Page 39
...between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 100/200 Series User's Guide 39 It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Virtual Private Networks (VPN) Use IPSec, SSL,... or L2TP VPN to zones. As a result, it is much simpler to set up and to change security settings in the event the master ZyWALL fails (device HA)....
...between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 100/200 Series User's Guide 39 It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Virtual Private Networks (VPN) Use IPSec, SSL,... or L2TP VPN to zones. As a result, it is much simpler to set up and to change security settings in the event the master ZyWALL fails (device HA)....
User Guide
Page 48
...Password) token to generate a new number the next time you logged in the One-Time Password field. Figure 12 Update Admin Info Screen 48 ZyWALL USG 100/200 Series User's Guide If your web browser, and go to its HTTPS server, and it in using the default user name and password, ...the Update Admin Info screen (Figure 12 on page 49) appears. By default, the ZyWALL automatically routes this setting. Chapter 3 Web Configurator 2 Open your account is ...
...Password) token to generate a new number the next time you logged in the One-Time Password field. Figure 12 Update Admin Info Screen 48 ZyWALL USG 100/200 Series User's Guide If your web browser, and go to its HTTPS server, and it in using the default user name and password, ...the Update Admin Info screen (Figure 12 on page 49) appears. By default, the ZyWALL automatically routes this setting. Chapter 3 Web Configurator 2 Open your account is ...
User Guide
Page 53
Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Routing Policy Route Create and manage routing policies. Static Route Create and manage IP static routing information. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed 3G card. Policy ... of IP addresses to define various policies. VPN Gateway Configure IKE tunnels. Concentrator Configure VPN concentrators (hub-and-spoke VPN). ZyWALL USG 100/200 Series User's Guide 53 WLAN Configure settings for load balancing and link High Availability (HA). Trunk Create and manage trunks (groups...
Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Routing Policy Route Create and manage routing policies. Static Route Create and manage IP static routing information. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed 3G card. Policy ... of IP addresses to define various policies. VPN Gateway Configure IKE tunnels. Concentrator Configure VPN concentrators (hub-and-spoke VPN). ZyWALL USG 100/200 Series User's Guide 53 WLAN Configure settings for load balancing and link High Availability (HA). Trunk Create and manage trunks (groups...
User Guide
Page 91
...the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as objects. CHAPTER 6 Configuration Basics This information is provided to configure many of it is provided for the policy route.) • Section 6.6 on an interface's IP address, subnet... create a schedule object, you can have to configure a trunk for load-balancing, you should configure a policy route for it as well. (You might also have firewall, application patrol, content filter, and other settings that use these ZyWALL USG 100/200 Series User's Guide 91
...the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as objects. CHAPTER 6 Configuration Basics This information is provided to configure many of it is provided for the policy route.) • Section 6.6 on an interface's IP address, subnet... create a schedule object, you can have to configure a trunk for load-balancing, you should configure a policy route for it as well. (You might also have firewall, application patrol, content filter, and other settings that use these ZyWALL USG 100/200 Series User's Guide 91
User Guide
Page 93
...WAN interface, for defining other features. 6.2.1 Interface Types There are created when you can configure the IP address and subnet mask of routing information in the bridge. • Virtual interfaces increase the amount of the bridge. This interface can change the opt interface to be... connection between physical ports at the layer-2 (data link, MAC address) level. You can be part of interfaces and VPN tunnels. ZyWALL USG 100/200 Series User's Guide 93 In configuration, you connect a cable. You use physical ports when configuring port groups. You also configure RIP ...
...WAN interface, for defining other features. 6.2.1 Interface Types There are created when you can configure the IP address and subnet mask of routing information in the bridge. • Virtual interfaces increase the amount of the bridge. This interface can change the opt interface to be... connection between physical ports at the layer-2 (data link, MAC address) level. You can be part of interfaces and VPN tunnels. ZyWALL USG 100/200 Series User's Guide 93 In configuration, you connect a cable. You use physical ports when configuring port groups. You also configure RIP ...
