User Guide
Page 3
... the PDF file. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL using the quick setup wizards and you want to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if...
... the PDF file. ZyWALL USG 20/20W User's Guide 3 Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL using the quick setup wizards and you want to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if...
User Guide
Page 4
... efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for improvement to the following address, or use your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide About This User's Guide • Web...
... efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for improvement to the following address, or use your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide About This User's Guide • Web...
User Guide
Page 5
About This User's Guide • Forum This contains discussions on ZyXEL products. If you cannot contact your device. ZyWALL USG 20/20W User's Guide 5 See http://www.zyxel.com/web/contact_us.php for the region in this book may differ slightly from others who use ZyXEL products and share your vendor. .... • Brief description of the problem and the steps you installed updated firmware/software for your vendor, then contact a ZyXEL office for contact information. Every effort has been made to solve it. Customer Support Should problems arise that the information in ...
About This User's Guide • Forum This contains discussions on ZyXEL products. If you cannot contact your device. ZyWALL USG 20/20W User's Guide 5 See http://www.zyxel.com/web/contact_us.php for the region in this book may differ slightly from others who use ZyXEL products and share your vendor. .... • Brief description of the problem and the steps you installed updated firmware/software for your vendor, then contact a ZyXEL office for contact information. Every effort has been made to solve it. Customer Support Should problems arise that the information in ...
User Guide
Page 6
... harm you may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this User's Guide. Note: Notes tell you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide For example, "k" for kilo may denote "1000...
... harm you may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this User's Guide. Note: Notes tell you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide For example, "k" for kilo may denote "1000...
User Guide
Page 7
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
... is marked with general waste. ONLY qualified service personnel should be damaged. Contact your local vendor to order a new one will be treated separately. 8 ZyWALL USG 20/20W User's Guide There is a remote risk of electric shock from the device and the power source. • Do NOT attempt to repair the power adaptor or cord...
... is marked with general waste. ONLY qualified service personnel should be damaged. Contact your local vendor to order a new one will be treated separately. 8 ZyWALL USG 20/20W User's Guide There is a remote risk of electric shock from the device and the power source. • Do NOT attempt to repair the power adaptor or cord...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 10
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
User Guide
Page 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
User Guide
Page 12
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Phase 2 83 5.5.7 VPN Advanced Wizard - Phase 1 Settings 82 5.5.6 VPN ...
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Phase 2 83 5.5.7 VPN Advanced Wizard - Phase 1 Settings 82 5.5.6 VPN ...
User Guide
Page 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
User Guide
Page 14
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 16
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
User Guide
Page 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
User Guide
Page 18
... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
User Guide
Page 20
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ... Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ... Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
User Guide
Page 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
User Guide
Page 22
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide