User Guide
Page 3
ZyWALL USG 100/200 Series User's Guide 3 Related Documentation • Quick Start Guide The Quick Start Guide is designed to show you how to configure the ZyWALL using the Web Configurator. How To ...Guide The CLI Reference Guide explains how to use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in the Web Configurator. About This User...; Read Chapter 5 on page 73 if you're using the quick setup wizards and you want to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real...
ZyWALL USG 100/200 Series User's Guide 3 Related Documentation • Quick Start Guide The Quick Start Guide is designed to show you how to configure the ZyWALL using the Web Configurator. How To ...Guide The CLI Reference Guide explains how to use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in the Web Configurator. About This User...; Read Chapter 5 on page 73 if you're using the quick setup wizards and you want to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP VPN Example ...185 Technical Reference ...221 Dashboard ...223 Monitor ...237 Registration ...279...VPN ...471 SSL VPN ...511 SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP VPN Example ...185 Technical Reference ...221 Dashboard ...223 Monitor ...237 Registration ...279...VPN ...471 SSL VPN ...511 SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
User Guide
Page 12
...Wizard - Scenario 85 5.5.5 VPN Advanced Wizard - Finish 70 4.2 Device Registration ...70 Chapter 5 Quick Setup ...73 5.1 Quick Setup Overview ...73 5.2 WAN Interface Quick Setup 74 5.2.1 Choose an Ethernet Interface 74 5.2.2 Select WAN Type ...74 5.2.3 Configure WAN Settings 75 5.2.4... ISP Parameters ...68 4.1.6 Internet Access Setup - Finish 90 Chapter 6 Configuration Basics...91 6.1 Object-based Configuration 91 6.2 Zones, Interfaces, and Physical Ports 92 6.2.1 Interface Types ...93 6.2.2 Default Interface and Zone Configuration 94 12 ZyWALL USG 100/200 Series User's Guide
...Wizard - Scenario 85 5.5.5 VPN Advanced Wizard - Finish 70 4.2 Device Registration ...70 Chapter 5 Quick Setup ...73 5.1 Quick Setup Overview ...73 5.2 WAN Interface Quick Setup 74 5.2.1 Choose an Ethernet Interface 74 5.2.2 Select WAN Type ...74 5.2.3 Configure WAN Settings 75 5.2.4... ISP Parameters ...68 4.1.6 Internet Access Setup - Finish 90 Chapter 6 Configuration Basics...91 6.1 Object-based Configuration 91 6.2 Zones, Interfaces, and Physical Ports 92 6.2.1 Interface Types ...93 6.2.2 Default Interface and Zone Configuration 94 12 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 14
... on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
... on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 15
... Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example... 10.1 Overview ...237 10.1.1 What You Can Do in this Chapter 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
... Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example... 10.1 Overview ...237 10.1.1 What You Can Do in this Chapter 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
User Guide
Page 16
... 10.9 WLAN Interface Station Monitor Screen 252 10.10 Cellular Status Screen 254 10.11 Application Patrol Statistics 256 10.11.1 Application Patrol Statistics: General Setup 256 10.11.2 Application Patrol Statistics: Bandwidth Statistics 257 10.11.3 Application Patrol Statistics: Protocol Statistics 258 10.11.4 Application Patrol Statistics: Individual Protocol Statistics... 12.2 The Antivirus Update Screen 286 12.3 The IDP/AppPatrol Update Screen 287 12.4 The System Protect Update Screen 289 Chapter 13 Interfaces ...291 16 ZyWALL USG 100/200 Series User's Guide
... 10.9 WLAN Interface Station Monitor Screen 252 10.10 Cellular Status Screen 254 10.11 Application Patrol Statistics 256 10.11.1 Application Patrol Statistics: General Setup 256 10.11.2 Application Patrol Statistics: Bandwidth Statistics 257 10.11.3 Application Patrol Statistics: Protocol Statistics 258 10.11.4 Application Patrol Statistics: Individual Protocol Statistics... 12.2 The Antivirus Update Screen 286 12.3 The IDP/AppPatrol Update Screen 287 12.4 The System Protect Update Screen 289 Chapter 13 Interfaces ...291 16 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 37
... Stop Bit 1 Flow Control Off 1.5 Starting and Stopping the ZyWALL Here are as follows. Chapter 1 Introducing the ZyWALL Web Configurator The Web Configurator allows easy ZyWALL setup and management using CLI commands. See the Command Reference Guide for more information about the CLI. ZyWALL USG 100/200 Series User's Guide 37 You can use text-based commands...
... Stop Bit 1 Flow Control Off 1.5 Starting and Stopping the ZyWALL Here are as follows. Chapter 1 Introducing the ZyWALL Web Configurator The Web Configurator allows easy ZyWALL setup and management using CLI commands. See the Command Reference Guide for more information about the CLI. ZyWALL USG 100/200 Series User's Guide 37 You can use text-based commands...
User Guide
Page 47
Unless otherwise specified, the ZyWALL USG 200 screens are shown. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or Firefox 1.5 or... (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. ZyWALL USG 100/200 Series User's Guide 47 See the Quick Start Guide.
Unless otherwise specified, the ZyWALL USG 200 screens are shown. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or Firefox 1.5 or... (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. ZyWALL USG 100/200 Series User's Guide 47 See the Quick Start Guide.
User Guide
Page 49
... the default user name and default password. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. Follow the directions in Figure 13 on page 49): • A - navigation panel ZyWALL USG 100/200 Series User's Guide 49 Chapter 3 Web Configurator 5 The screen above appears every...
... the default user name and default password. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. Follow the directions in Figure 13 on page 49): • A - navigation panel ZyWALL USG 100/200 Series User's Guide 49 Chapter 3 Web Configurator 5 The screen above appears every...
User Guide
Page 52
...Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Signature Update Anti-Virus Update anti-virus signatures immediately or by a schedule. Network 52 ZyWALL USG 100/200 Series User's Guide AppPatrol Statistics Displays bandwidth and... protocol statistics. Anti-X Statistics Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Chapter 3 Web Configurator Table ...
...Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Signature Update Anti-Virus Update anti-virus signatures immediately or by a schedule. Network 52 ZyWALL USG 100/200 Series User's Guide AppPatrol Statistics Displays bandwidth and... protocol statistics. Anti-X Statistics Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Chapter 3 Web Configurator Table ...
User Guide
Page 55
...users. AAA Server Active Directory- Auth. System Host Name Configure the system and domain name for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. LDAP-Default Configure the default LDAP settings. Trusted Certificates Import and...Active Directory settings. ISP Account Create and manage ISP account information for user sessions, and rules to force user authentication. ZyWALL USG 100/200 Series User's Guide 55 Group Create and manage groups of each interface monitored by device HA. SSL Application Create SSL...
...users. AAA Server Active Directory- Auth. System Host Name Configure the system and domain name for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. LDAP-Default Configure the default LDAP settings. Trusted Certificates Import and...Active Directory settings. ISP Account Create and manage ISP account information for user sessions, and rules to force user authentication. ZyWALL USG 100/200 Series User's Guide 55 Group Create and manage groups of each interface monitored by device HA. SSL Application Create SSL...
User Guide
Page 63
... help. • Click Go to Dashboard to skip the installation setup wizard or click Next to start configuring for background information. ZyWALL USG 100/200 Series User's Guide 63 Figure 27 Installation Setup Wizard • Click the double arrow in this User's Guide for... Internet access. CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet connection...
... help. • Click Go to Dashboard to skip the installation setup wizard or click Next to start configuring for background information. ZyWALL USG 100/200 Series User's Guide 63 Figure 27 Installation Setup Wizard • Click the double arrow in this User's Guide for... Internet access. CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet connection...
User Guide
Page 64
... ISP assigned a fixed IP address. 4.1.2 Internet Access: Ethernet This screen is used as your IP address settings. 64 ZyWALL USG 100/200 Series User's Guide Refer to you a fixed IP address. Chapter 4 Installation Setup Wizard 4.1.1 Internet Access Setup - The screens vary depending on the encapsulation type. Figure 28 Internet Access: Step 1 • I have that information...
... ISP assigned a fixed IP address. 4.1.2 Internet Access: Ethernet This screen is used as your IP address settings. 64 ZyWALL USG 100/200 Series User's Guide Refer to you a fixed IP address. Chapter 4 Installation Setup Wizard 4.1.1 Internet Access Setup - The screens vary depending on the encapsulation type. Figure 28 Internet Access: Step 1 • I have that information...
