User Guide
Page 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 18
... in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter 21 Authentication Policy ...365 21.1 Overview ...365 21.1.1 What You Can Do in this Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter 21 Authentication Policy ...365 21.1 Overview ...365 21.1.1 What You Can Do in this Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
...Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Its flexible configuration helps network administrators set up the network and enforce security policies efficiently. The ZyWALL provides excellent throughput with minimal configuration. 1.2 Wall-mounting Do...3G cellular USB (not included) for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. ZyWALL USG 20/20W User's Guide 29 The ZyWALL also provides two separate LAN networks. See Chapter 2 on page 37 for a third WAN connection. It also ...
...Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. Its flexible configuration helps network administrators set up the network and enforce security policies efficiently. The ZyWALL provides excellent throughput with minimal configuration. 1.2 Wall-mounting Do...3G cellular USB (not included) for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. ZyWALL USG 20/20W User's Guide 29 The ZyWALL also provides two separate LAN networks. See Chapter 2 on page 37 for a third WAN connection. It also ...
User Guide
Page 37
...Networks (VPN) Use IPSec, SSL to set up and to zones. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. ZyWALL USG 20/20W User's Guide 37 As a result, it is much simpler to provide secure communication between these ports. • One or more of the... between two sites over the Internet or any insecure network that uses TCP/IP for communication. You can create your own custom zones. The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and VPN tunnels to change security settings in the...
...Networks (VPN) Use IPSec, SSL to set up and to zones. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. ZyWALL USG 20/20W User's Guide 37 As a result, it is much simpler to provide secure communication between these ports. • One or more of the... between two sites over the Internet or any insecure network that uses TCP/IP for communication. You can create your own custom zones. The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and VPN tunnels to change security settings in the...
User Guide
Page 90
... P2, P3 wan1 lan1 P4 lan2 P5 dmz CONSOLE n/a WAN LAN1 LAN2 DMZ None DHCP clients 192.168.1.1, DHCP server enabled 192.168.2.1, DHCP server enabled 192.168.3.1, DHCP server disabled None Connections to 192.168.1.254 range. 90 ZyWALL USG 20/20W User's Guide The LAN1 zone is a protected zone. Chapter 6 Configuration Basics 6.2.2 Default Interface and...
... P2, P3 wan1 lan1 P4 lan2 P5 dmz CONSOLE n/a WAN LAN1 LAN2 DMZ None DHCP clients 192.168.1.1, DHCP server enabled 192.168.2.1, DHCP server enabled 192.168.3.1, DHCP server disabled None Connections to 192.168.1.254 range. 90 ZyWALL USG 20/20W User's Guide The LAN1 zone is a protected zone. Chapter 6 Configuration Basics 6.2.2 Default Interface and...
User Guide
Page 108
Figure 54 Ethernet Interface, Port Roles, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to it to the LAN zone so all of the LAN zone's security policies apply to assign the ZyWALL's wan1 interface a static IP address of 1.2.3.4. 108 ZyWALL USG 20/20W User's Guide Add it . It uses IP address 192.168.4.1 and has a DHCP server. This dmz interface is used for a protected local network. Chapter 7 Tutorials • Convert P5 (lan2) into a dmz interface.
Figure 54 Ethernet Interface, Port Roles, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to it to the LAN zone so all of the LAN zone's security policies apply to assign the ZyWALL's wan1 interface a static IP address of 1.2.3.4. 108 ZyWALL USG 20/20W User's Guide Add it . It uses IP address 192.168.4.1 and has a DHCP server. This dmz interface is used for a protected local network. Chapter 7 Tutorials • Convert P5 (lan2) into a dmz interface.
User Guide
Page 109
...to convert port P5 from the lan2 interface and add it to set the dmz interface (created in the previous section) for a separate local network. ZyWALL USG 20/20W User's Guide 109 Figure 55 Configuration > Network > Interface > Ethernet > Edit wan1 7.1.2 Configure Port Roles Here is how to the dmz interface.... select the dmz (DMZ) radio button and click Apply. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to connected DHCP clients. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. ...
