User Guide
Page 15
...-Passive Device HA 164 7.14.1 Before You Start ...165 7.14.2 Configure Device HA on the Master ZyWALL 166 7.14.3 Configure the Backup ZyWALL 168 7.14.4 Deploy the Backup ZyWALL 170 7.14.5 Check Your Device HA Setup 170 Chapter 8 L2TP VPN Example ...171 8.1 L2TP VPN ...Login Users Screen 220 Chapter 10 Monitor...223 10.1 Overview ...223 10.1.1 What You Can Do in this Chapter 223 10.2 The Port Statistics Screen 224 10.2.1 The Port Statistics Graph Screen 226 10.3 Interface Status Screen 227 10.4 The Traffic Statistics Screen 230 10.5 The Session Monitor Screen 233 ZyWALL USG 1000...
...-Passive Device HA 164 7.14.1 Before You Start ...165 7.14.2 Configure Device HA on the Master ZyWALL 166 7.14.3 Configure the Backup ZyWALL 168 7.14.4 Deploy the Backup ZyWALL 170 7.14.5 Check Your Device HA Setup 170 Chapter 8 L2TP VPN Example ...171 8.1 L2TP VPN ...Login Users Screen 220 Chapter 10 Monitor...223 10.1 Overview ...223 10.1.1 What You Can Do in this Chapter 223 10.2 The Port Statistics Screen 224 10.2.1 The Port Statistics Graph Screen 226 10.3 Interface Status Screen 227 10.4 The Traffic Statistics Screen 230 10.5 The Session Monitor Screen 233 ZyWALL USG 1000...
User Guide
Page 16
Table of Contents 10.6 The DDNS Status Screen 236 10.7 IP/MAC Binding Monitor 236 10.8 The Login Users Screen 238 10.9 Cellular Status Screen ...239 10.10 Application Patrol Statistics 241 10.10.1 Application Patrol Statistics: General Setup 241 10.10.2 Application ... Chapter 13 Interfaces ...277 13.1 Interface Overview ...277 13.1.1 What You Can Do in this Chapter 277 13.1.2 What You Need to Know 278 16 ZyWALL USG 1000 User's Guide
Table of Contents 10.6 The DDNS Status Screen 236 10.7 IP/MAC Binding Monitor 236 10.8 The Login Users Screen 238 10.9 Cellular Status Screen ...239 10.10 Application Patrol Statistics 241 10.10.1 Application Patrol Statistics: General Setup 241 10.10.2 Application ... Chapter 13 Interfaces ...277 13.1 Interface Overview ...277 13.1.1 What You Can Do in this Chapter 277 13.1.2 What You Need to Know 278 16 ZyWALL USG 1000 User's Guide
User Guide
Page 20
...27 SSL User Screens ...493 27.1 Overview ...493 27.1.1 What You Need to Know 493 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 ...SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 1000 User's Guide
...27 SSL User Screens ...493 27.1 Overview ...493 27.1.1 What You Need to Know 493 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 ...SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 1000 User's Guide
User Guide
Page 24
... Summary Screen 695 40.3.1 Group Add/Edit Screen 696 40.4 Setting Screen ...697 40.4.1 Default User Authentication Timeout Settings Edit Screens 700 40.4.2 User Aware Login Example 702 40.5 User /Group Technical Reference 703 Chapter 41 Addresses...705 41.1 Overview ...705 41.1.1 What You Can Do in this Chapter 705 41... Add/Edit Screen 707 41.3 Address Group Summary Screen 708 41.3.1 Address Group Add/Edit Screen 709 Chapter 42 Services ...711 42.1 Overview ...711 24 ZyWALL USG 1000 User's Guide
... Summary Screen 695 40.3.1 Group Add/Edit Screen 696 40.4 Setting Screen ...697 40.4.1 Default User Authentication Timeout Settings Edit Screens 700 40.4.2 User Aware Login Example 702 40.5 User /Group Technical Reference 703 Chapter 41 Addresses...705 41.1 Overview ...705 41.1.1 What You Can Do in this Chapter 705 41... Add/Edit Screen 707 41.3 Address Group Summary Screen 708 41.3.1 Address Group Add/Edit Screen 709 Chapter 42 Services ...711 42.1 Overview ...711 24 ZyWALL USG 1000 User's Guide
User Guide
Page 27
... ...798 50.6.4 Configuring WWW Service Control 799 50.6.5 Service Control Rules 803 50.6.6 Customizing the WWW Login Page 803 50.6.7 HTTPS Example ...807 50.7 SSH ...814 50.7.1 How SSH Works ...815 50.7.2 SSH Implementation on the ZyWALL 816 50.7.3 Requirements for Using SSH 816 50.7.4 Configuring SSH ...816 50.7.5 Secure Telnet Using... 50.12 Vantage CNM ...829 50.12.1 Configuring Vantage CNM 830 50.13 Language Screen ...832 Chapter 51 Log and Report ...833 51.1 Overview ...833 ZyWALL USG 1000 User's Guide 27
... ...798 50.6.4 Configuring WWW Service Control 799 50.6.5 Service Control Rules 803 50.6.6 Customizing the WWW Login Page 803 50.6.7 HTTPS Example ...807 50.7 SSH ...814 50.7.1 How SSH Works ...815 50.7.2 SSH Implementation on the ZyWALL 816 50.7.3 Requirements for Using SSH 816 50.7.4 Configuring SSH ...816 50.7.5 Secure Telnet Using... 50.12 Vantage CNM ...829 50.12.1 Configuring Vantage CNM 830 50.13 Language Screen ...832 Chapter 51 Log and Report ...833 51.1 Overview ...833 ZyWALL USG 1000 User's Guide 27
User Guide
Page 48
... Type the user name (default: "admin") and password (default: "1234"). By default, the ZyWALL automatically routes this setting. Enter it is recommended to http://192.168.1.1. If you log in. 4 Click Login. Chapter 3 Web Configurator 2 Open your account is configured to use an ASAS authentication server, use ...the token to generate a number. Otherwise, the dashboard (Figure 21 on page 52) appears. The Login screen appears. Figure 20 Update Admin Info Screen 52 ZyWALL USG 1000 User's Guide If your web browser, and go to keep this request to its HTTPS server, and it in...
... Type the user name (default: "admin") and password (default: "1234"). By default, the ZyWALL automatically routes this setting. Enter it is recommended to http://192.168.1.1. If you log in. 4 Click Login. Chapter 3 Web Configurator 2 Open your account is configured to use an ASAS authentication server, use ...the token to generate a number. Otherwise, the dashboard (Figure 21 on page 52) appears. The Login screen appears. Figure 20 Update Admin Info Screen 52 ZyWALL USG 1000 User's Guide If your web browser, and go to keep this request to its HTTPS server, and it in...
User Guide
Page 49
... using its default configuration (see Chapter 4 on page 67); If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. title bar ZyWALL USG 1000 User's Guide 53 Figure 21 Dashboard A C B D 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name... this screen does not appear anymore. If you change the password for the default user account, this screen. If you change the default password, the Login screen (Figure 19 on page 53): • A -
... using its default configuration (see Chapter 4 on page 67); If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. title bar ZyWALL USG 1000 User's Guide 53 Figure 21 Dashboard A C B D 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name... this screen does not appear anymore. If you change the password for the default user account, this screen. If you change the default password, the Login screen (Figure 19 on page 53): • A -
User Guide
Page 51
...Web Configurator hide the navigation panel menus or drag it to suit your needs. Login Users Lists the users currently logged into the ZyWALL. DDNS Status Displays the status of the ZyWALL's DDNS domain names. ZyWALL USG 1000 User's Guide 55 See Chapter 9 on page 209 for each physical port.... usage, licensed service status, and interface status in widgets that have received an IP address from ZyWALL interfaces using IP/MAC binding. The following sections introduce the ZyWALL's navigation panel menus and their screens. IP/MAC Binding Lists the devices that you can re-...
...Web Configurator hide the navigation panel menus or drag it to suit your needs. Login Users Lists the users currently logged into the ZyWALL. DDNS Status Displays the status of the ZyWALL's DDNS domain names. ZyWALL USG 1000 User's Guide 55 See Chapter 9 on page 209 for each physical port.... usage, licensed service status, and interface status in widgets that have received an IP address from ZyWALL interfaces using IP/MAC binding. The following sections introduce the ZyWALL's navigation panel menus and their screens. IP/MAC Binding Lists the devices that you can re-...
User Guide
Page 55
...ZyWALL USG 1000 User's Guide 59 Setting Manage default settings for all users, general settings for the ZyWALL. Address Address Create and manage host, range, and network (subnet) addresses. Configure the default Active Directory settings. RADIUS-Group Create and manage groups of services. Login Page Configure how the login... objects. Service Service Create and manage TCP and UDP services. Certificate My Certificates Create and manage the ZyWALL's certificates. Chapter 3 Web Configurator Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB ...
...ZyWALL USG 1000 User's Guide 59 Setting Manage default settings for all users, general settings for the ZyWALL. Address Address Create and manage host, range, and network (subnet) addresses. Configure the default Active Directory settings. RADIUS-Group Create and manage groups of services. Login Page Configure how the login... objects. Service Service Create and manage TCP and UDP services. Certificate My Certificates Create and manage the ZyWALL's certificates. Chapter 3 Web Configurator Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB ...
User Guide
Page 133
... for the application patrol service. You can subscribe using the Configuration > Licensing > Registration screens or using the Web Configurator login screen before they can use any HTTP/HTTPS application), the Login screen appears. ZyWALL USG 1000 User's Guide 137 Chapter 7 Tutorials Note: The users will have to log in the RADIUS server. 7.6.4 Web Surfing Policies...
... for the application patrol service. You can subscribe using the Configuration > Licensing > Registration screens or using the Web Configurator login screen before they can use any HTTP/HTTPS application), the Login screen appears. ZyWALL USG 1000 User's Guide 137 Chapter 7 Tutorials Note: The users will have to log in the RADIUS server. 7.6.4 Web Surfing Policies...
User Guide
Page 142
...7.8.2 Configure the Authentication Policy Click Configuration > Auth. Chapter 7 Tutorials Repeat as needed to open the Endpoint Security Edit screen. Policy > Add 146 ZyWALL USG 1000 User's Guide Use this screen to configure an authentication policy to use endpoint security objects. • Enable the policy and name it. • ...all users. • Select Force User Authentication to redirect the HTTP traffic of users who are not yet logged in to the ZyWALL's login screen. • Enable EPS checking and move the EPS objects you created to the selected list. • Click OK. Figure 100 ...
...7.8.2 Configure the Authentication Policy Click Configuration > Auth. Chapter 7 Tutorials Repeat as needed to open the Endpoint Security Edit screen. Policy > Add 146 ZyWALL USG 1000 User's Guide Use this screen to configure an authentication policy to use endpoint security objects. • Enable the policy and name it. • ...all users. • Select Force User Authentication to redirect the HTTP traffic of users who are not yet logged in to the ZyWALL's login screen. • Enable EPS checking and move the EPS objects you created to the selected list. • Click OK. Figure 100 ...
User Guide
Page 143
Click Close to return to the Web Configurator) and separate rules that control HTTP and HTTPS ZyWALL USG 1000 User's Guide 147 Figure 102 Example: Endpoint Security Error Message 7.9 How to Configure Service Control Service control lets you configure rules that control HTTP and HTTPS management access (to the login screen. Policy Chapter 7 Tutorials The following figure shows an error message example when a user's computer does not meet an endpoint security object's requirements. 4 Turn on authentication policy and click Apply. Figure 101 Configuration > Auth.
Click Close to return to the Web Configurator) and separate rules that control HTTP and HTTPS ZyWALL USG 1000 User's Guide 147 Figure 102 Example: Endpoint Security Error Message 7.9 How to Configure Service Control Service control lets you configure rules that control HTTP and HTTPS management access (to the login screen. Policy Chapter 7 Tutorials The following figure shows an error message example when a user's computer does not meet an endpoint security object's requirements. 4 Turn on authentication policy and click Apply. Figure 101 Configuration > Auth.
User Guide
Page 210
... for the interface. VPN Status Click this to look at the VPN tunnels that can appear. See Section 9.2.5 on page 220. 214 ZyWALL USG 1000 User's Guide Chapter 9 Dashboard Table 21 Dashboard (continued) LABEL DESCRIPTION Action Use this field to get or to a DHCP server. Extension...the number of the device connected to stop a PPPoE/PPTP or auxiliary interface's connection. Current Login User This field displays the user name used to log in to the Login Users ZyWALL. See Section 9.2.1 on page 239 for specific MAC addresses. System Status System Uptime This ...
... for the interface. VPN Status Click this to look at the VPN tunnels that can appear. See Section 9.2.5 on page 220. 214 ZyWALL USG 1000 User's Guide Chapter 9 Dashboard Table 21 Dashboard (continued) LABEL DESCRIPTION Action Use this field to get or to a DHCP server. Extension...the number of the device connected to stop a PPPoE/PPTP or auxiliary interface's connection. Current Login User This field displays the user name used to log in to the Login Users ZyWALL. See Section 9.2.1 on page 239 for specific MAC addresses. System Status System Uptime This ...
User Guide
Page 216
...is clear, this screen. To access this field, and then click Apply. Figure 214 Dashboard > Number of the users currently logged into the ZyWALL. This field is reserved. Click the column's heading cell to a DHCP client or reserved for dynamic DHCP entries. "None" shows here ... is not associated with a specific entry. Interface This field identifies the interface that assigned an IP address to look at a list of Login Users 220 ZyWALL USG 1000 User's Guide The IP address is currently assigned or for a static DHCP entry. Click the heading cell again to a DHCP client....
...is clear, this screen. To access this field, and then click Apply. Figure 214 Dashboard > Number of the users currently logged into the ZyWALL. This field is reserved. Click the column's heading cell to a DHCP client or reserved for dynamic DHCP entries. "None" shows here ... is not associated with a specific entry. Interface This field identifies the interface that assigned an IP address to look at a list of Login Users 220 ZyWALL USG 1000 User's Guide The IP address is currently assigned or for a static DHCP entry. Click the heading cell again to a DHCP client....
User Guide
Page 217
... IP address of lease time remaining for each user who is not associated with any entry. ZyWALL USG 1000 User's Guide 221 Table 27 Dashboard > Number of each user. User ID This field displays the user name of Login Users LABEL DESCRIPTION # This field is a sequential value and is currently logged in this icon...
... IP address of lease time remaining for each user who is not associated with any entry. ZyWALL USG 1000 User's Guide 221 Table 27 Dashboard > Number of each user. User ID This field displays the user name of Login Users LABEL DESCRIPTION # This field is a sequential value and is currently logged in this icon...
User Guide
Page 219
... System Status > IP/MAC Binding screen (Section 10.7 on page 236) lists the devices that have received an IP address from ZyWALL interfaces with IP/MAC binding enabled. • Use the System Status > Login Users screen (Section 10.8 on page 238) to look at a list of the users currently logged into the...; Use the VPN Monitor > SSL screen (see Section 10.12 on page 248) to list the users currently logged into the VPN SSL client portal. ZyWALL USG 1000 User's Guide 223 You can also log out individual users and delete related session information.
