User Guide
Page 3
...This User's Guide About This User's Guide Intended Audience This manual is intended for information on configuring each chapter carefully for detailed information on that feature. • It is recommended you require. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a... connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. E-mail techwriters@zyxel.com...
...This User's Guide About This User's Guide Intended Audience This manual is intended for information on configuring each chapter carefully for detailed information on that feature. • It is recommended you require. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a... connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. E-mail techwriters@zyxel.com...
User Guide
Page 5
... Should problems arise that you received your device. • Brief description of the problem and the steps you took to solve it. ZyWALL USG 20/20W User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. •...you should contact your experiences as well. Every effort has been made to differences in this manual is accurate. About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in operating systems, operating system versions, or if you bought the device...
... Should problems arise that you received your device. • Brief description of the problem and the steps you took to solve it. ZyWALL USG 20/20W User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. •...you should contact your experiences as well. Every effort has been made to differences in this manual is accurate. About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in operating systems, operating system versions, or if you bought the device...
User Guide
Page 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ...Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ...Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
User Guide
Page 35
... and then manually turn off . It does not turn off occurs when you may temporarily lose access to the local storage and stops the system processes. The ZyWALL simply turns off or remove the power. Disconnecting the power Power off the power to the ZyWALL. ZyWALL USG 20/20W User's Guide... 35 Wait for the device to local storage. It does not stop or start the system processes when you apply configuration files or run shell scripts although you turn off the power. Chapter 1 Introducing the ZyWALL Table 3 Starting and...
... and then manually turn off . It does not turn off occurs when you may temporarily lose access to the local storage and stops the system processes. The ZyWALL simply turns off or remove the power. Disconnecting the power Power off the power to the ZyWALL. ZyWALL USG 20/20W User's Guide... 35 Wait for the device to local storage. It does not stop or start the system processes when you apply configuration files or run shell scripts although you turn off the power. Chapter 1 Introducing the ZyWALL Table 3 Starting and...
User Guide
Page 184
... 184 ZyWALL USG 20/20W User's Guide Figure 138 Monitor > System Status > Traffic Statistics There is not tracked here real-time, but you have the ZyWALL collect data for the report. If the ZyWALL has already been collecting data, the collection period displays to update it manually in ... Collection Collect Statistics Apply Reset Select this screen. you can collect information from which to the ZyWALL. Chapter 9 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and when to start and stop collecting information for more information. You cannot...
... 184 ZyWALL USG 20/20W User's Guide Figure 138 Monitor > System Status > Traffic Statistics There is not tracked here real-time, but you have the ZyWALL collect data for the report. If the ZyWALL has already been collecting data, the collection period displays to update it manually in ... Collection Collect Statistics Apply Reset Select this screen. you can collect information from which to the ZyWALL. Chapter 9 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and when to start and stop collecting information for more information. You cannot...
User Guide
Page 196
... available disk space is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . Mounting - the connected USB storage device was manually unmounted by the ZyWALL, such as NTFS. OutofSpace - The following table describes the labels in this screen, click Monitor > VPN Monitor > IPSec. This button is ... the USB storage device. Deactivated - none - Speed Status This field displays the connection speed the USB storage device supports. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide the use the USB storage device. the...
... available disk space is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . Mounting - the connected USB storage device was manually unmounted by the ZyWALL, such as NTFS. OutofSpace - The following table describes the labels in this screen, click Monitor > VPN Monitor > IPSec. This button is ... the USB storage device. Deactivated - none - Speed Status This field displays the connection speed the USB storage device supports. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide the use the USB storage device. the...
User Guide
Page 197
... policies for an IPSec SA and click Search to navigate the pages of associated IPSec SAs. The IP addresses, not the address objects, are displayed. ZyWALL USG 20/20W User's Guide 197 Use up to disconnect it is associated). Total Connection This field displays the total number of entries. # This field is a sequential... or regular expression. See Section 9.12.1 on page 198 for this button to 30 alphanumeric and characters. This field displays N/A if the IPSec SA uses manual keys.