...to convert port P5 from the lan2 interface and add it to set the dmz interface (created in the previous section) for a separate local network. ZyWALL USG 20/20W User's Guide 109 Figure 55 Configuration > Network > Interface > Ethernet > Edit wan1 7.1.2 Configure Port Roles Here is how to the dmz interface.... select the dmz (DMZ) radio button and click Apply. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to connected DHCP clients. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. ...
User Guide
Page 110
Figure 57 Configuration > Network > Interface > Ethernet > Edit lan2 7.1.4 Configure Zones Do the following to 255.255.255.0. The Interface Type should be internal. Set the IP Address to 192.168.4.1 and the Subnet Mask to create a VPN zone. 1 Click Configuration > Network > Zone and then the Add icon. 110 ZyWALL USG 20/20W User's Guide Set DHCP to DHCP Server and click OK. Chapter 7 Tutorials 1 Click Configuration > Network > Interface > Ethernet and double-click the lan2 interface's entry.
Figure 57 Configuration > Network > Interface > Ethernet > Edit lan2 7.1.4 Configure Zones Do the following to 255.255.255.0. The Interface Type should be internal. Set the IP Address to 192.168.4.1 and the Subnet Mask to create a VPN zone. 1 Click Configuration > Network > Zone and then the Add icon. 110 ZyWALL USG 20/20W User's Guide Set DHCP to DHCP Server and click OK. Chapter 7 Tutorials 1 Click Configuration > Network > Interface > Ethernet and double-click the lan2 interface's entry.
User Guide
Page 148
... security settings the ZyWALL applies to DHCP Server. Configure the SSID (ZYXEL_WPA in this example). The ZyWALL can modify it to the WLAN interface. You can use its default authentication method (the local user database) and its default certificate to Auth Method. The ZyWALL's security settings are... configured by zones. If all of your wireless clients support WPA2, select WPA2-Enterprise as follows. Click OK. 148 ZyWALL USG 20/20W User's Guide This determines which security zone you want the WLAN interface to . Set the Authentication Type to authenticate the users...
... security settings the ZyWALL applies to DHCP Server. Configure the SSID (ZYXEL_WPA in this example). The ZyWALL can modify it to the WLAN interface. You can use its default authentication method (the local user database) and its default certificate to Auth Method. The ZyWALL's security settings are... configured by zones. If all of your wireless clients support WPA2, select WPA2-Enterprise as follows. Click OK. 148 ZyWALL USG 20/20W User's Guide This determines which security zone you want the WLAN interface to . Set the Authentication Type to authenticate the users...
User Guide
Page 165
... service status, and ZyWALL USG 20/20W User's Guide 165 You can also display other status screens for more information. • Use the VPN status screen (see Section 8.2.1 on page 171) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see ... see Section 8.2 on page 174) to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for the following. • Use the main Dashboard screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status...
... service status, and ZyWALL USG 20/20W User's Guide 165 You can also display other status screens for more information. • Use the VPN status screen (see Section 8.2.1 on page 171) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see ... see Section 8.2 on page 174) to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for the following. • Use the main Dashboard screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status...
User Guide
Page 169
...the Show Active Sessions icon to the ZyWALL's DHCP clients and the IP addresses reserved for the first time or you intentionally reset the ZyWALL to the Login Users ZyWALL. Chapter 8 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION DHCP Table Click this to look at ...-open on page 175. See Section 8.2.6 on the ZyWALL. System default configuration - Hover your cursor over this field to see details about the ZyWALL's startup state. The ZyWALL started up successfully. The ZyWALL was successful. ZyWALL USG 20/20W User's Guide 169 See Section 8.2.5 on page 539...
