User Guide
Page 59
...IP address assignment. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet Access Setup - This chapter provides information on configuring the Web Configurator's installation setup wizard. Figure 23 Installation Setup Wizard • Click the double arrow in this screen to start configuring for background information. ZyWALL USG 20/20W... User's Guide 59 This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup ...
...IP address assignment. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet Access Setup - This chapter provides information on configuring the Web Configurator's installation setup wizard. Figure 23 Installation Setup Wizard • Click the double arrow in this screen to start configuring for background information. ZyWALL USG 20/20W... User's Guide 59 This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup ...
User Guide
Page 61
Options are: ZyWALL USG 20/20W User's Guide 61 Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. Enter a DNS server's IP address(es). You can use alphanumeric and _@$./ characters, and it , you must know the IP address of the router through which this WAN connection will send traffic (the default gateway). • First / Second DNS...
Options are: ZyWALL USG 20/20W User's Guide 61 Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. Enter a DNS server's IP address(es). You can use alphanumeric and _@$./ characters, and it , you must know the IP address of the router through which this WAN connection will send traffic (the default gateway). • First / Second DNS...
User Guide
Page 90
...The LAN1 zone is a protected zone. Figure 50 Default Network Topology Table 14 ZyWALL USG 20 Default Port, Interface, and Zone Configuration PORT INTERFACE ZONE IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS P1 P2, P3 wan1 lan1 P4 lan2 P5... dmz CONSOLE n/a WAN LAN1 LAN2 DMZ None DHCP clients 192.168.1.1, DHCP server enabled 192.168.2.1, DHCP server enabled 192.168.3.1, DHCP server disabled None Connections to 192.168.1.254 range. 90 ZyWALL USG 20/20W...
...The LAN1 zone is a protected zone. Figure 50 Default Network Topology Table 14 ZyWALL USG 20 Default Port, Interface, and Zone Configuration PORT INTERFACE ZONE IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS P1 P2, P3 wan1 lan1 P4 lan2 P5... dmz CONSOLE n/a WAN LAN1 LAN2 DMZ None DHCP clients 192.168.1.1, DHCP server enabled 192.168.2.1, DHCP server enabled 192.168.3.1, DHCP server disabled None Connections to 192.168.1.254 range. 90 ZyWALL USG 20/20W...
User Guide
Page 92
... a range of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines ...the packets and determines how to bottom. Examples of private network addresses to the default WAN trunk. As soon ...> SNAT > Bandwidth Management > Fragmentation > Traffic Out. Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide Then it defragments them . Figure 51 Packet Flow The packet flow is from internal to...
... a range of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines ...the packets and determines how to bottom. Examples of private network addresses to the default WAN trunk. As soon ...> SNAT > Bandwidth Management > Fragmentation > Traffic Out. Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide Then it defragments them . Figure 51 Packet Flow The packet flow is from internal to...
User Guide
Page 96
...interface or VPN tunnel. Note: When you create an interface, there is in order to a zone. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide You can also use interfaces support Ethernet, PPPoE/PPTP, cellular, VLAN, and bridge interfaces. MENU ITEM(S) ... 107. 6.5.5 Policy Routes Use policy routes to override the ZyWALL's default routing behavior in the DMZ zone and uses a private IP address. Chapter 6 Configuration Basics 6.5.2 Licensing Registration Use these screens to register your ZyWALL and subscribe to services like more interfaces. You must have...
...interface or VPN tunnel. Note: When you create an interface, there is in order to a zone. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide You can also use interfaces support Ethernet, PPPoE/PPTP, cellular, VLAN, and bridge interfaces. MENU ITEM(S) ... 107. 6.5.5 Policy Routes Use policy routes to override the ZyWALL's default routing behavior in the DMZ zone and uses a private IP address. Chapter 6 Configuration Basics 6.5.2 Licensing Registration Use these screens to register your ZyWALL and subscribe to services like more interfaces. You must have...
User Guide
Page 100
...allow VoIP sessions from the LAN or WAN zone. Chapter 6 Configuration Basics 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for the HTTP ...sure users' computers comply with defined corporate policies before they can receive calls. 100 ZyWALL USG 20/20W User's Guide You can also configure the firewall to the LAN so VoIP users on...or service groups). By default, the firewall only allows management connections from the SIP proxy server on DMZ to control traffic for remote management. MENU ITEM(S) Configuration > Auth. Configure to the ZyWALL.
...allow VoIP sessions from the LAN or WAN zone. Chapter 6 Configuration Basics 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for the HTTP ...sure users' computers comply with defined corporate policies before they can receive calls. 100 ZyWALL USG 20/20W User's Guide You can also configure the firewall to the LAN so VoIP users on...or service groups). By default, the firewall only allows management connections from the SIP proxy server on DMZ to control traffic for remote management. MENU ITEM(S) Configuration > Auth. Configure to the ZyWALL.
User Guide
Page 102
... client) to configure a BWM rule for a specific IP address, destination port or IP range and specify allowed amounts of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP...), schedules, users, user groups Example: You can configure a policy that you have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide Chapter 6 Configuration Basics 6.5.16 Bandwidth Management Use bandwidth management (BWM) to WAN (FTP server). 1 Create user account for Bob. 2...
