User Guide
Page 29
... the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can set up multiple networks for reliable, secure service. Alternatively, you can also use a 3G cellular USB (not included) for connecting publicly accessible servers. Flexible configuration helps you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to a wall. The ZyWALL lets you set up the network and...
... the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can set up multiple networks for reliable, secure service. Alternatively, you can also use a 3G cellular USB (not included) for connecting publicly accessible servers. Flexible configuration helps you set ports to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to a wall. The ZyWALL lets you set up the network and...
User Guide
Page 49
...-3 traffic rules. VPN IPSec VPN VPN Connection Configure IPSec tunnels. VPN Gateway Configure IKE tunnels. ZyWALL USG 20/20W User's Guide 49 PPP Create and manage PPPoE and PPTP interfaces. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of interfaces) for load balancing and link High Availability (HA). Session Limit Limit the number of concurrent client NAT/firewall sessions. Static Route Create and manage IP static routing information. Bridge Create and manage bridges and virtual bridge interfaces. SSL VPN Access Privilege Configure...
...-3 traffic rules. VPN IPSec VPN VPN Connection Configure IPSec tunnels. VPN Gateway Configure IKE tunnels. ZyWALL USG 20/20W User's Guide 49 PPP Create and manage PPPoE and PPTP interfaces. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of interfaces) for load balancing and link High Availability (HA). Session Limit Limit the number of concurrent client NAT/firewall sessions. Static Route Create and manage IP static routing information. Bridge Create and manage bridges and virtual bridge interfaces. SSL VPN Access Privilege Configure...
User Guide
Page 147
... Interface 1 Click Configuration > Network > Interface > WLAN > Add to open the WLAN Add screen. For each WLAN user, set up a user account containing the user name and password the WLAN user needs to enter to connect to the wireless LAN. 1 Click Configuration > Object > User/Group > User and the Add icon. 2 Set the User Name to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. ZyWALL USG 20/20W User's Guide...
... Interface 1 Click Configuration > Network > Interface > WLAN > Add to open the WLAN Add screen. For each WLAN user, set up a user account containing the user name and password the WLAN user needs to enter to connect to the wireless LAN. 1 Click Configuration > Object > User/Group > User and the Add icon. 2 Set the User Name to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. ZyWALL USG 20/20W User's Guide...
User Guide
Page 168
... time in a slot. The Ethernet interface is none. This is a backup). This field displays the current status of the interface (if it is the master) or the management IP address (if it is a member of the ZyWALL's extension slots or USB ports. If the interface is currently using. Device This identifies a device installed in one MAC address. VPN Status Click this field displays the IP address it is either the static IP address of each interface or device installed...
... time in a slot. The Ethernet interface is none. This is a backup). This field displays the current status of the interface (if it is the master) or the management IP address (if it is a member of the ZyWALL's extension slots or USB ports. If the interface is currently using. Device This identifies a device installed in one MAC address. VPN Status Click this field displays the IP address it is either the static IP address of each interface or device installed...
User Guide
Page 170
... field displays the current IP address assigned to stop a PPPoE/PPTP connection. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide This shows how many licensed services there are . This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the status that can appear. Action Extension Slot Slot Device Status Licensed Service Status # Status Name If this interface is a member of...
... field displays the current IP address assigned to stop a PPPoE/PPTP connection. This identifies the licensed service. 170 ZyWALL USG 20/20W User's Guide This shows how many licensed services there are . This field displays the port speed and duplex setting (Full or Half). (For USG 20W only) The status for the status that can appear. Action Extension Slot Slot Device Status Licensed Service Status # Status Name If this interface is a member of...
User Guide
Page 182
... to the network. 182 ZyWALL USG 20/20W User's Guide This field displays the current status of the interface (if it is the master) or the management IP address (if it is . If the VLAN or bridge interface is disabled, it does not appear in the list. For Ethernet interfaces: Inactive - If the PPP interface is enabled and connected. This interface has a static IP address. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. The Ethernet interface is disabled, it does...
... to the network. 182 ZyWALL USG 20/20W User's Guide This field displays the current status of the interface (if it is the master) or the management IP address (if it is . If the VLAN or bridge interface is disabled, it does not appear in the list. For Ethernet interfaces: Inactive - If the PPP interface is enabled and connected. This interface has a static IP address. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. The Ethernet interface is disabled, it does...
User Guide
Page 223
... an example. This field displays the interface's subnet mask in virtual interfaces. Click Reset to return the screen to open a screen where you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. To access this screen, click an Edit icon in the Ethernet Summary screen. (See Section 11.3 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to the ZyWALL.
... an example. This field displays the interface's subnet mask in virtual interfaces. Click Reset to return the screen to open a screen where you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. To access this screen, click an Edit icon in the Ethernet Summary screen. (See Section 11.3 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to the ZyWALL.
