User Guide
Page 29
... reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for a third WAN connection. See Chapter 2 on page 37 for connecting publicly accessible servers. ZyWALL USG 20/20W User's Guide 29 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. The...
... reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for a third WAN connection. See Chapter 2 on page 37 for connecting publicly accessible servers. ZyWALL USG 20/20W User's Guide 29 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. The...
User Guide
Page 82
Phase 1 Settings There are two phases to use on DES 82 ZyWALL USG 20/20W User's Guide A phase 1 exchange establishes an IKE SA (Security Association). Figure 45 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) ... more incoming connections from the drop-down list box to every IKE (Internet Key Exchange) negotiation - The DES encryption algorithm uses a 56-bit key. This ZyWALL is the client (dial-in this field is a variation on your ZyWALL. • Negotiation Mode: Select Main for the chosen scenario. Choose this may affect...
Phase 1 Settings There are two phases to use on DES 82 ZyWALL USG 20/20W User's Guide A phase 1 exchange establishes an IKE SA (Security Association). Figure 45 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) ... more incoming connections from the drop-down list box to every IKE (Internet Key Exchange) negotiation - The DES encryption algorithm uses a 56-bit key. This ZyWALL is the client (dial-in this field is a variation on your ZyWALL. • Negotiation Mode: Select Main for the chosen scenario. Choose this may affect...
User Guide
Page 83
...Advanced Wizard: Step 4 ZyWALL USG 20/20W User's Guide 83 Chapter 5 Quick Setup that was established in phase 1 to negotiate SAs for IPSec. The SHA1 algorithm is generally considered stronger than DH1 or DH2 (although it may affect throughput). If it does not respond, the ZyWALL shuts down the IKE SA.... • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. If it responds, the ZyWALL transmits the data. If there has...
...Advanced Wizard: Step 4 ZyWALL USG 20/20W User's Guide 83 Chapter 5 Quick Setup that was established in phase 1 to negotiate SAs for IPSec. The SHA1 algorithm is generally considered stronger than DH1 or DH2 (although it may affect throughput). If it does not respond, the ZyWALL shuts down the IKE SA.... • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. If it responds, the ZyWALL transmits the data. If there has...
User Guide
Page 84
...; Encapsulation: Tunnel is compatible with NAT, Transport is generally considered stronger than DH1 or DH2 (although it may affect throughput). The SHA1 algorithm is not. • Encryption Algorithm: 3DES and AES use encryption. This must match the remote IP...ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/20W User's Guide DH2 refers to authenticate packet data. The longer the AES key, the higher the security (this to -site and remote access client role scenarios. SHA-1 gives higher security. Select this may affect throughput...
...; Encapsulation: Tunnel is compatible with NAT, Transport is generally considered stronger than DH1 or DH2 (although it may affect throughput). The SHA1 algorithm is not. • Encryption Algorithm: 3DES and AES use encryption. This must match the remote IP...ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/20W User's Guide DH2 refers to authenticate packet data. The longer the AES key, the higher the security (this to -site and remote access client role scenarios. SHA-1 gives higher security. Select this may affect throughput...
User Guide
Page 113
...out through the remaining WAN connections. As these connections have different bandwidth, use the Trunk screens to the system default WAN trunk. ZyWALL USG 20/20W User's Guide 113 You only have to change many of the WAN interfaces and configure the WAN_TRUNK trunk's load balancing settings. ...tune the load balancing configuration, see Chapter 12 on how much traffic the ZyWALL tries to enhance overall network throughput. Plus, if a WAN connection goes down, the ZyWALL still sends traffic through each of the ZyWALL's settings from the defaults to set a limit on page 289. If the...
...out through the remaining WAN connections. As these connections have different bandwidth, use the Trunk screens to the system default WAN trunk. ZyWALL USG 20/20W User's Guide 113 You only have to change many of the WAN interfaces and configure the WAN_TRUNK trunk's load balancing settings. ...tune the load balancing configuration, see Chapter 12 on how much traffic the ZyWALL tries to enhance overall network throughput. Plus, if a WAN connection goes down, the ZyWALL still sends traffic through each of the ZyWALL's settings from the defaults to set a limit on page 289. If the...
User Guide
Page 221
... dmz IP address. 2 Use the appropriate lan1, lan2 or dmz IP address to use the ZyWALL's lan1 IP address and MAC address. The port will use each belongs. ZyWALL USG 20/20W User's Guide 221 This provides wire-speed throughput but no security. • It can increase the bandwidth between physical ports in the same...
... dmz IP address. 2 Use the appropriate lan1, lan2 or dmz IP address to use the ZyWALL's lan1 IP address and MAC address. The port will use each belongs. ZyWALL USG 20/20W User's Guide 221 This provides wire-speed throughput but no security. • It can increase the bandwidth between physical ports in the same...
