User Guide
Page 3
...@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 47 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL Web...Chapter 5 on page 73 if you're using the Web Configurator. ZyWALL USG 100/200 Series User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to use the...
...@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 47 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL Web...Chapter 5 on page 73 if you're using the Web Configurator. ZyWALL USG 100/200 Series User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to use the...
User Guide
Page 4
... as well. More help in configuring that cannot be here. This is available at www.zyxel.com. • Download Library Search for the region in which you bought the device. 4 ZyWALL USG 100/200 Series User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Learn from this...
... as well. More help in configuring that cannot be here. This is available at www.zyxel.com. • Download Library Search for the region in which you bought the device. 4 ZyWALL USG 100/200 Series User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Learn from this...
User Guide
Page 5
Disclaimer Graphics in operating systems, operating system versions, or if you took to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. Please have the following information ready when you contact an office. • Product model and serial number. • ... the problem and the steps you installed updated firmware/software for contact information. Every effort has been made to differences in this manual is accurate. ZyWALL USG 100/200 Series User's Guide 5
Disclaimer Graphics in operating systems, operating system versions, or if you took to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. Please have the following information ready when you contact an office. • Product model and serial number. • ... the problem and the steps you installed updated firmware/software for contact information. Every effort has been made to differences in this manual is accurate. ZyWALL USG 100/200 Series User's Guide 5
User Guide
Page 6
Note: Notes tell you other important information (for instance", and "i.e.," means "that is a shorthand for "for example, other words". 6 ZyWALL USG 100/200 Series User's Guide Syntax Conventions • The ZyWALL may denote the "metric" value or the "scientific" value. Warnings tell you about things that screen. • Units of the predefined choices. • A right angle ...
Note: Notes tell you other important information (for instance", and "i.e.," means "that is a shorthand for "for example, other words". 6 ZyWALL USG 100/200 Series User's Guide Syntax Conventions • The ZyWALL may denote the "metric" value or the "scientific" value. Warnings tell you about things that screen. • Units of the predefined choices. • A right angle ...
User Guide
Page 7
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 100/200 Series User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 100/200 Series User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
... and the power source. • Do NOT attempt to repair the power adaptor or cord. ONLY qualified service personnel should not be treated separately. 8 ZyWALL USG 100/200 Series User's Guide Please contact your device to dampness, dust or corrosive liquids. • Do NOT store things on the motherboard) IS REPLACED BY AN INCORRECT TYPE...