User Guide
Page 227
... the interface. External is for connecting to an external network (like the Internet). Port This is not used elsewhere. It is the name of the Ethernet interface's physical port. IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. If you change a related address object for traffic flowing from a DHCP server. Enter the IP address of your LAN interface, you want to an external interface. The ZyWALL automatically adds default SNAT settings for the network connected to a local network. The ZyWALL automatically adds...
... the interface. External is for connecting to an external network (like the Internet). Port This is not used elsewhere. It is the name of the Ethernet interface's physical port. IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. If you change a related address object for traffic flowing from a DHCP server. Enter the IP address of your LAN interface, you want to an external interface. The ZyWALL automatically adds default SNAT settings for the network connected to a local network. The ZyWALL automatically adds...
User Guide
Page 238
... name or IP address for a response before the ZyWALL stops routing through this value is a failure. Usually, this interface. Enable Connectivity Check Select this to turn on the connection check. Check Period Enter the number of each data packet, in kilobits per second, the ZyWALL can move through the gateway. Enter that the gateway allows. Metric Enter the priority of seconds to wait for a TCP connectivity check. 238 ZyWALL USG 20/20W User's Guide Type the...
... name or IP address for a response before the ZyWALL stops routing through this value is a failure. Usually, this interface. Enable Connectivity Check Select this to turn on the connection check. Check Period Enter the number of each data packet, in kilobits per second, the ZyWALL can move through the gateway. Enter that the gateway allows. Metric Enter the priority of seconds to wait for a TCP connectivity check. 238 ZyWALL USG 20/20W User's Guide Type the...
User Guide
Page 243
... your ISP instructed you to manually input the APN (Access Point Name) provided by your device settings yourself. You can use Profile 1 unless your service provider. Zero disables the idle timeout. Select Custom to configure your service provider. This field is traffic. Select Custom in the profile selection to be able to do otherwise). Enter the APN from the ISP's server. ZyWALL USG 20/20W User's Guide 243 This...
... your ISP instructed you to manually input the APN (Access Point Name) provided by your device settings yourself. You can use Profile 1 unless your service provider. Zero disables the idle timeout. Select Custom to configure your service provider. This field is traffic. Select Custom in the profile selection to be able to do otherwise). Enter the APN from the ISP's server. ZyWALL USG 20/20W User's Guide 243 This...
User Guide
Page 245
... can configure the interface as part of a WAN trunk for the connectivity check. Select tcp to it. IP Address Assignment ZyWALL USG 20/20W User's Guide 245 Enable Connectivity Check Select this to override the default routing and SNAT behavior for future use. MTU Maximum Transmission Unit. Allowed values are 0 - 1048576. Check Fail Tolerance Enter the number of consecutive failures before the ZyWALL stops routing through the interface. Gateway Check this address Check Port Select this to the gateway the first time the gateway passes the connectivity check...
... can configure the interface as part of a WAN trunk for the connectivity check. Select tcp to it. IP Address Assignment ZyWALL USG 20/20W User's Guide 245 Enable Connectivity Check Select this to override the default routing and SNAT behavior for future use. MTU Maximum Transmission Unit. Allowed values are 0 - 1048576. Check Fail Tolerance Enter the number of consecutive failures before the ZyWALL stops routing through the interface. Gateway Check this address Check Port Select this to the gateway the first time the gateway passes the connectivity check...
User Guide
Page 254
... can use any security. Select none to turn on the external authentication server and ZyWALL. 254 ZyWALL USG 20/20W User's Guide The key is 1812). Description Enter a description of this screen. To make your wireless network more secure, change the default SSID to something that are available when you want the WLAN interface to 32 printable 7-bit ASCII characters) for the wireless LAN. Hide SSID Broadcast Select to guess. Wireless stations associating to enable wireless user authentication through...
... can use any security. Select none to turn on the external authentication server and ZyWALL. 254 ZyWALL USG 20/20W User's Guide The key is 1812). Description Enter a description of this screen. To make your wireless network more secure, change the default SSID to something that are available when you want the WLAN interface to 32 printable 7-bit ASCII characters) for the wireless LAN. Hide SSID Broadcast Select to guess. Wireless stations associating to enable wireless user authentication through...
User Guide
Page 262
... all clients. Chapter 11 Interfaces Table 63 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Radius Server Port Enter the RADIUS server's listening port number (the default is allowed. Idle Timeout Group Key Update Timer Note: If wireless station authentication is also supported in order to the ZyWALL (allow only the specified MAC addresses, the ZyWALL does not immediately disconnect all stations in a WLAN on the external authentication server and ZyWALL. The wireless station needs to enter the user name and password...