User Guide
Page 251
... Object References to open a screen where you want to create a new WLAN interface. This may make data transfer more prone to increase data throughput. This field is a sequential value, and it is selected as the 802.11 Band. This is busy and congested. Check this traffic....that shows which multiple frames can modify the entry's settings. See Section 11.3.2 on the packet's IEEE 802.1q or DSCP header. ZyWALL USG 20/20W User's Guide 251 This function allows faster data transfer rates. To remove an entry, select it and click Activate. This field displays ...
... Object References to open a screen where you want to create a new WLAN interface. This may make data transfer more prone to increase data throughput. This field is a sequential value, and it is selected as the 802.11 Band. This is busy and congested. Check this traffic....that shows which multiple frames can modify the entry's settings. See Section 11.3.2 on the packet's IEEE 802.1q or DSCP header. ZyWALL USG 20/20W User's Guide 251 This function allows faster data transfer rates. To remove an entry, select it and click Activate. This field displays ...
User Guide
Page 289
... on page 293) to configure which interfaces belong to passive. You can use policy routes and trunks to increase overall network throughput and reliability. ZyWALL USG 20/20W User's Guide 289 You could set to each trunk and the load balancing algorithm each trunk uses. • Use the Trunk... Edit screen (Section 12.3 on page 292) to Australia. This allows you to improve quality of the ZyWALL's interfaces is connected to...
... on page 293) to configure which interfaces belong to passive. You can use policy routes and trunks to increase overall network throughput and reliability. ZyWALL USG 20/20W User's Guide 289 You could set to each trunk and the load balancing algorithm each trunk uses. • Use the Trunk... Edit screen (Section 12.3 on page 292) to Australia. This allows you to improve quality of the ZyWALL's interfaces is connected to...
User Guide
Page 290
... for that type of traffic. • If that interface's connection goes down, the ZyWALL can still send its traffic through each trunk member interface as the measured outbound throughput over the available outbound bandwidth. In the load balancing section, a session may refer to...connections share the traffic load. • If one WAN interface's connection goes down, the ZyWALL sends traffic through another interface. • You can define multiple trunks for a session2. ZyWALL USG 20/20W User's Guide Weighted Round Robin The Weighted Round Robin (WRR) algorithm is currently using....
... for that type of traffic. • If that interface's connection goes down, the ZyWALL can still send its traffic through each trunk member interface as the measured outbound throughput over the available outbound bandwidth. In the load balancing section, a session may refer to...connections share the traffic load. • If one WAN interface's connection goes down, the ZyWALL sends traffic through another interface. • You can define multiple trunks for a session2. ZyWALL USG 20/20W User's Guide Weighted Round Robin The Weighted Round Robin (WRR) algorithm is currently using....
User Guide
Page 313
...OSPF, for background information on the RIP and OSPF screens. OSPF RIP Network Size Small (with up to make routing decisions. In turn, the ZyWALL can also use RIP to receive and/or send routing information. • Use the OSPF screen (see Section 14.3 on page 315) to ....1.1 What You Can Do in the routing table it uses to 15 routers) Metric Hop count Convergence Slow OSPF Large Bandwidth, hop count, throughput, round trip time and reliability. ZyWALL USG 20/20W User's Guide 313 CHAPTER 14 Routing Protocols 14.1 Routing Protocols Overview Routing protocols give the...
...OSPF, for background information on the RIP and OSPF screens. OSPF RIP Network Size Small (with up to make routing decisions. In turn, the ZyWALL can also use RIP to receive and/or send routing information. • Use the OSPF screen (see Section 14.3 on page 315) to ....1.1 What You Can Do in the routing table it uses to 15 routers) Metric Hop count Convergence Slow OSPF Large Bandwidth, hop count, throughput, round trip time and reliability. ZyWALL USG 20/20W User's Guide 313 CHAPTER 14 Routing Protocols 14.1 Routing Protocols Overview Routing protocols give the...
User Guide
Page 316
... stub area has routing information about the OSPF AS. A normal area has routing information about any networks outside the OSPF AS. 316 ZyWALL USG 20/20W User's Guide Naturally, OSPF is also more areas. It does not have any routing information about the OSPF AS and networks outside the...has routing information about other networks outside the OSPF AS that routes packets between other areas are several factors, including bandwidth, hop count, throughput, round trip time, and reliability, when it is directly connected. In OSPF, this number may be set up to use available ...
... stub area has routing information about the OSPF AS. A normal area has routing information about any networks outside the OSPF AS. 316 ZyWALL USG 20/20W User's Guide Naturally, OSPF is also more areas. It does not have any routing information about the OSPF AS and networks outside the...has routing information about other networks outside the OSPF AS that routes packets between other areas are several factors, including bandwidth, hop count, throughput, round trip time, and reliability, when it is directly connected. In OSPF, this number may be set up to use available ...