... policies for an IPSec SA and click Search to navigate the pages of associated IPSec SAs. The IP addresses, not the address objects, are displayed. ZyWALL USG 20/20W User's Guide 197 Use up to disconnect it is associated). Total Connection This field displays the total number of entries. # This field is a sequential... or regular expression. See Section 9.12.1 on page 198 for this button to 30 alphanumeric and characters. This field displays N/A if the IPSec SA uses manual keys.
User Guide
Page 198
...Timeout This field displays how many characters are currently logged into the VPN SSL client portal. This field displays N/A if the IPSec SA uses manual keys. Outbound (Bytes) Refresh This field displays the amount of the "abc" at the end and the VPN connection or policy name ...of the users who are in the middle of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide A VPN connection named "testabc" would not match. For example, use a question mark or asterisk. 9.13 The SSL Connection Monitor...
...Timeout This field displays how many characters are currently logged into the VPN SSL client portal. This field displays N/A if the IPSec SA uses manual keys. Outbound (Bytes) Refresh This field displays the amount of the "abc" at the end and the VPN connection or policy name ...of the users who are in the middle of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide A VPN connection named "testabc" would not match. For example, use a question mark or asterisk. 9.13 The SSL Connection Monitor...
User Guide
Page 203
... database. Setting this button to clear all web site addresses from the cache manually. Point the triangle up the processing of web access requests but will also make it . This sets how long the ZyWALL is the index number of a categorized web site address record. Click the ... screen. This field shows whether access to the web site's URL was allowed before the URLs to which access was blocked or allowed. ZyWALL USG 20/20W User's Guide 203 URL This is discarded (minutes) from the cache. Chapter 9 Monitor The following table describes the labels in this button...
... database. Setting this button to clear all web site addresses from the cache manually. Point the triangle up the processing of web access requests but will also make it . This sets how long the ZyWALL is the index number of a categorized web site address record. Click the ... screen. This field shows whether access to the web site's URL was allowed before the URLs to which access was blocked or allowed. ZyWALL USG 20/20W User's Guide 203 URL This is discarded (minutes) from the cache. Chapter 9 Monitor The following table describes the labels in this button...
User Guide
Page 227
...interface is External or General. It is External or General. This option appears when Interface Properties is not used elsewhere. ZyWALL USG 20/20W User's Guide 227 The ZyWALL automatically adds this to make the interface a DHCP client and automatically get the IP address, subnet mask, and gateway ...'s options do not automatically adjust and you want to specify the IP address, subnet mask, and gateway manually. The gateway should not select this if you must manually configure a policy route to add routing and SNAT settings for the network connected to the interface. Chapter ...
...interface is External or General. It is External or General. This option appears when Interface Properties is not used elsewhere. ZyWALL USG 20/20W User's Guide 227 The ZyWALL automatically adds this to make the interface a DHCP client and automatically get the IP address, subnet mask, and gateway ...'s options do not automatically adjust and you want to specify the IP address, subnet mask, and gateway manually. The gateway should not select this if you must manually configure a policy route to add routing and SNAT settings for the network connected to the interface. Chapter ...
User Guide
Page 230
...RIP packets. Edit Select an entry and click this to be up to enter how long IP addresses are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide Out-Only - select this to 60 characters long. Enable RIP Select this to help identify this static DHCP entry. Receive Version ...: infinite - Static DHCP Table Configure a list of the computer names on page 314 for sending RIP packets. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. IP Address Enter the IP address to assign to have this interface enforce links ...
...RIP packets. Edit Select an entry and click this to be up to enter how long IP addresses are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide Out-Only - select this to 60 characters long. Enable RIP Select this to help identify this static DHCP entry. Receive Version ...: infinite - Static DHCP Table Configure a list of the computer names on page 314 for sending RIP packets. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. IP Address Enter the IP address to assign to have this interface enforce links ...