... and the power source. • Do NOT attempt to repair the power adaptor or cord. ONLY qualified service personnel should not be treated separately. 8 ZyWALL USG 100/200 Series User's Guide Please contact your device to dampness, dust or corrosive liquids. • Do NOT store things on the motherboard) IS REPLACED BY AN INCORRECT TYPE...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP ... ...427 ALG ...431 IP/MAC Binding ...439 Authentication Policy ...445 Firewall ...453 IPSec VPN ...471 SSL VPN ...511 SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...39 Web Configurator ...47 Installation Setup Wizard ...63 Quick Setup ...73 Configuration Basics ...91 Tutorials ...115 L2TP ... ...427 ALG ...431 IP/MAC Binding ...439 Authentication Policy ...445 Firewall ...453 IPSec VPN ...471 SSL VPN ...511 SSL User Screens ...525 SSL User Application Screens 535 SSL User File Sharing ...537 ZyWALL SecuExtender ...545 L2TP VPN ...549 Application Patrol ...553 Anti-Virus ...579 IDP ...595 ADP ...629 ZyWALL USG 100/200 Series User's Guide 9
User Guide
Page 10
Contents Overview Content Filtering ...649 Content Filter Reports ...673 Anti-Spam ...681 Device HA ...699 User/Group ...721 Addresses ...737 Services ...743 Schedules ...749 AAA Server ...755 Authentication Method ...765 Certificates ...771 ISP Accounts ...793 SSL Application ...797 Endpoint Security ...805 System ...815 Log and Report ...865 File Manager ...879 Diagnostics ...891 Reboot ...899 Shutdown ...901 Troubleshooting ...903 Product Specifications ...923 10 ZyWALL USG 100/200 Series User's Guide
Contents Overview Content Filtering ...649 Content Filter Reports ...673 Anti-Spam ...681 Device HA ...699 User/Group ...721 Addresses ...737 Services ...743 Schedules ...749 AAA Server ...755 Authentication Method ...765 Certificates ...771 ISP Accounts ...793 SSL Application ...797 Endpoint Security ...805 System ...815 Log and Report ...865 File Manager ...879 Diagnostics ...891 Reboot ...899 Shutdown ...901 Troubleshooting ...903 Product Specifications ...923 10 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 11
... 2 Features and Applications ...39 2.1 Features ...39 2.2 Applications ...41 2.2.1 VPN Connectivity ...42 2.2.2 SSL VPN Network Access 42 2.2.3 User-Aware Access Control 44 2.2.4 Multiple WAN Interfaces 44 2.2.5 Device HA ...45 Chapter 3 Web Configurator...47 3.1 Web Configurator Requirements 47 3.2 Web Configurator Access ...47 3.3 Web Configurator Screens Overview 49 3.3.1 Title Bar ...50 ZyWALL USG 100/200 Series User's Guide 11
... 2 Features and Applications ...39 2.1 Features ...39 2.2 Applications ...41 2.2.1 VPN Connectivity ...42 2.2.2 SSL VPN Network Access 42 2.2.3 User-Aware Access Control 44 2.2.4 Multiple WAN Interfaces 44 2.2.5 Device HA ...45 Chapter 3 Web Configurator...47 3.1 Web Configurator Requirements 47 3.2 Web Configurator Access ...47 3.3 Web Configurator Screens Overview 49 3.3.1 Title Bar ...50 ZyWALL USG 100/200 Series User's Guide 11
User Guide
Page 12
... Chapter 6 Configuration Basics...91 6.1 Object-based Configuration 91 6.2 Zones, Interfaces, and Physical Ports 92 6.2.1 Interface Types ...93 6.2.2 Default Interface and Zone Configuration 94 12 ZyWALL USG 100/200 Series User's Guide WAN Interface 64 4.1.2 Internet Access: Ethernet 64 4.1.3 Internet Access: PPPoE 66 4.1.4 Internet Access: PPTP 67 4.1.5 ISP Parameters ...68 4.1.6 Internet Access Setup - Summary 89 5.5.8 VPN...
... Chapter 6 Configuration Basics...91 6.1 Object-based Configuration 91 6.2 Zones, Interfaces, and Physical Ports 92 6.2.1 Interface Types ...93 6.2.2 Default Interface and Zone Configuration 94 12 ZyWALL USG 100/200 Series User's Guide WAN Interface 64 4.1.2 Internet Access: Ethernet 64 4.1.3 Internet Access: PPPoE 66 4.1.4 Internet Access: PPTP 67 4.1.5 ISP Parameters ...68 4.1.6 Internet Access Setup - Summary 89 5.5.8 VPN...