...the Show Active Sessions icon to the ZyWALL's DHCP clients and the IP addresses reserved for the first time or you intentionally reset the ZyWALL to the Login Users ZyWALL. Chapter 8 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION DHCP Table Click this to look at ...-open on page 175. See Section 8.2.6 on the ZyWALL. System default configuration - Hover your cursor over this field to see details about the ZyWALL's startup state. The ZyWALL started up successfully. The ZyWALL was successful. ZyWALL USG 20/20W User's Guide 169 See Section 8.2.5 on page 539...
User Guide
Page 170
..., see Section 9.11 on what type of an active virtual router, this field displays n/a. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide Chapter 8 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION Interface Status Summary # Name Status If an Ethernet interface does not..., this field displays the IP address it is . This section of the screen displays the status of the device connected to a DHCP server. This shows how many interfaces there are . Click the Connect icon to have any physical ports associated with it is a backup...
..., see Section 9.11 on what type of an active virtual router, this field displays n/a. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide Chapter 8 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION Interface Status Summary # Name Status If an Ethernet interface does not..., this field displays the IP address it is . This section of the screen displays the status of the device connected to a DHCP server. This shows how many interfaces there are . Click the Connect icon to have any physical ports associated with it is a backup...
User Guide
Page 174
... addresses currently assigned to be updated automatically. Encapsulation This field displays how the IPSec SA is not associated with a specific SA. Figure 133 Dashboard > DHCP Table 174 ZyWALL USG 20/20W User's Guide Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. To access this screen to...
... addresses currently assigned to be updated automatically. Encapsulation This field displays how the IPSec SA is not associated with a specific SA. Figure 133 Dashboard > DHCP Table 174 ZyWALL USG 20/20W User's Guide Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. To access this screen to...
User Guide
Page 175
... shows here. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen. This field identifies the interface that assigned an IP address to identify this screen, click the dashboard's Number of Login Users ZyWALL USG 20/20W User's Guide 175 To access this... device on the network (the computer name). Click the column's heading cell to a DHCP client or reserved for dynamic DHCP entries. This field displays the IP address currently assigned...
... shows here. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen. This field identifies the interface that assigned an IP address to identify this screen, click the dashboard's Number of Login Users ZyWALL USG 20/20W User's Guide 175 To access this... device on the network (the computer name). Click the column's heading cell to a DHCP client or reserved for dynamic DHCP entries. This field displays the IP address currently assigned...
User Guide
Page 182
...This field displays the current IP address and subnet mask assigned to which services the interface provides to the network. 182 ZyWALL USG 20/20W User's Guide IP Assignment Services If this interface is a member of interface it or the Ethernet interface is disabled. Static... - Zone IP Addr/ Netmask For WLAN interfaces: Up - The Ethernet interface is a backup). The PPP interface is assigned. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. Chapter 9 Monitor Table 28 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Port Status ...
...This field displays the current IP address and subnet mask assigned to which services the interface provides to the network. 182 ZyWALL USG 20/20W User's Guide IP Assignment Services If this interface is a member of interface it or the Ethernet interface is disabled. Static... - Zone IP Addr/ Netmask For WLAN interfaces: Up - The Ethernet interface is a backup). The PPP interface is assigned. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. Chapter 9 Monitor Table 28 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Port Status ...
User Guide
Page 183
... to get or to connect a PPPoE/PPTP interface. This count may not be accurate in the screen. If the interface cannot use one ZyWALL USG 20/20W User's Guide 183 RxPkts This field displays the number of traffic on the interface since it was last connected. Please see Table 29 on... the PPP interface is not connected. Speed / Duplex - The interface is a Expand icon (plus-sign) next to the name, click this button to a DHCP server. Refresh Click this to and from the ZyWALL on top of this field displays n/a. If there is connected. Click Renew to send a new...