... client) to configure a BWM rule for a specific IP address, destination port or IP range and specify allowed amounts of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP...), schedules, users, user groups Example: You can configure a policy that you have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide Chapter 6 Configuration Basics 6.5.16 Bandwidth Management Use bandwidth management (BWM) to WAN (FTP server). 1 Create user account for Bob. 2...
User Guide
Page 107
...wan1 interface uses a static IP address of connecting to and using the Web Configurator to apply security settings specifically for details. Note: The tutorials featured here require a basic understanding of 1.2.3.4. ZyWALL USG 20/20W User's Guide 107 For ...field descriptions of individual screens, see Technical Reference on page 163. 7.1 How to Configure Interfaces, Port Roles, and Zones This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 90 for the default...
...wan1 interface uses a static IP address of connecting to and using the Web Configurator to apply security settings specifically for details. Note: The tutorials featured here require a basic understanding of 1.2.3.4. ZyWALL USG 20/20W User's Guide 107 For ...field descriptions of individual screens, see Technical Reference on page 163. 7.1 How to Configure Interfaces, Port Roles, and Zones This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 90 for the default...
User Guide
Page 109
... 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to connected DHCP clients. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. ZyWALL USG 20/20W User's Guide 109
... 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to connected DHCP clients. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. ZyWALL USG 20/20W User's Guide 109
User Guide
Page 119
...next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). ZyWALL USG 20/20W User's Guide 119 Under Policy, select LAN1_SUBNET for the... local network and VPN_REMOTE_SUBNET for the VPN Tunnel You configure security policies based on zones. The new VPN connection was assigned to the IPSec_VPN zone. Make sure all firewalls between the ZyWALL and remote IPSec router allow UDP port 4500. By default...
...next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). ZyWALL USG 20/20W User's Guide 119 Under Policy, select LAN1_SUBNET for the... local network and VPN_REMOTE_SUBNET for the VPN Tunnel You configure security policies based on zones. The new VPN connection was assigned to the IPSec_VPN zone. Make sure all firewalls between the ZyWALL and remote IPSec router allow UDP port 4500. By default...
User Guide
Page 135
.... Set the Mapped IP to wan1. Figure 89 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for the rule (WAN-LAN_H323 here). Here is how to configure a firewall rule to LAN1 IP address 192.168.1.56. ZyWALL USG 20/20W User's Guide 135 Set... the Incoming Interface to the H.323 device's LAN1 IP address object (LAN_H323). Set the Original IP to the WAN...
.... Set the Mapped IP to wan1. Figure 89 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for the rule (WAN-LAN_H323 here). Here is how to configure a firewall rule to LAN1 IP address 192.168.1.56. ZyWALL USG 20/20W User's Guide 135 Set... the Incoming Interface to the H.323 device's LAN1 IP address object (LAN_H323). Set the Original IP to the WAN...
User Guide
Page 138
... firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 343 for IP address 1.1.1.1, users can just go to the domain name to access... the HTTP server. Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. 138 ZyWALL USG 20/20W User's Guide If a ...
... firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 343 for IP address 1.1.1.1, users can just go to the domain name to access... the HTTP server. Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. 138 ZyWALL USG 20/20W User's Guide If a ...
User Guide
Page 143
ZyWALL USG 20/20W User's Guide 143 If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. • Click OK. Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to the IPPBX.
ZyWALL USG 20/20W User's Guide 143 If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. • Click OK. Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to the IPPBX.
User Guide
Page 144
IPPBX_DMZ is the destination because the ZyWALL applies NAT to allow the IPPBX to send SIP traffic to the IPPBX's DMZ IP address object (DMZ_SIP). Set the Access field to traffic before applying the firewall rule. Set the From field as WAN and the To field as ... > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to allow and click OK. Set the Destination to the SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide
IPPBX_DMZ is the destination because the ZyWALL applies NAT to allow the IPPBX to send SIP traffic to the IPPBX's DMZ IP address object (DMZ_SIP). Set the Access field to traffic before applying the firewall rule. Set the From field as WAN and the To field as ... > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to allow and click OK. Set the Destination to the SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide
User Guide
Page 148
... select WPA2-Enterprise as follows. Set the Authentication Type to DHCP Server. Click OK. 148 ZyWALL USG 20/20W User's Guide A (internal) name for the WLAN interface displays. The ZyWALL can modify it to Auth Method. This determines which security zone you want the WLAN interface ... 7 Tutorials 2 Edit this screen as the Security Type, otherwise select WPA/WPA-2-Enterprise. You can use its default authentication method (the local user database) and its default certificate to . Configure the interface's IP address and set it if you want to authenticate the users.
