User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference ...163 Dashboard ...165 Monitor ...177 Registration... VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W ...
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference ...163 Dashboard ...165 Monitor ...177 Registration... VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W ...
User Guide
Page 11
... the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User...
... the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User...
User Guide
Page 12
... 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Finish 65 4.2 Device Registration ...65 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick...
... 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Finish 65 4.2 Device Registration ...65 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick...
User Guide
Page 13
... 7.1.4 Configure Zones ...110 7.2 How to Configure a Cellular Interface 111 7.3 How to Configure Load Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User...
... 7.1.4 Configure Zones ...110 7.2 How to Configure a Cellular Interface 111 7.3 How to Configure Load Balancing 113 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User...
User Guide
Page 18
... 22.1.3 Firewall Rule Example Applications 376 22.1.4 Firewall Rule Configuration Example 379 22.2 The Firewall Screen ...381 22.2.1 Configuring the Firewall Screen 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 22.1.3 Firewall Rule Example Applications 376 22.1.4 Firewall Rule Configuration Example 379 22.2 The Firewall Screen ...381 22.2.1 Configuring the Firewall Screen 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
...ZyWALL USG 20/20W User's Guide 29 It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL provides excellent throughput with minimal configuration... ZyWALL to attach your company. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. In addition, the ZyWALL ...
...ZyWALL USG 20/20W User's Guide 29 It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. The ZyWALL provides excellent throughput with minimal configuration... ZyWALL to attach your company. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. In addition, the ZyWALL ...
User Guide
Page 37
... of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and VPN tunnels to provide secure communication between these ports...
... of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and VPN tunnels to provide secure communication between these ports...
User Guide
Page 39
... 107 for your network. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to your ZyWALL. You can configure the ZyWALL to provide SSL VPN network access to remote users. Figure 3 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can...
... 107 for your network. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to your ZyWALL. You can configure the ZyWALL to provide SSL VPN network access to remote users. Figure 3 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can...
User Guide
Page 48
... licensed services. 48 ZyWALL USG 20/20W User's Guide DDNS Status Displays the status of all current sessions. Login Users Lists the users currently logged into the VPN SSL client portal. Licensing Registration Registration Register the device and activate trial services. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Cellular...
... licensed services. 48 ZyWALL USG 20/20W User's Guide DDNS Status Displays the status of all current sessions. Login Users Lists the users currently logged into the VPN SSL client portal. Licensing Registration Registration Register the device and activate trial services. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Cellular...
User Guide
Page 49
...-level RIP settings. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of interfaces) for load balancing and link High Availability (HA). VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 20/20W User's Guide 49 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Interface Port Role Use this screen...
...-level RIP settings. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of interfaces) for load balancing and link High Availability (HA). VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 20/20W User's Guide 49 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Interface Port Role Use this screen...
User Guide
Page 61
...not want to configure DNS servers. 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as the IP Address Assignment in the previous screen. PPPoE uses a service name to 64 characters long. • Authentication Type - Options are: ZyWALL USG 20/20W User's Guide... 61 Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. Select an authentication protocol for VPN, DDNS and the time server. You can use alphanumeric and _@$./ ...
...not want to configure DNS servers. 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as the IP Address Assignment in the previous screen. PPPoE uses a service name to 64 characters long. • Authentication Type - Options are: ZyWALL USG 20/20W User's Guide... 61 Chapter 4 Installation Setup Wizard • IP Address: Enter your service provider. Select an authentication protocol for VPN, DDNS and the time server. You can use alphanumeric and _@$./ ...
User Guide
Page 62
... Select Nailed-Up if you selected static IP address assignment. The DNS server is extremely important because without it . 62 ZyWALL USG 20/20W User's Guide If you do not configure a DNS server, you must know the IP address of the interface that will belong. • IP Address: Enter your... 4 Installation Setup Wizard • CHAP/PAP - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to configure DNS servers. You can be up to time out. Leave...
... Select Nailed-Up if you selected static IP address assignment. The DNS server is extremely important because without it . 62 ZyWALL USG 20/20W User's Guide If you do not configure a DNS server, you must know the IP address of the interface that will belong. • IP Address: Enter your... 4 Installation Setup Wizard • CHAP/PAP - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to configure DNS servers. You can be up to time out. Leave...
User Guide
Page 64
...Second DNS Server: These fields display if you do not want the connection to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. The DNS server is the connection type on ...the requirements of your ISP (if given). • Server IP: Type the IP address of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration • Base ...
...Second DNS Server: These fields display if you do not want the connection to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. The DNS server is the connection type on ...the requirements of your ISP (if given). • Server IP: Type the IP address of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration • Base ...
User Guide
Page 69
...ZyWALL USG 20/20W User's Guide 69 In the Web Configurator, click Configuration > Quick Setup to open a wizard to set up a WAN (Internet) connection. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator.... This chapter provides information on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. See the feature-specific ...