User Guide
Page 96
... ZLD ZYWALL FEATURE / SCREEN Trigger port, port triggering Policy route Address mapping Policy route Address mapping (VPN) IPSec VPN Table 18 Bandwidth Management: Differences Between the ZLD ZyWALL and ZyNOS ZYNOS FEATURE / SCREEN ZLD ZYWALL FEATURE / SCREEN Interface bandwidth management (outbound) Interface OSI level-7 bandwidth management Application patrol General bandwidth management Policy route 96 ZyWALL USG 100/200 Series...
... ZLD ZYWALL FEATURE / SCREEN Trigger port, port triggering Policy route Address mapping Policy route Address mapping (VPN) IPSec VPN Table 18 Bandwidth Management: Differences Between the ZLD ZyWALL and ZyNOS ZYNOS FEATURE / SCREEN ZLD ZYWALL FEATURE / SCREEN Interface bandwidth management (outbound) Interface OSI level-7 bandwidth management Application patrol General bandwidth management Policy route 96 ZyWALL USG 100/200 Series...
User Guide
Page 97
...that are WLAN interfaces and any Ethernet interfaces that you configure as internal interfaces. • A policy route can be automatically disabled if the next-hop is the order in which the ZyWALL applies its features and checks. Examples of the external interfaces to simplify configuration. External interfaces include ppp,..., and aux interfaces as well as external interfaces. The packet flow has been changed as follows: • Automatic SNAT and WAN trunk routing for IPSec traffic. • Policy routes can override direct routes. ZyWALL USG 100/200 Series User's Guide 97
...that are WLAN interfaces and any Ethernet interfaces that you configure as internal interfaces. • A policy route can be automatically disabled if the next-hop is the order in which the ZyWALL applies its features and checks. Examples of the external interfaces to simplify configuration. External interfaces include ppp,..., and aux interfaces as well as external interfaces. The packet flow has been changed as follows: • Automatic SNAT and WAN trunk routing for IPSec traffic. • Policy routes can override direct routes. ZyWALL USG 100/200 Series User's Guide 97
User Guide
Page 98
... in the same subnet as one of the sections, the ZyWALL stops checking the packets against the routing table and moves on page 377). 98 ZyWALL USG 100/200 Series User's Guide Then it defragments them . Figure 58 Routing Table Checking Flow Enhancements 1 Direct-connected Subnets: The ZyWALL first checks to see Section 15.1 on to the...
... in the same subnet as one of the sections, the ZyWALL stops checking the packets against the routing table and moves on page 377). 98 ZyWALL USG 100/200 Series User's Guide Then it defragments them . Figure 58 Routing Table Checking Flow Enhancements 1 Direct-connected Subnets: The ZyWALL first checks to see Section 15.1 on to the...
User Guide
Page 99
...routers through the appropriate interface or VPN tunnel. Configure policy routes to access the server. It maps a range of private network servers that did not match any of the sections, the ZyWALL USG 100/200 Series User's Guide 99 See Section 19.2.1 on policy routes. 3 1 to 1 and Many 1 to 1 NAT...: These are the user-configured policy routes. See Chapter 15 on page 372 for how to select which trunk the...
...routers through the appropriate interface or VPN tunnel. Configure policy routes to access the server. It maps a range of private network servers that did not match any of the sections, the ZyWALL USG 100/200 Series User's Guide 99 See Section 19.2.1 on policy routes. 3 1 to 1 and Many 1 to 1 NAT...: These are the user-configured policy routes. See Chapter 15 on page 372 for how to select which trunk the...