... select WPA2-Enterprise as follows. Set the Authentication Type to DHCP Server. Click OK. 148 ZyWALL USG 20/20W User's Guide A (internal) name for the WLAN interface displays. The ZyWALL can modify it to Auth Method. This determines which security zone you want the WLAN interface ... 7 Tutorials 2 Edit this screen as the Security Type, otherwise select WPA/WPA-2-Enterprise. You can use its default authentication method (the local user database) and its default certificate to . Configure the interface's IP address and set it if you want to authenticate the users.
User Guide
Page 169
... after firmware update - ZyWALL USG 20/20W User's Guide 169 OK - The ZyWALL successfully applied the system default configuration. System Resources CPU Usage This field displays what percentage of the ZyWALL's recent memory usage. Hover your cursor over this to look at the IP addresses currently assigned to the ZyWALL's DHCP clients and the IP addresses reserved for the...
... after firmware update - ZyWALL USG 20/20W User's Guide 169 OK - The ZyWALL successfully applied the system default configuration. System Resources CPU Usage This field displays what percentage of the ZyWALL's recent memory usage. Hover your cursor over this to look at the IP addresses currently assigned to the ZyWALL's DHCP clients and the IP addresses reserved for the...
User Guide
Page 227
...object for all computers in dot decimal notation. ZyWALL USG 20/20W User's Guide 227 It is External or General. If you may also need to change this interface. This option appears when Interface Properties is not used elsewhere. Use Fixed IP Address IP Address Subnet Mask Gateway You should also change...zones to apply security settings such as the interface. Port This is for the interface. You use this interface to the default WAN trunk. The ZyWALL sends packets to the gateway when it does not know how to route the packet to 11 characters long. Chapter 11 ...
...object for all computers in dot decimal notation. ZyWALL USG 20/20W User's Guide 227 It is External or General. If you may also need to change this interface. This option appears when Interface Properties is not used elsewhere. Use Fixed IP Address IP Address Subnet Mask Gateway You should also change...zones to apply security settings such as the interface. Port This is for the interface. You use this interface to the default WAN trunk. The ZyWALL sends packets to the gateway when it does not know how to route the packet to 11 characters long. Chapter 11 ...
User Guide
Page 228
...IP address for a response before the attempt is still available. Check Period Enter the number of the gateway (if any) on this value is External or General. Allowed values are 576 - 1500. If a larger packet arrives, the ZyWALL divides it is still available. The interface can send through the interface. Check Default... gateways have the same priority, the ZyWALL uses the one that the gateway allows. Select icmp to have the ZyWALL regularly perform a TCP handshake with the gateway you specified to it. 228 ZyWALL USG 20/20W User's Guide The lower the number,...
...IP address for a response before the attempt is still available. Check Period Enter the number of the gateway (if any) on this value is External or General. Allowed values are 576 - 1500. If a larger packet arrives, the ZyWALL divides it is still available. The interface can send through the interface. Check Default... gateways have the same priority, the ZyWALL uses the one that the gateway allows. Select icmp to have the ZyWALL regularly perform a TCP handshake with the gateway you specified to it. 228 ZyWALL USG 20/20W User's Guide The lower the number,...
User Guide
Page 666
This command forces your computer to connect to the ZyWALL using the default IP address of the ZyWALL. Figure 403 SSH Example 2: Log in to the ZyWALL using the OpenSSH client program that comes with most Linux distributions. 1 Test whether the SSH service is 21:6c:07:25:...d1. [email protected]'s password: 3 The CLI screen displays next. 43.9 Telnet You can come. 666 ZyWALL USG 20/20W User's Guide Escape character is the first time you are connecting to the ZyWALL. Type "yes" and press [ENTER]. Then enter the password to save the host information of 192.168.1.1)....
This command forces your computer to connect to the ZyWALL using the default IP address of the ZyWALL. Figure 403 SSH Example 2: Log in to the ZyWALL using the OpenSSH client program that comes with most Linux distributions. 1 Test whether the SSH service is 21:6c:07:25:...d1. [email protected]'s password: 3 The CLI screen displays next. 43.9 Telnet You can come. 666 ZyWALL USG 20/20W User's Guide Escape character is the first time you are connecting to the ZyWALL. Type "yes" and press [ENTER]. Then enter the password to save the host information of 192.168.1.1)....
User Guide
Page 741
... RS-232, DB9F connector 1, 2.0 plug and play See www.zyxel.com for a general overview of the holes are subject to 95% (non-condensing) Mean Time Between Failures: 323,823 hours The ZyWALL has wall-mounting holes on page 37 for the supported 3G cards...228 Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P2, P3) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P2, P3) Default Password 1234 This table provides hardware specifications. It is not included. A wall-mounting kit is recommended that you do NOT wall-mount the ZyWALL. ZyWALL USG 20/20W ...
... RS-232, DB9F connector 1, 2.0 plug and play See www.zyxel.com for a general overview of the holes are subject to 95% (non-condensing) Mean Time Between Failures: 323,823 hours The ZyWALL has wall-mounting holes on page 37 for the supported 3G cards...228 Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P2, P3) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P2, P3) Default Password 1234 This table provides hardware specifications. It is not included. A wall-mounting kit is recommended that you do NOT wall-mount the ZyWALL. ZyWALL USG 20/20W ...