User Guide
Page 400
...at least one proposal that uses use to authenticate packet data in the IPSec SA. a 168-bit key with the AES encryption algorithm The ZyWALL and the remote IPSec router must use a 1536-bit random number Related Settings Add this VPN connection to IPSec_VPN zone. a 256-bit ...which Diffie-Hellman key group to use in increased latency and decreased throughput. Authentication Longer keys are : none - enable PFS and use a 1024-bit random number DH5 - Select this to turn on the VPN connection check. 400 ZyWALL USG 20/20W User's Guide This field is a sequential value, and it is ...
...at least one proposal that uses use to authenticate packet data in the IPSec SA. a 168-bit key with the AES encryption algorithm The ZyWALL and the remote IPSec router must use a 1536-bit random number Related Settings Add this VPN connection to IPSec_VPN zone. a 256-bit ...which Diffie-Hellman key group to use in increased latency and decreased throughput. Authentication Longer keys are : none - enable PFS and use a 1024-bit random number DH5 - Select this to turn on the VPN connection check. 400 ZyWALL USG 20/20W User's Guide This field is a sequential value, and it is ...
User Guide
Page 404
... remote IPSec router. Active Protocol Select which type of the remote IPSec router in increased latency and decreased throughput. If you select AH, you select Transport mode, the ZyWALL automatically switches to Tunnel mode if the IPSec SA is not used for communication between 256 and 4095. ESP (RFC ... Tunnel - a 168-bit key with the DES encryption algorithm 3DES - Select which hash algorithm to use to use the same algorithm. 404 ZyWALL USG 20/20W User's Guide a 56-bit key with the DES encryption algorithm AES128 - Select which key size and encryption algorithm to identify the...
... remote IPSec router. Active Protocol Select which type of the remote IPSec router in increased latency and decreased throughput. If you select AH, you select Transport mode, the ZyWALL automatically switches to Tunnel mode if the IPSec SA is not used for communication between 256 and 4095. ESP (RFC ... Tunnel - a 168-bit key with the DES encryption algorithm 3DES - Select which hash algorithm to use to use the same algorithm. 404 ZyWALL USG 20/20W User's Guide a 56-bit key with the DES encryption algorithm AES128 - Select which key size and encryption algorithm to identify the...
User Guide
Page 413
...key size and encryption algorithm to delete it is not associated with the AES encryption algorithm Authentication The ZyWALL and the remote IPSec router must use the same DH key group. Key Group The remote IPSec ... SA. SHA1 is also slower. use to establish the IKE SA Aggressive - use for encryption keys. ZyWALL USG 20/20W User's Guide 413 Select an entry and click this to modify it is generally considered stronger than MD5...(DHx) you want to authenticate packet data in increased latency and decreased throughput. Both routers must use to use a 1024-bit random number DH5 -
...key size and encryption algorithm to delete it is not associated with the AES encryption algorithm Authentication The ZyWALL and the remote IPSec router must use the same DH key group. Key Group The remote IPSec ... SA. SHA1 is also slower. use to establish the IKE SA Aggressive - use for encryption keys. ZyWALL USG 20/20W User's Guide 413 Select an entry and click this to modify it is generally considered stronger than MD5...(DHx) you want to authenticate packet data in increased latency and decreased throughput. Both routers must use to use a 1024-bit random number DH5 -
User Guide
Page 672
...to configure your ZyWALL's SNMP settings, click Configuration > System > SNMP tab. The ZyWALL also supports private MIBs (zywall.mib and zyxel-zywall-ZLDCommon.mib) to... let administrators collect statistical data and monitor status and performance. This trap is defined in RFC-1213 and RFC-1215. You can download the ZyWALL's MIBs from non-authenticated hosts. 43.11.3 Configuring SNMP To change your SNMP 672 ZyWALL USG 20/20W...ZyWALL supports MIB II that is sent when an SNMP request comes from www.zyxel.com. 43.11.2 SNMP Traps The ZyWALL...
...to configure your ZyWALL's SNMP settings, click Configuration > System > SNMP tab. The ZyWALL also supports private MIBs (zywall.mib and zyxel-zywall-ZLDCommon.mib) to... let administrators collect statistical data and monitor status and performance. This trap is defined in RFC-1213 and RFC-1215. You can download the ZyWALL's MIBs from non-authenticated hosts. 43.11.3 Configuring SNMP To change your SNMP 672 ZyWALL USG 20/20W...ZyWALL supports MIB II that is sent when an SNMP request comes from www.zyxel.com. 43.11.2 SNMP Traps The ZyWALL...