User Guide
Page 13
...6.5.21 ADP ...109 6.5.22 Content Filter ...109 6.5.23 Anti-Spam ...110 6.5.24 Device HA ...110 6.6 Objects ...111 6.6.1 User/Group ...111 6.7 System ...112 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 95 6.4 Packet Flow ...97 6.4.1 ZLD 2.20 Packet Flow Enhancements 97 6.4.2 Routing Table Checking Flow Enhancements 98 6.4.3 NAT Table ... File Manager ...113 6.7.4 Diagnostics ...113 6.7.5 Shutdown ...113 Chapter 7 Tutorials ...115 7.1 How to Configure Interfaces, Port Roles, and Zones 115 7.1.1 Configure a WAN Ethernet Interface 116 ZyWALL USG 100/200 Series User's Guide 13
...6.5.21 ADP ...109 6.5.22 Content Filter ...109 6.5.23 Anti-Spam ...110 6.5.24 Device HA ...110 6.6 Objects ...111 6.6.1 User/Group ...111 6.7 System ...112 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 95 6.4 Packet Flow ...97 6.4.1 ZLD 2.20 Packet Flow Enhancements 97 6.4.2 Routing Table Checking Flow Enhancements 98 6.4.3 NAT Table ... File Manager ...113 6.7.4 Diagnostics ...113 6.7.5 Shutdown ...113 Chapter 7 Tutorials ...115 7.1 How to Configure Interfaces, Port Roles, and Zones 115 7.1.1 Configure a WAN Ethernet Interface 116 ZyWALL USG 100/200 Series User's Guide 13
User Guide
Page 14
...on Ethernet Interfaces 122 7.3.2 Configure the WAN Trunk 123 7.4 How to Set Up a Wireless LAN 125 7.4.1 Set Up User Accounts 125 7.4.2 Create the WLAN Interface 126 7.4.3 Set Up the Wireless Clients to Use the WLAN Interface 129 7.5 ...150 7.7.5 Set Up MSN Policies 153 7.7.6 Set Up Firewall Rules 154 7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups 155 7.9 How to Use Endpoint Security and Authentication Policies 157 7.9.1 Configure the Endpoint Security Objects ... 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
...on Ethernet Interfaces 122 7.3.2 Configure the WAN Trunk 123 7.4 How to Set Up a Wireless LAN 125 7.4.1 Set Up User Accounts 125 7.4.2 Create the WLAN Interface 126 7.4.3 Set Up the Wireless Clients to Use the WLAN Interface 129 7.5 ...150 7.7.5 Set Up MSN Policies 153 7.7.6 Set Up Firewall Rules 154 7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups 155 7.9 How to Use Endpoint Security and Authentication Policies 157 7.9.1 Configure the Endpoint Security Objects ... 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 14 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 15
...Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185... Screen 233 9.2.5 The DHCP Table Screen 233 9.2.6 The Number of Login Users Screen 234 Chapter 10 Monitor...237 10.1 Overview ...237 10.1.1 What You Can Do in this Chapter 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
...Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185... Screen 233 9.2.5 The DHCP Table Screen 233 9.2.6 The Number of Login Users Screen 234 Chapter 10 Monitor...237 10.1 Overview ...237 10.1.1 What You Can Do in this Chapter 237 10.2 The Port Statistics Screen 238 10.2.1 The Port Statistics Graph Screen 240 ZyWALL USG 100/200 Series User's Guide 15
User Guide
Page 16
... Traffic Statistics Screen 244 10.5 The Session Monitor Screen 247 10.6 The DDNS Status Screen 250 10.7 IP/MAC Binding Monitor 250 10.8 The Login Users Screen 252 10.9 WLAN Interface Station Monitor Screen 252 10.10 Cellular Status Screen 254 10.11 Application Patrol Statistics 256 10.11.1 Application Patrol... 12.2 The Antivirus Update Screen 286 12.3 The IDP/AppPatrol Update Screen 287 12.4 The System Protect Update Screen 289 Chapter 13 Interfaces ...291 16 ZyWALL USG 100/200 Series User's Guide