User Guide
Page 65
The ZyWALL uses these (in the previous screen. Leave the field as the IP Address Assignment in the order you do not want to configure DNS servers. ... you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. ZyWALL USG 100/200 Series User's Guide 65 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you by your (static) public IP address. Figure 29 Internet Access...
The ZyWALL uses these (in the previous screen. Leave the field as the IP Address Assignment in the order you do not want to configure DNS servers. ... you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. ZyWALL USG 100/200 Series User's Guide 65 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you by your (static) public IP address. Figure 29 Internet Access...
User Guide
Page 66
... 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 66 ZyWALL USG 100/200 Series User's Guide Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from your service provider. Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given...
... 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 66 ZyWALL USG 100/200 Series User's Guide Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from your service provider. Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given...
User Guide
Page 67
...want to configure DNS servers. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you by your (static) public IP address. Figure 31 Internet Access: PPTP Encapsulation ZyWALL USG 100/200 Series User's Guide 67 Auto displays if you selected Auto as given to you... specify here) to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Chapter 4 Installation Setup Wizard...
...want to configure DNS servers. Enter a DNS server's IP address(es). The ZyWALL uses these (in the order you by your (static) public IP address. Figure 31 Internet Access: PPTP Encapsulation ZyWALL USG 100/200 Series User's Guide 67 Auto displays if you selected Auto as given to you... specify here) to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Chapter 4 Installation Setup Wizard...
User Guide
Page 68
... is the security zone to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts PAP only. • MSCHAP - Re-type your (static) public IP address. ... and depends on the interface you by the remote node. • CHAP - You can be up to configure DNS servers. 68 ZyWALL USG 100/200 Series User's Guide This field can use alphanumeric and -_: characters, and it . It must know the IP address of the PPTP ...
... is the security zone to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts PAP only. • MSCHAP - Re-type your (static) public IP address. ... and depends on the interface you by the remote node. • CHAP - You can be up to configure DNS servers. 68 ZyWALL USG 100/200 Series User's Guide This field can use alphanumeric and -_: characters, and it . It must know the IP address of the PPTP ...
User Guide
Page 69
The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 64). Figure 32 Internet Access: Step 3: Second WAN Interface ZyWALL USG 100/200 Series User's Guide 69 Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup -
The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 64). Figure 32 Internet Access: Step 3: Second WAN Interface ZyWALL USG 100/200 Series User's Guide 69 Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup -
User Guide
Page 70
Click Next and use the following screen to register. 70 ZyWALL USG 100/200 Series User's Guide After configuring the WAN interface(s), a screen displays with myZyXEL.com and activate trials of subscription security features if you want to do a ... services. Alternatively, close the window to exit the wizard. 4.2 Device Registration Use this screen displays your account details, click myZyXEL.com. You can register your ZyWALL with your ZyWALL with myZXEL.com and activate trial periods of services like IDP. Finish You have not already done so. If the...
Click Next and use the following screen to register. 70 ZyWALL USG 100/200 Series User's Guide After configuring the WAN interface(s), a screen displays with myZyXEL.com and activate trials of subscription security features if you want to do a ... services. Alternatively, close the window to exit the wizard. 4.2 Device Registration Use this screen displays your account details, click myZyXEL.com. You can register your ZyWALL with your ZyWALL with myZXEL.com and activate trial periods of services like IDP. Finish You have not already done so. If the...
User Guide
Page 71
... enter your user name and password in the Confirm Password field. • E-Mail Address: Enter your myZyXEL.com account. ZyWALL USG 100/200 Series User's Guide 71 Spaces are not allowed. Chapter 4 Installation Setup Wizard Use the Registration > Service screen to update your country from six to 20 alphanumeric characters (and the underscore). Type...
... enter your user name and password in the Confirm Password field. • E-Mail Address: Enter your myZyXEL.com account. ZyWALL USG 100/200 Series User's Guide 71 Spaces are not allowed. Chapter 4 Installation Setup Wizard Use the Registration > Service screen to update your country from six to 20 alphanumeric characters (and the underscore). Type...