User Guide
Page 3
...information on essential terms used in the ZyWALL, what the real time online help provides. • Read Chapter 5 on page 69 if you're using the Web Configurator. ZyWALL USG 20/20W User's Guide 3 Note: It is recommended you ...require. Read each chapter carefully for information on configuring each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. E-mail techwriters@zyxel...
...information on essential terms used in the ZyWALL, what the real time online help provides. • Read Chapter 5 on page 69 if you're using the Web Configurator. ZyWALL USG 20/20W User's Guide 3 Note: It is recommended you ...require. Read each chapter carefully for information on configuring each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. E-mail techwriters@zyxel...
User Guide
Page 4
... Help? More help is a collection of answers to previously asked questions about your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide About This User's Guide • Web Configurator Online Help Click the help icon in any screen for help in order to better understand how to use e-mail instead.
... Help? More help is a collection of answers to previously asked questions about your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide About This User's Guide • Web Configurator Online Help Click the help icon in any screen for help in order to better understand how to use e-mail instead.
User Guide
Page 5
... differences in this book may differ slightly from others who use ZyXEL products and share your vendor, then contact a ZyXEL office for contact information. Every effort has been made to solve it. ZyWALL USG 20/20W User's Guide 5 Customer Support Should problems arise that you took to ensure that...vendor. Disclaimer Graphics in this manual is accurate. See http://www.zyxel.com/web/contact_us.php for the region in which you cannot contact your experiences as well. About This User's Guide • Forum This contains discussions on ZyXEL products. If you bought the device.
... differences in this book may differ slightly from others who use ZyXEL products and share your vendor, then contact a ZyXEL office for contact information. Every effort has been made to solve it. ZyWALL USG 20/20W User's Guide 5 Customer Support Should problems arise that you took to ensure that...vendor. Disclaimer Graphics in this manual is accurate. See http://www.zyxel.com/web/contact_us.php for the region in which you cannot contact your experiences as well. About This User's Guide • Forum This contains discussions on ZyXEL products. If you bought the device.
User Guide
Page 6
..." value. Warnings tell you about things that could harm you or your keyboard. • "Enter" means for you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide "Select" or "choose" means for you may denote "1000000" or "1048576" and so on your device. For example, "k" for kilo may denote "1000" or "1024...
..." value. Warnings tell you about things that could harm you or your keyboard. • "Enter" means for you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide "Select" or "choose" means for you may denote "1000000" or "1048576" and so on your device. For example, "k" for kilo may denote "1000" or "1024...
User Guide
Page 7
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
... antenna(s). • If you to the device. • Do NOT open the device or unit. Used electrical and electronic equipment should not be treated separately. 8 ZyWALL USG 20/20W User's Guide
... antenna(s). • If you to the device. • Do NOT open the device or unit. Used electrical and electronic equipment should not be treated separately. 8 ZyWALL USG 20/20W User's Guide
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials... Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials... Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 10
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
User Guide
Page 11
... and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
... and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
User Guide
Page 12
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Scenario 77 5.5.1 VPN Express Wizard - Configuration 78 5.5.2 VPN Express Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - ...
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Scenario 77 5.5.1 VPN Express Wizard - Configuration 78 5.5.2 VPN Express Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - ...
User Guide
Page 13
...SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File...Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...96 6.5.4 Trunks ...96 6.5.5 Policy Routes ...96 6.5.6 ...
...SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File...Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...96 6.5.4 Trunks ...96 6.5.5 Policy Routes ...96 6.5.6 ...
User Guide
Page 14
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 16
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
User Guide
Page 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
User Guide
Page 18
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
User Guide
Page 20
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
User Guide
Page 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
User Guide
Page 22
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide