User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 11
... Overview ...33 1.5 Starting and Stopping the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control... 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W...
... Overview ...33 1.5 Starting and Stopping the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control... 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W...
User Guide
Page 12
... 5.5.5 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W...
... 5.5.5 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W...
User Guide
Page 13
Policy ...100 6.5.13 Firewall ...100 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ... Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...
Policy ...100 6.5.13 Firewall ...100 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ... Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...
User Guide
Page 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 18
... 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
... Policy Add/Edit Screen 430 24.3 The SSL Global Setting Screen 433 24.3.1 How to Upload a Custom Logo 434 24.4 Establishing an SSL VPN Connection 435 Chapter 25 SSL User Screens ...437 25.1 Overview ...437 25.1.1 What You Need to Know 437 25.2 Remote User Login ...438... Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
... Policy Add/Edit Screen 430 24.3 The SSL Global Setting Screen 433 24.3.1 How to Upload a Custom Logo 434 24.4 Establishing an SSL VPN Connection 435 Chapter 25 SSL User Screens ...437 25.1 Overview ...437 25.1.1 What You Need to Know 437 25.2 Remote User Login ...438... Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
User Guide
Page 22
... You Can Do in this Chapter 583 38.1.2 Before You Begin 583 38.1.3 Example: Selecting a VPN Authentication Method 583 38.2 Authentication Method Objects 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... You Can Do in this Chapter 583 38.1.2 Before You Begin 583 38.1.3 Example: Selecting a VPN Authentication Method 583 38.2 Authentication Method Objects 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
...-mounting Do the following to be part of the ZyWALL. Its flexible configuration helps network administrators set ports to attach your company. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 20/20W User's Guide 29 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the LAN1...
...-mounting Do the following to be part of the ZyWALL. Its flexible configuration helps network administrators set ports to attach your company. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 20/20W User's Guide 29 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the LAN1...
User Guide
Page 37
... two sites over the Internet or any insecure network that uses TCP/IP for communication. Virtual Private Networks (VPN) Use IPSec, SSL to change security settings in the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features... of the ZyWALL. As a result, it is much simpler to zones. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN.
... two sites over the Internet or any insecure network that uses TCP/IP for communication. Virtual Private Networks (VPN) Use IPSec, SSL to change security settings in the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features... of the ZyWALL. As a result, it is much simpler to zones. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN.
User Guide
Page 39
... business travelers to provide secure access to remote users. You can configure the ZyWALL to provide SSL VPN network access to your ZyWALL. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service.
... business travelers to provide secure access to remote users. You can configure the ZyWALL to provide SSL VPN network access to your ZyWALL. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications for configuration tutorial examples. 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service.
User Guide
Page 48
.... Login Users Lists the users currently logged into the VPN SSL client portal. Anti-Spam Report Collect and display spam statistics. WLAN Status (For USG 20W only) Displays the connection status of the ZyWALL's DDNS domain names. Service View the licensed service status... and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Traffic Statistics Collect and display traffic statistics. DDNS Status Displays the status of the ZyWALL's wireless clients. VPN Monitor IPSec Displays and manages the active IPSec SAs. You ...
.... Login Users Lists the users currently logged into the VPN SSL client portal. Anti-Spam Report Collect and display spam statistics. WLAN Status (For USG 20W only) Displays the connection status of the ZyWALL's DDNS domain names. Service View the licensed service status... and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Traffic Statistics Collect and display traffic statistics. DDNS Status Displays the status of the ZyWALL's wireless clients. VPN Monitor IPSec Displays and manages the active IPSec SAs. You ...
User Guide
Page 49
...policies. Zone Configure zones used to which the ZyWALL does not apply IP/MAC binding. Exempt List Configure ranges of IP addresses to define various policies. ZyWALL USG 20/20W User's Guide 49 WLAN (For USG 20W only) Configure settings for an installed 3G card...MAC address bindings for devices connected to force user authentication. Policy Define rules to each supported interface. VPN Gateway Configure IKE tunnels. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Static Route Create and manage IP static routing information. NAT Set up and...