...ZyWALL USG 20/20W User's Guide 69 In the Web Configurator, click Configuration > Quick Setup to open a wizard to set up a WAN (Internet) connection. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator.... This chapter provides information on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. See the feature-specific ...
User Guide
Page 74
...: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. It displays the PPPoE service name specified in the order you do not configure a DNS server, you can access it . Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS...to resolve domain names for VPN, DDNS and the time server. Service Name This field is extremely important because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide The DNS ...
...: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. It displays the PPPoE service name specified in the order you do not configure a DNS server, you can access it . Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS...to resolve domain names for VPN, DDNS and the time server. Service Name This field is extremely important because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide The DNS ...
User Guide
Page 75
...the WAN IP address is Static, these fields display the DNS server IP address(es). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to which security zone this interface and Internet connection will not time out. If No displays... ISP. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This is the user name given to open the VPN Setup Wizard Welcome screen. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features...
...the WAN IP address is Static, these fields display the DNS server IP address(es). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to which security zone this interface and Internet connection will not time out. If No displays... ISP. Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This is the user name given to open the VPN Setup Wizard Welcome screen. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features...
User Guide
Page 116
Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 65 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard. Figure 66 VPN Example LAN LAN 116 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 20/20W User's Guide
Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 65 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard. Figure 66 VPN Example LAN LAN 116 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 20/20W User's Guide
User Guide
Page 615
...click the links or follow the steps in this Chapter • Use the SSL Application screen (Section 41.2 on page 617) to view the ZyWALL's configured SSL application objects. • Use the SSL Application Edit screen to create or edit web-based application objects to allow remote users to access an... Know Application Types You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in the pop-up dialog box to access. ZyWALL USG 20/20W User's Guide 615 CHAPTER 41 SSL Application 41.1 Overview You use the SSL ...
...click the links or follow the steps in this Chapter • Use the SSL Application screen (Section 41.2 on page 617) to view the ZyWALL's configured SSL application objects. • Use the SSL Application Edit screen to create or edit web-based application objects to allow remote users to access an... Know Application Types You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 41.1.1 What You Can Do in the pop-up dialog box to access. ZyWALL USG 20/20W User's Guide 615 CHAPTER 41 SSL Application 41.1 Overview You use the SSL ...
User Guide
Page 948
Index transport encapsulation 399 tunnel encapsulation 399 VPN gateway 394 IPSec SA active protocol 421 and firewall 376, 733 and to-ZyWALL firewall 733 authentication algorithms 415, 416 authentication key (manual keys) 423 destination NAT ... for outbound traffic 424 status 196 transport mode 422 tunnel mode 422 when IKE SA is disconnected 421 IPSec VPN configuration overview 101 prerequisites 100, 101 see also IPSec troubleshooting 732 tutorial 116 where used 101 ISP account CHAP 613...LDAP load balancing 289 algorithms 290, 294 least load first 290 round robin 295 ZyWALL USG 20/20W User's Guide
Index transport encapsulation 399 tunnel encapsulation 399 VPN gateway 394 IPSec SA active protocol 421 and firewall 376, 733 and to-ZyWALL firewall 733 authentication algorithms 415, 416 authentication key (manual keys) 423 destination NAT ... for outbound traffic 424 status 196 transport mode 422 tunnel mode 422 when IKE SA is disconnected 421 IPSec VPN configuration overview 101 prerequisites 100, 101 see also IPSec troubleshooting 732 tutorial 116 where used 101 ISP account CHAP 613...LDAP load balancing 289 algorithms 290, 294 least load first 290 round robin 295 ZyWALL USG 20/20W User's Guide
User Guide
Page 950
... 91 OSPF 315 and Ethernet interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering...ZyWALL USG 20/20W User's Guide Index and address objects 306 and address objects (HOST) 341 and ALG 352, 354 and firewall 382 and interfaces 341 and policy routes 298, 305 and to -ZyWALL firewall 316 area 0 317 areas, see OSPF areas authentication method 224 autonomous system (AS) 315 backbone 317 configuration...
... 91 OSPF 315 and Ethernet interfaces 224 and RIP 318 and static routes 318 and to -ZyWALL firewall 343 and VoIP pass through 354 and VPN 419 and VPN, see also VPN configuration overview 98 limitations 310 loopback 343 port forwarding, see NAT port translation, see NAT port triggering...ZyWALL USG 20/20W User's Guide Index and address objects 306 and address objects (HOST) 341 and ALG 352, 354 and firewall 382 and interfaces 341 and policy routes 298, 305 and to -ZyWALL firewall 316 area 0 317 areas, see OSPF areas authentication method 224 autonomous system (AS) 315 backbone 317 configuration...