User Guide
Page 3
... package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 20/20W User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the...
... package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 20/20W User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the...
User Guide
Page 4
... to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to www.zyxel.com for additional support documentation and product certifications. Send all User Guide-related comments, questions or suggestions for the latest product updates and...'s Guide • Web Configurator Online Help Click the help icon in any screen for help you. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide User Guide Feedback Help us help in configuring that screen and supplementary information. •...
... to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to www.zyxel.com for additional support documentation and product certifications. Send all User Guide-related comments, questions or suggestions for the latest product updates and...'s Guide • Web Configurator Online Help Click the help icon in any screen for help you. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide User Guide Feedback Help us help in configuring that screen and supplementary information. •...
User Guide
Page 5
ZyWALL USG 20/20W User's Guide 5 Learn from others who use ZyXEL products and share your vendor, then contact a ZyXEL office for the region in this book may differ slightly from the product due to solve it. See http://www.zyxel.com/web/contact_us.php for your vendor. Please have ... above, you installed updated firmware/software for contact information. About This User's Guide • Forum This contains discussions on ZyXEL products. If you bought the device. Customer Support Should problems arise that the information in which you cannot contact your experiences as well...
ZyWALL USG 20/20W User's Guide 5 Learn from others who use ZyXEL products and share your vendor, then contact a ZyXEL office for the region in this book may differ slightly from the product due to solve it. See http://www.zyxel.com/web/contact_us.php for your vendor. Please have ... above, you installed updated firmware/software for contact information. About This User's Guide • Forum This contains discussions on ZyXEL products. If you bought the device. Customer Support Should problems arise that the information in which you cannot contact your experiences as well...
User Guide
Page 6
Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this ... is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter" or "return" key on . • "e.g.," is " or "in other words". 6 ZyWALL USG 20/20W User's Guide Note: Notes tell you other important information (for you to that could harm you about things that screen. • Units of the predefined...
Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are shown in this ... is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter" or "return" key on . • "e.g.," is " or "in other words". 6 ZyWALL USG 20/20W User's Guide Note: Notes tell you other important information (for you to that could harm you about things that screen. • Units of the predefined...
User Guide
Page 7
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
... Electronics and Electrical Equipment. WEEE stands for further information. • Make sure to connect the cables to order a new one will be treated separately. 8 ZyWALL USG 20/20W User's Guide This device meets ETSI and FCC certification requirements when using the included antenna(s). There is known as insufficient airflow may harm your device...
... Electronics and Electrical Equipment. WEEE stands for further information. • Make sure to connect the cables to order a new one will be treated separately. 8 ZyWALL USG 20/20W User's Guide This device meets ETSI and FCC certification requirements when using the included antenna(s). There is known as insufficient airflow may harm your device...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference... Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 Technical Reference... Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 10
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
User Guide
Page 11
...Table of Contents About This User's Guide ...3 Document Conventions...6 Safety Warnings...8 Contents Overview ...9 Table of Contents...11 Part I: User's Guide 27 Chapter 1 Introducing the ZyWALL ...29 1.1 Overview and Key Default Settings 29 1.2 Wall-mounting ...29 1.3 Front Panel ...32 1.3.1 Front Panel LEDs ...32 1.4 Management Overview ...33 1.5 Starting and Stopping ... 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
...Table of Contents About This User's Guide ...3 Document Conventions...6 Safety Warnings...8 Contents Overview ...9 Table of Contents...11 Part I: User's Guide 27 Chapter 1 Introducing the ZyWALL ...29 1.1 Overview and Key Default Settings 29 1.2 Wall-mounting ...29 1.3 Front Panel ...32 1.3.1 Front Panel LEDs ...32 1.4 Management Overview ...33 1.5 Starting and Stopping ... 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
User Guide
Page 12
... Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 61 4.1.4 Internet Access...
... Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 61 4.1.4 Internet Access...
User Guide
Page 13
... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...96 6.5.4 Trunks ...96 6.5.5 Policy Routes ...96 6.5.6 Static Routes ...98 6.5.7 Zones ...98 6.5.8 DDNS...
... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Interface ...96 6.5.4 Trunks ...96 6.5.5 Policy Routes ...96 6.5.6 Static Routes ...98 6.5.7 Zones ...98 6.5.8 DDNS...
User Guide
Page 14
... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 15
... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 16
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
User Guide
Page 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
User Guide
Page 18
... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
...437 25.1.1 What You Need to Know 437 25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens Overview... 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
...437 25.1.1 What You Need to Know 437 25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens Overview... 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
User Guide
Page 32
... vendor. Shut down the device, wait for a few minutes and then restart the device (see Section 1.5 on . Figure 1 ZyWALL Front Panel ZyWALL USG 20 ZyWALL USG 20W 1.3.1 Front Panel LEDs The following table describes the LEDs. Breathing The ZyWALL is turned off. Blinking The ZyWALL is a hardware component failure. Red On There is booting. SYS Green Off The...
... vendor. Shut down the device, wait for a few minutes and then restart the device (see Section 1.5 on . Figure 1 ZyWALL Front Panel ZyWALL USG 20 ZyWALL USG 20W 1.3.1 Front Panel LEDs The following table describes the LEDs. Breathing The ZyWALL is turned off. Blinking The ZyWALL is a hardware component failure. Red On There is booting. SYS Green Off The...
User Guide
Page 374
...for certain default services described in To-ZyWALL Rules on page 375. All other DMZ to WLAN traffic is allowed for traffic going through the ZyWALL in To-ZyWALL Rules on page 375. Here is dropped. From WLAN to ZyWALL (USG 20W) Traffic from the WAN to Know Stateful... Inspection The ZyWALL has a stateful inspection firewall. Group the ZyWALL's interfaces into different zones based on the direction...
...for certain default services described in To-ZyWALL Rules on page 375. All other DMZ to WLAN traffic is allowed for traffic going through the ZyWALL in To-ZyWALL Rules on page 375. Here is dropped. From WLAN to ZyWALL (USG 20W) Traffic from the WAN to Know Stateful... Inspection The ZyWALL has a stateful inspection firewall. Group the ZyWALL's interfaces into different zones based on the direction...
User Guide
Page 890
...licenses are disclaimed. 2. You shall not exceed the scope of the Software or Documentation. 890 ZyWALL USG 20/20W User's Guide Ownership of License for Personal Use ZyXEL Communications Corp. ("ZyXEL") grants you have a license to use only, for internal business use the Software as long...violation of users specified in sales order and invoice. Any rights not expressly granted by ZyXEL to make one backup copy of the Software and Documentation solely for "ZyWALL USG 20W" WARNING: ZyXEL Communications Corp. You have no ownership rights in full force and effect. Appendix E Open...
...licenses are disclaimed. 2. You shall not exceed the scope of the Software or Documentation. 890 ZyWALL USG 20/20W User's Guide Ownership of License for Personal Use ZyXEL Communications Corp. ("ZyXEL") grants you have a license to use only, for internal business use the Software as long...violation of users specified in sales order and invoice. Any rights not expressly granted by ZyXEL to make one backup copy of the Software and Documentation solely for "ZyWALL USG 20W" WARNING: ZyXEL Communications Corp. You have no ownership rights in full force and effect. Appendix E Open...