... Traffic Statistics Screen 244 10.5 The Session Monitor Screen 247 10.6 The DDNS Status Screen 250 10.7 IP/MAC Binding Monitor 250 10.8 The Login Users Screen 252 10.9 WLAN Interface Station Monitor Screen 252 10.10 Cellular Status Screen 254 10.11 Application Patrol Statistics 256 10.11.1 Application Patrol... 12.2 The Antivirus Update Screen 286 12.3 The IDP/AppPatrol Update Screen 287 12.4 The System Protect Update Screen 289 Chapter 13 Interfaces ...291 16 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 17
... Screen 372 14.3 Configuring a Trunk ...373 14.4 Trunk Technical Reference 375 Chapter 15 Policy and Static Routes ...377 15.1 Policy and Static Routes Overview 377 ZyWALL USG 100/200 Series User's Guide 17
... Screen 372 14.3 Configuring a Trunk ...373 14.4 Trunk Technical Reference 375 Chapter 15 Policy and Static Routes ...377 15.1 Policy and Static Routes Overview 377 ZyWALL USG 100/200 Series User's Guide 17
User Guide
Page 18
... Do in this Chapter 417 19.1.2 What You Need to Know 418 19.2 The NAT Screen ...418 19.2.1 The NAT Add/Edit Screen 420 18 ZyWALL USG 100/200 Series User's Guide
... Do in this Chapter 417 19.1.2 What You Need to Know 418 19.2 The NAT Screen ...418 19.2.1 The NAT Add/Edit Screen 420 18 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 19
... 24.1 Overview ...453 24.1.1 What You Can Do in this Chapter 453 24.1.2 What You Need to Know 454 24.1.3 Firewall Rule Example Applications 456 ZyWALL USG 100/200 Series User's Guide 19
... 24.1 Overview ...453 24.1.1 What You Can Do in this Chapter 453 24.1.2 What You Need to Know 454 24.1.3 Firewall Rule Example Applications 456 ZyWALL USG 100/200 Series User's Guide 19
User Guide
Page 20
... Logo 521 26.4 Establishing an SSL VPN Connection 522 Chapter 27 SSL User Screens ...525 27.1 Overview ...525 27.1.1 What You Need to Know 525 27.2 Remote User Login ...526 27.3 The SSL VPN User Screens 531 27.4 Bookmarking the ZyWALL 532 27.5 Logging Out of the SSL VPN User Screens 532 20 ZyWALL USG 100/200 Series User's Guide
... Logo 521 26.4 Establishing an SSL VPN Connection 522 Chapter 27 SSL User Screens ...525 27.1 Overview ...525 27.1.1 What You Need to Know 525 27.2 Remote User Login ...526 27.3 The SSL VPN User Screens 531 27.4 Bookmarking the ZyWALL 532 27.5 Logging Out of the SSL VPN User Screens 532 20 ZyWALL USG 100/200 Series User's Guide
User Guide
Page 21
... File or Folder 542 29.6 Deleting a File or Folder 542 29.7 Uploading a File ...543 Chapter 30 ZyWALL SecuExtender...545 30.1 The ZyWALL SecuExtender Icon 545 30.2 Statistics ...546 30.3 View Log ...547 30.4 Suspend and Resume the Connection 547 30....5 Stop the Connection ...548 30.6 Uninstalling the ZyWALL SecuExtender 548 Chapter 31 L2TP VPN...549 31.1 Overview ...549 31.1.1 What You Can Do in this Chapter ...Application Patrol Applications 564 32.3.1 The Application Patrol Edit Screen 565 ZyWALL USG 100/200 Series User's Guide 21
... File or Folder 542 29.6 Deleting a File or Folder 542 29.7 Uploading a File ...543 Chapter 30 ZyWALL SecuExtender...545 30.1 The ZyWALL SecuExtender Icon 545 30.2 Statistics ...546 30.3 View Log ...547 30.4 Suspend and Resume the Connection 547 30....5 Stop the Connection ...548 30.6 Uninstalling the ZyWALL SecuExtender 548 Chapter 31 L2TP VPN...549 31.1 Overview ...549 31.1.1 What You Can Do in this Chapter ...Application Patrol Applications 564 32.3.1 The Application Patrol Edit Screen 565 ZyWALL USG 100/200 Series User's Guide 21
User Guide
Page 22
... Signatures 614 34.8.1 Creating or Editing a Custom Signature 616 34.8.2 Custom Signature Example 622 34.8.3 Applying Custom Signatures 624 34.8.4 Verifying Custom Signatures 625 22 ZyWALL USG 100/200 Series User's Guide
... Signatures 614 34.8.1 Creating or Editing a Custom Signature 616 34.8.2 Custom Signature Example 622 34.8.3 Applying Custom Signatures 624 34.8.4 Verifying Custom Signatures 625 22 ZyWALL USG 100/200 Series User's Guide