User Guide
Page 679
ZyWALL USG 20/20W User's Guide 679 Note: Data collection may decrease the ZyWALL's traffic throughput rate. CHAPTER 44 Log and Report 44.1 Overview Use these screens to configure daily reporting and log settings. 44.1.1 What You Can Do In this .... 44.2 Email Daily Report Use the Email Daily Report screen to start or stop data collection and view various statistics about traffic passing through your ZyWALL.
ZyWALL USG 20/20W User's Guide 679 Note: Data collection may decrease the ZyWALL's traffic throughput rate. CHAPTER 44 Log and Report 44.1 Overview Use these screens to configure daily reporting and log settings. 44.1.1 What You Can Do In this .... 44.2 Email Daily Report Use the Email Daily Report screen to start or stop data collection and view various statistics about traffic passing through your ZyWALL.
User Guide
Page 710
...capture settings. The total number of captured packets. Click this screen. Figure 430 Maintenance > Diagnostics > Packet Capture > Files 710 ZyWALL USG 20/20W User's Guide Chapter 46 Diagnostics Table 221 Maintenance > Diagnostics > Packet Capture (continued) LABEL DESCRIPTION Number Of Bytes To Capture (Per... Files to stop a currently running packet capture and generate a separate capture file for each selected interface. The ZyWALL's throughput or performance may be affected while a packet capture is full, adding more packet captures will fail. Stop Reset After the...
...capture settings. The total number of captured packets. Click this screen. Figure 430 Maintenance > Diagnostics > Packet Capture > Files 710 ZyWALL USG 20/20W User's Guide Chapter 46 Diagnostics Table 221 Maintenance > Diagnostics > Packet Capture (continued) LABEL DESCRIPTION Number Of Bytes To Capture (Per... Files to stop a currently running packet capture and generate a separate capture file for each selected interface. The ZyWALL's throughput or performance may be affected while a packet capture is full, adding more packet captures will fail. Stop Reset After the...
User Guide
Page 737
... shell script, use multiple write commands in a long script. Data collection may decrease the ZyWALL's traffic throughput rate. See Chapter 45 on page 693 for uploading firmware. Make sure the logo file is to recover the firmware. ZyWALL USG 20/20W User's Guide 737 I started collecting traffic statistics. Chapter 50 Troubleshooting I uploaded a logo to use...
... shell script, use multiple write commands in a long script. Data collection may decrease the ZyWALL's traffic throughput rate. See Chapter 45 on page 693 for uploading firmware. Make sure the logo file is to recover the firmware. ZyWALL USG 20/20W User's Guide 737 I started collecting traffic statistics. Chapter 50 Troubleshooting I uploaded a logo to use...
User Guide
Page 807
...All IEEE 802.11 compliant wireless adapters support long preamble, but not all wireless devices on the network support it , otherwise the ZyWALL uses long preamble. Use long preamble if you set a smaller threshold for sending data. Preamble Type Preamble is used to signal ...could negatively affect the throughput performance instead of the synchronization field in busy wireless networks. If the Fragmentation Threshold value is the maximum data fragment size (between 256 and 2432 bytes) that data is fully compatible with an IEEE 802.11g access point ZyWALL USG 20/20W User's Guide 807...
...All IEEE 802.11 compliant wireless adapters support long preamble, but not all wireless devices on the network support it , otherwise the ZyWALL uses long preamble. Use long preamble if you set a smaller threshold for sending data. Preamble Type Preamble is used to signal ...could negatively affect the throughput performance instead of the synchronization field in busy wireless networks. If the Fragmentation Threshold value is the maximum data fragment size (between 256 and 2432 bytes) that data is fully compatible with an IEEE 802.11g access point ZyWALL USG 20/20W User's Guide 807...
User Guide
Page 956
... port triggering 731 PPP 729 RADIUS server 735 routing 731 schedules 735 security settings 728 shell scripts 737 SNAT 731 SSL 734 SSL VPN 734 throughput rate 737 VLAN 730 VPN 734 WLAN 730 truncated-address-header attack 485 truncated-header attack 485, 486 truncated-options attack 485 truncated-timestamp-header... prerequisites 96 see also load balancing 289 tutorial 113 where used 96 Trusted Certificates, see also certificates 603 TTCP-detected attack 485 tunnel encapsulation 399 ZyWALL USG 20/20W User's Guide
... port triggering 731 PPP 729 RADIUS server 735 routing 731 schedules 735 security settings 728 shell scripts 737 SNAT 731 SSL 734 SSL VPN 734 throughput rate 737 VLAN 730 VPN 734 WLAN 730 truncated-address-header attack 485 truncated-header attack 485, 486 truncated-options attack 485 truncated-timestamp-header... prerequisites 96 see also load balancing 289 tutorial 113 where used 96 Trusted Certificates, see also certificates 603 TTCP-detected attack 485 tunnel encapsulation 399 ZyWALL USG 20/20W User's Guide