... System Status > IP/MAC Binding screen (Section 10.7 on page 236) lists the devices that have received an IP address from ZyWALL interfaces with IP/MAC binding enabled. • Use the System Status > Login Users screen (Section 10.8 on page 238) to look at a list of the users currently logged into the...; Use the VPN Monitor > SSL screen (see Section 10.12 on page 248) to list the users currently logged into the VPN SSL client portal. ZyWALL USG 1000 User's Guide 223 You can also log out individual users and delete related session information.
User Guide
Page 233
... following table describes the labels in this screen, click Monitor > System Status > Login Users. Reauth Lease T. See Chapter 40 on page 689. Type This field displays the way the user logged in to the ZyWALL. Force Logout Click this interface. ZyWALL USG 1000 User's Guide 237 Chapter 10 Monitor Table 35 Monitor > System Status > IP...
... following table describes the labels in this screen, click Monitor > System Status > Login Users. Reauth Lease T. See Chapter 40 on page 689. Type This field displays the way the user logged in to the ZyWALL. Force Logout Click this interface. ZyWALL USG 1000 User's Guide 237 Chapter 10 Monitor Table 35 Monitor > System Status > IP...
User Guide
Page 243
...number. Table 42 Monitor > VPN Monitor > SSL LABEL DESCRIPTION Disconnect Select a connection and click this button to establish this SSL VPN connection. ZyWALL USG 1000 User's Guide 247 Refresh Click Refresh to display the user list. Figure 229 Monitor > VPN Monitor > SSL The following : • ... Chapter 10 Monitor 10.12 The SSL Connection Monitor Screen The ZyWALL keeps track of bytes transmitted by the ZyWALL on this connection. Use this screen to establish this SSL VPN connection. Login Address This field displays the IP address the user used to ...
...number. Table 42 Monitor > VPN Monitor > SSL LABEL DESCRIPTION Disconnect Select a connection and click this button to establish this SSL VPN connection. ZyWALL USG 1000 User's Guide 247 Refresh Click Refresh to display the user list. Figure 229 Monitor > VPN Monitor > SSL The following : • ... Chapter 10 Monitor 10.12 The SSL Connection Monitor Screen The ZyWALL keeps track of bytes transmitted by the ZyWALL on this connection. Use this screen to establish this SSL VPN connection. Login Address This field displays the IP address the user used to ...
User Guide
Page 382
... > NAT LABEL DESCRIPTION Add Click this screen, login to Know NAT is also known as virtual server, port forwarding, or port translation. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 388 ZyWALL USG 1000 User's Guide Chapter 19 NAT 19.1.2 What You...
... > NAT LABEL DESCRIPTION Add Click this screen, login to Know NAT is also known as virtual server, port forwarding, or port translation. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 388 ZyWALL USG 1000 User's Guide Chapter 19 NAT 19.1.2 What You...
User Guide
Page 410
...Section 7.8 on page 144 for an example of making users for anyone who has not logged in order to gain access. The ZyWALL does display the Login screen when users attempt to send other kinds of computers with HTTP traffic only. Note: This works with different OSs or security.... Chapter 23 Authentication Policy 23.1.2 What You Need to Know Authentication Policy and VPN Authentication policies are applied based on the ZyWALL. 416 ZyWALL USG 1000 User's Guide If VPN traffic matches an authentication policy's source and destination IP addresses, the user must match one .
...Section 7.8 on page 144 for an example of making users for anyone who has not logged in order to gain access. The ZyWALL does display the Login screen when users attempt to send other kinds of computers with HTTP traffic only. Note: This works with different OSs or security.... Chapter 23 Authentication Policy 23.1.2 What You Need to Know Authentication Policy and VPN Authentication policies are applied based on the ZyWALL. 416 ZyWALL USG 1000 User's Guide If VPN traffic matches an authentication policy's source and destination IP addresses, the user must match one .