...policies. Zone Configure zones used to which the ZyWALL does not apply IP/MAC binding. Exempt List Configure ranges of IP addresses to define various policies. ZyWALL USG 20/20W User's Guide 49 WLAN (For USG 20W only) Configure settings for an installed 3G card...MAC address bindings for devices connected to force user authentication. Policy Define rules to each supported interface. VPN Gateway Configure IKE tunnels. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Static Route Create and manage IP static routing information. NAT Set up and...
User Guide
Page 61
... - Figure 26 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from your service provider. Enter a DNS server's IP address(es). The ZyWALL uses these (in the previous screen. Auto displays if you can be up to you by your (static) public IP address. The DNS server is... extremely important because without it can access it. PPPoE uses a service name to an IP address and vice versa. Options are: ZyWALL USG 20/20W User's Guide 61 Select an authentication protocol for VPN, DDNS and the time server.
... - Figure 26 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from your service provider. Enter a DNS server's IP address(es). The ZyWALL uses these (in the previous screen. Auto displays if you can be up to you by your (static) public IP address. The DNS server is... extremely important because without it can access it. PPPoE uses a service name to an IP address and vice versa. Options are: ZyWALL USG 20/20W User's Guide 61 Select an authentication protocol for VPN, DDNS and the time server.
User Guide
Page 62
... only. • MSCHAP-V2 - This field can be up to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to you selected static IP address assignment. Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to an IP address and... Assignment in order to time out. Chapter 4 Installation Setup Wizard • CHAP/PAP - You can use alphanumeric and _@$./ characters, and it can access it . 62 ZyWALL USG 20/20W User's Guide Otherwise, type the Idle Timeout in seconds that will connect with the user name. Your...
... only. • MSCHAP-V2 - This field can be up to resolve domain names for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to you selected static IP address assignment. Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to an IP address and... Assignment in order to time out. Chapter 4 Installation Setup Wizard • CHAP/PAP - You can use alphanumeric and _@$./ characters, and it can access it . 62 ZyWALL USG 20/20W User's Guide Otherwise, type the Idle Timeout in seconds that will connect with the user name. Your...
User Guide
Page 64
...id" and "n:name" format. The DNS server is the security zone to resolve domain names for VPN, DDNS and the time server. You can be up to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide This field is the connection type on the requirements of the PPTP server. •... IP address. Auto displays if you selected Auto as 0.0.0.0 if you can access it can use alphanumeric and -_: characters, and it . The ZyWALL uses these (in seconds that elapses before you do not want to 31 characters long. 4.1.5.2 WAN IP Address Assignments • First WAN Interface:...
...id" and "n:name" format. The DNS server is the security zone to resolve domain names for VPN, DDNS and the time server. You can be up to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide This field is the connection type on the requirements of the PPTP server. •... IP address. Auto displays if you selected Auto as 0.0.0.0 if you can access it can use alphanumeric and -_: characters, and it . The ZyWALL uses these (in seconds that elapses before you do not want to 31 characters long. 4.1.5.2 WAN IP Address Assignments • First WAN Interface:...
User Guide
Page 69
... this link to open the first Quick Setup screen. See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This chapter provides information on page 76. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards...
... this link to open the first Quick Setup screen. See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This chapter provides information on page 76. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards...
User Guide
Page 74
...because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. Service Name... This field is for VPN, DDNS and the time server. Server IP This field only appears for an interface with a static IP address. It...
...because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. Service Name... This field is for VPN, DDNS and the time server. Server IP This field only appears for an interface with a static IP address. It...
User Guide
Page 75
...This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This is how many seconds the connection can use later in the main Quick Setup screen to connect ...with your ISP. The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you specified a connection ID, it displays ...
...This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This is how many seconds the connection can use later in the main Quick Setup screen to connect ...with your ISP. The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you specified a connection ID, it displays ...
User Guide
Page 76
... can be to another computer or network. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 20/20W User's Guide Use this wizard to configure. Figure 39 VPN Setup Wizard: Wizard Type Express: Use this screen to select...
... can be to another computer or network. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 20/20W User's Guide Use this wizard to configure. Figure 39 VPN Setup Wizard: Wizard Type Express: Use this screen to select...