User Guide
Page 100
.... 2 1 to 1 SNAT (including Many 1 to bandwidth management. The features are listed in the same sequence as shown below. 100 ZyWALL USG 100/200 Series User's Guide Each feature description is also now performed by default and included in the NAT table. 6.5 Feature Configuration Overview This section ... Web Configurator. Chapter 6 Configuration Basics ZyWALL stops checking the packets against the NAT table and moves on to 1) is also included in the NAT table. 3 NAT loopback is now included in the NAT table instead of requiring a separate policy route. 4 SNAT is organized as the menu...
.... 2 1 to 1 SNAT (including Many 1 to bandwidth management. The features are listed in the same sequence as shown below. 100 ZyWALL USG 100/200 Series User's Guide Each feature description is also now performed by default and included in the NAT table. 6.5 Feature Configuration Overview This section ... Web Configurator. Chapter 6 Configuration Basics ZyWALL stops checking the packets against the NAT table and moves on to 1) is also included in the NAT table. 3 NAT loopback is now included in the NAT table instead of requiring a separate policy route. 4 SNAT is organized as the menu...
User Guide
Page 101
... to myZyXEL.com. You must have a valid ZyWALL USG 100/200 Series User's Guide 101 For example, you how to update the ZyWALL's signature packages for a VPN tunnel. For example, no other features you should usually configure or check right after you should usually create a policy route for the anti-virus, IDP and application patrol...
... to myZyXEL.com. You must have a valid ZyWALL USG 100/200 Series User's Guide 101 For example, you how to update the ZyWALL's signature packages for a VPN tunnel. For example, no other features you should usually configure or check right after you should usually create a policy route for the anti-virus, IDP and application patrol...
User Guide
Page 102
... management (out of the features that use policy routes for background information. Chapter 6 Configuration Basics subscription to update the anti-virus and IDP/application patrol signatures You must have Internet access to send packets through the appropriate interface or VPN tunnel. Most of the ZyWALL), port triggering, 102 ZyWALL USG 100/200 Series User's Guide
... management (out of the features that use policy routes for background information. Chapter 6 Configuration Basics subscription to update the anti-virus and IDP/application patrol signatures You must have Internet access to send packets through the appropriate interface or VPN tunnel. Most of the ZyWALL), port triggering, 102 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 103
... that your WAN connection. 1 Create an address object for FTP traffic. ZyWALL USG 100/200 Series User's Guide 103 Chapter 6 Configuration Basics and general NAT on the source address. MENU ITEM(S) Configuration > Network > Routing > Policy Route Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), addresses... Select the interface that the traffic comes in through your custom policy route comes before any other routes that they are the default WAN interfaces). Note: The ZyWALL checks the policy routes in the DMZ zone). You want to ge4 (in the order that...
... that your WAN connection. 1 Create an address object for FTP traffic. ZyWALL USG 100/200 Series User's Guide 103 Chapter 6 Configuration Basics and general NAT on the source address. MENU ITEM(S) Configuration > Network > Routing > Policy Route Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), addresses... Select the interface that the traffic comes in through your custom policy route comes before any other routes that they are the default WAN interfaces). Note: The ZyWALL checks the policy routes in the DMZ zone). You want to ge4 (in the order that...
User Guide
Page 104
... run. Chapter 6 Configuration Basics 6.5.7 Static Routes Use static routes to tell the ZyWALL about networks not directly connected to make computers on a private network behind the ZyWALL available outside the private network. 104 ZyWALL USG 100/200 Series User's Guide Each interface and VPN ...tunnel can be assigned to at most one zone. MENU ITEM(S) Configuration > Network > Routing > Static Route PREREQUISITES Interfaces 6.5.8 Zones See Section...
... run. Chapter 6 Configuration Basics 6.5.7 Static Routes Use static routes to tell the ZyWALL about networks not directly connected to make computers on a private network behind the ZyWALL available outside the private network. 104 ZyWALL USG 100/200 Series User's Guide Each interface and VPN ...tunnel can be assigned to at most one zone. MENU ITEM(S) Configuration > Network > Routing > Static Route PREREQUISITES Interfaces 6.5.8 Zones See Section...