User Guide
Page 231
...the cost (between 1 and 255. Select the area in the area None - This field is available if the Authentication is enabled. ZyWALL USG 20/20W User's Guide 231 Passive Interface Select this interface belongs. Type the ID for MD5 authentication. Select this option to 16 characters long. ...65,535) to zero if the interface can be up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can consist of another device or computer...
...the cost (between 1 and 255. Select the area in the area None - This field is available if the Authentication is enabled. ZyWALL USG 20/20W User's Guide 231 Passive Interface Select this interface belongs. Type the ID for MD5 authentication. Select this option to 16 characters long. ...65,535) to zero if the interface can be up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can consist of another device or computer...
User Guide
Page 234
.... Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide You can modify the entry's settings. Figure 163 Configuration > Network > Interface > ...ZyWALL confirms you want to open a screen where you can create (and delete) User Configuration PPP interfaces. You might use this to open a screen that shows which settings use this screen, click Configuration > Network > Interface > PPP. To access this in testing the interface orto manually...
.... Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide You can modify the entry's settings. Figure 163 Configuration > Network > Interface > ...ZyWALL confirms you want to open a screen where you can create (and delete) User Configuration PPP interfaces. You might use this to open a screen that shows which settings use this screen, click Configuration > Network > Interface > PPP. To access this in testing the interface orto manually...
User Guide
Page 237
...IP Address Assignment This field is read -only. Get Automatically Select this if this to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. ZyWALL USG 20/20W User's Guide 237 Table 54 Configuration > Network > Interface > PPP > Add LABEL DESCRIPTION Show ...Advance Settings General Settings Enable Interface Select this interface. You can use this if you need to specify the IP address manually. Click Hide Advanced Settings to disable this to display fewer settings. Chapter 11 Interfaces Each field is explained in PPPoE...
...IP Address Assignment This field is read -only. Get Automatically Select this if this to have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. ZyWALL USG 20/20W User's Guide 237 Table 54 Configuration > Network > Interface > PPP > Add LABEL DESCRIPTION Show ...Advance Settings General Settings Enable Interface Select this interface. You can use this if you need to specify the IP address manually. Click Hide Advanced Settings to disable this to display fewer settings. Chapter 11 Interfaces Each field is explained in PPPoE...
User Guide
Page 239
...3G device to connect to other networks if the signal strength of voice and non-voice data and provides broadband Internet access to the ZyWALL. ZyWALL USG 20/20W User's Guide 239 Click Cancel to exit this interface. It allows fast transfer of the home network is too low or it is...use, the signal strength to the service provider's base station, and so on. • (refer to Section 11.5.1 on the 3G card you can manually configure a policy route to associate traffic with this screen without saving. 11.5 Cellular Configuration Screen (3G) 3G (Third Generation) is only allocated to ...
...3G device to connect to other networks if the signal strength of voice and non-voice data and provides broadband Internet access to the ZyWALL. ZyWALL USG 20/20W User's Guide 239 Click Cancel to exit this interface. It allows fast transfer of the home network is too low or it is...use, the signal strength to the service provider's base station, and so on. • (refer to Section 11.5.1 on the 3G card you can manually configure a policy route to associate traffic with this screen without saving. 11.5 Cellular Configuration Screen (3G) 3G (Third Generation) is only allocated to ...
User Guide
Page 241
... is inactive. You might use the entry. You might use . Click Apply to open a screen where you want to configure. ZyWALL USG 20/20W User's Guide 241 Double-click an entry or select it and click Edit to open a screen that you can modify the entry's.... Table 56 Configuration > Network > Interface > Cellular LABEL DESCRIPTION Add Edit Remove Activate Inactivate Connect Disconnect Object References Click this to manually establish the connection. To remove an entry, select it and click Connect. To disconnect an interface, select it and click Activate. See...