... to get or to connect a PPPoE/PPTP interface. This count may not be accurate in the screen. If the interface cannot use one ZyWALL USG 20/20W User's Guide 183 RxPkts This field displays the number of traffic on the interface since it was last connected. Please see Table 29 on... the PPP interface is not connected. Speed / Duplex - The interface is a Expand icon (plus-sign) next to the name, click this button to a DHCP server. Refresh Click this to and from the ZyWALL on top of this field displays n/a. If there is connected. Click Renew to send a new...
User Guide
Page 190
... Status > IP/MAC Binding LABEL DESCRIPTION Interface Select a ZyWALL interface that has IP/MAC binding enabled to show to a device. The ZyWALL learns these from the DHCP client requests. To access this screen. Devices that the ZyWALL assigned to which the IP address is when the device last...This is currently assigned. IP Address This is the index number of the users currently logged into the ZyWALL. Figure 142 Monitor > System Status > Login Users 190 ZyWALL USG 20/20W User's Guide Refresh Click this button to update the information in the screen. 9.8 The Login Users...
... Status > IP/MAC Binding LABEL DESCRIPTION Interface Select a ZyWALL interface that has IP/MAC binding enabled to show to a device. The ZyWALL learns these from the DHCP client requests. To access this screen. Devices that the ZyWALL assigned to which the IP address is when the device last...This is currently assigned. IP Address This is the index number of the users currently logged into the ZyWALL. Figure 142 Monitor > System Status > Login Users 190 ZyWALL USG 20/20W User's Guide Refresh Click this button to update the information in the screen. 9.8 The Login Users...
User Guide
Page 219
...--have a lot of Interfaces INTERFACE REQUIRED PORT / INTERFACE port group Ethernet interface physical port physical port VLAN interface port group Ethernet interface ZyWALL USG 20/20W User's Guide 219 You cannot specify the number after the colon if you enter in the following table. Table 47 Ethernet, PPP, ... Bandwidth Yes Yes Yes Yes Yes Yes Yes restrictions Packet size (MTU) Yes Yes Yes Yes Yes Yes No DHCP DHCP server No Yes No No Yes Yes No DHCP relay No Yes No No Yes Yes No Connectivity Check Yes No Yes No Yes Yes No - * The...
...--have a lot of Interfaces INTERFACE REQUIRED PORT / INTERFACE port group Ethernet interface physical port physical port VLAN interface port group Ethernet interface ZyWALL USG 20/20W User's Guide 219 You cannot specify the number after the colon if you enter in the following table. Table 47 Ethernet, PPP, ... Bandwidth Yes Yes Yes Yes Yes Yes Yes restrictions Packet size (MTU) Yes Yes Yes Yes Yes Yes No DHCP DHCP server No Yes No No Yes Yes No DHCP relay No Yes No No Yes Yes No Connectivity Check Yes No Yes No Yes Yes No - * The...
User Guide
Page 222
...assigned to other routers and how much information is effectively removed from the ZyWALL, but you can still configure it. Figure 158 Configuration > Network > Interface > Ethernet (USG 20W) 222 ZyWALL USG 20/20W User's Guide However, the routers also generate more efficient the routers ...should be. They have any of bandwidth and packet size. They can provide DHCP services, and they can you cannot create new...
...assigned to other routers and how much information is effectively removed from the ZyWALL, but you can still configure it. Figure 158 Configuration > Network > Interface > Ethernet (USG 20W) 222 ZyWALL USG 20/20W User's Guide However, the routers also generate more efficient the routers ...should be. They have any of bandwidth and packet size. They can provide DHCP services, and they can you cannot create new...
User Guide
Page 223
...Section 11.3 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to remove it and click Remove. ZyWALL USG 20/20W User's Guide 223 To turn off an interface, select it and click... Edit to open a screen where you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address ...
...Section 11.3 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to remove it and click Remove. ZyWALL USG 20/20W User's Guide 223 To turn off an interface, select it and click... Edit to open a screen where you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address ...