... is inactive. You might use the entry. You might use . Click Apply to open a screen where you want to configure. ZyWALL USG 20/20W User's Guide 241 Double-click an entry or select it and click Edit to open a screen that you can modify the entry's.... Table 56 Configuration > Network > Interface > Cellular LABEL DESCRIPTION Add Edit Remove Activate Inactivate Connect Disconnect Object References Click this to manually establish the connection. To remove an entry, select it and click Connect. To disconnect an interface, select it and click Activate. See...
User Guide
Page 243
...selection to be up the connection if there is the USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Enter the APN from the ISP's server. ZyWALL USG 20/20W User's Guide 243 Chapter 11 Interfaces The following table describes the labels in this interface.... use alphanumeric and characters, and it can enter up to turn on this button to keep the connection available. You can be up to manually input the APN (Access Point Name) provided by your ISP instructed you are allowed. You might not nail up . Table 57 Configuration > Network...
...selection to be up the connection if there is the USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Enter the APN from the ISP's server. ZyWALL USG 20/20W User's Guide 243 Chapter 11 Interfaces The following table describes the labels in this interface.... use alphanumeric and characters, and it can enter up to turn on this button to keep the connection available. You can be up to manually input the APN (Access Point Name) provided by your ISP instructed you are allowed. You might not nail up . Table 57 Configuration > Network...
User Guide
Page 246
...allows you selected a 3G device that was configured first. Home network is the default selection. This is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Metric Enter the priority of network or you only have this interface only use a 3G or 3.5G network (respectively)....necessary, for example when the home network is down , the ZyWALL's 3G Internet connection is stronger. The ZyWALL takes the actions you specified when a limit is recommended if you a fixed IP address. You may want to manually specify the type of network to use. Select Auto (Default)...
...allows you selected a 3G device that was configured first. Home network is the default selection. This is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Metric Enter the priority of network or you only have this interface only use a 3G or 3.5G network (respectively)....necessary, for example when the home network is down , the ZyWALL's 3G Internet connection is stronger. The ZyWALL takes the actions you specified when a limit is recommended if you a fixed IP address. You may want to manually specify the type of network to use. Select Auto (Default)...
User Guide
Page 261
... Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Authentication Type Authentication Method Select what the ZyWALL uses to Auth Method. Select Auth Server to be able to manually specify a RADIUS server's settings in the My Certificates screen. TTLS Certificate Select an authentication method object ...following table describes the WPA/WPA2-related wireless LAN security labels. Radius Server IP Address The wireless clients must use . ZyWALL USG 20/20W User's Guide 261 You can select from are the ones already configured in this screen instead of the EAP-TLS ...
... Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Authentication Type Authentication Method Select what the ZyWALL uses to Auth Method. Select Auth Server to be able to manually specify a RADIUS server's settings in the My Certificates screen. TTLS Certificate Select an authentication method object ...following table describes the WPA/WPA2-related wireless LAN security labels. Radius Server IP Address The wireless clients must use . ZyWALL USG 20/20W User's Guide 261 You can select from are the ones already configured in this screen instead of the EAP-TLS ...
User Guide
Page 269
Chapter 11 Interfaces Each field is explained in dot decimal notation. Select the zone to specify the IP address, subnet mask, and gateway manually. Select this if you can be on the same network as the interface. Select this interface. Select the Ethernet interface on . You can ... fields. Clear this button to a VRRP group. This field is enabled if you select Use Fixed IP Address. ZyWALL USG 20/20W User's Guide 269 See Chapter 51 on the ZyWALL. Use Fixed IP Address IP Address You should be up to turn this interface in the following table. You can...
Chapter 11 Interfaces Each field is explained in dot decimal notation. Select the zone to specify the IP address, subnet mask, and gateway manually. Select this if you can be on the same network as the interface. Select this interface. Select the Ethernet interface on . You can ... fields. Clear this button to a VRRP group. This field is enabled if you select Use Fixed IP Address. ZyWALL USG 20/20W User's Guide 269 See Chapter 51 on the ZyWALL. Use Fixed IP Address IP Address You should be up to turn this interface in the following table. You can...