... all clients. Chapter 11 Interfaces Table 63 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) LABEL DESCRIPTION Radius Server Port Enter the RADIUS server's listening port number (the default is allowed. Idle Timeout Group Key Update Timer Note: If wireless station authentication is also supported in order to the ZyWALL (allow only the specified MAC addresses, the ZyWALL does not immediately disconnect all stations in a WLAN on the external authentication server and ZyWALL. The wireless station needs to enter the user name and password...
User Guide
Page 270
... the connection check. Usually, this value is still available. Enable Connectivity Check Select this to tcp. Gateway Check this address Check Port Select this to use . DHCP Setting The DHCP settings are available for the connectivity check. Allowed values are 0 - 1048576. Check Method Select the method that was configured first. Check Default Select this to specify a domain name or IP address for the OPT, LAN and DMZ interfaces. 270 ZyWALL USG 20/20W User's Guide The lower the number, the higher the priority. MTU...
... the connection check. Usually, this value is still available. Enable Connectivity Check Select this to tcp. Gateway Check this address Check Port Select this to use . DHCP Setting The DHCP settings are available for the connectivity check. Allowed values are 0 - 1048576. Check Method Select the method that was configured first. Check Default Select this to specify a domain name or IP address for the OPT, LAN and DMZ interfaces. 270 ZyWALL USG 20/20W User's Guide The lower the number, the higher the priority. MTU...
User Guide
Page 282
... icmp to have the ZyWALL regularly perform a TCP handshake with a specific entry. Gateway Check this address Check Port OK Cancel Select this to a device with this entry's MAC address. To access this screen, click an Add icon next to assign this entry's IP address. MAC Address Enter the MAC address to which to an Ethernet 282 ZyWALL USG 20/20W User's Guide Check Period Enter the number of consecutive failures before the ZyWALL stops routing to create a new entry...
... icmp to have the ZyWALL regularly perform a TCP handshake with a specific entry. Gateway Check this address Check Port OK Cancel Select this to a device with this entry's MAC address. To access this screen, click an Add icon next to assign this entry's IP address. MAC Address Enter the MAC address to which to an Ethernet 282 ZyWALL USG 20/20W User's Guide Check Period Enter the number of consecutive failures before the ZyWALL stops routing to create a new entry...
User Guide
Page 310
... and Static Routes following example, you configure two services for each client computer. In order to use the same service on a different computer, you set the port(s) and IP address to request a service (incoming service). The ZyWALL records the IP address of a client computer that sends traffic to a remote server to forward a service (coming in brackets. With regular port forwarding, you have to the IP address of ports on the client side and a dedicated range of the client computer that port forwarding only forwards a service...
... and Static Routes following example, you configure two services for each client computer. In order to use the same service on a different computer, you set the port(s) and IP address to request a service (incoming service). The ZyWALL records the IP address of a client computer that sends traffic to a remote server to forward a service (coming in brackets. With regular port forwarding, you have to the IP address of ports on the client side and a dedicated range of the client computer that port forwarding only forwards a service...
User Guide
Page 342
... destination IP address (Original IP). Chapter 17 NAT Table 95 Configuration > Network > NAT > Add (continued) LABEL Mapped IP Subnet/Range DESCRIPTION This field displays for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to access the Mapped IP device. this NAT rule supports for the traffic it sends to packets received on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide Protocol Type Original Port Mapped Port Original Start Port Original End Port...
... destination IP address (Original IP). Chapter 17 NAT Table 95 Configuration > Network > NAT > Add (continued) LABEL Mapped IP Subnet/Range DESCRIPTION This field displays for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to access the Mapped IP device. this NAT rule supports for the traffic it sends to packets received on the rule's specified incoming interface. 342 ZyWALL USG 20/20W User's Guide Protocol Type Original Port Mapped Port Original Start Port Original End Port...
User Guide
Page 420
... use the same VPN tunnel to connect to verify the user name and password. In extended authentication, one of the negotiation mode (steps 7-10 in main mode, steps 4-7 in aggressive mode). 420 ZyWALL USG 20/20W User's Guide For example, this problem by the remote IPSec router. Most routers like router A now have to the remote IPSec router, or you can establish a VPN tunnel as long as the active protocol is provided by enabling NAT traversal. These steps...
... use the same VPN tunnel to connect to verify the user name and password. In extended authentication, one of the negotiation mode (steps 7-10 in main mode, steps 4-7 in aggressive mode). 420 ZyWALL USG 20/20W User's Guide For example, this problem by the remote IPSec router. Most routers like router A now have to the remote IPSec router, or you can establish a VPN tunnel as long as the active protocol is provided by enabling NAT traversal. These steps...
User Guide
Page 557
.... This field is only available if the Address Type is RANGE. Enter the IP address of the network that this field cannot be blank. ZyWALL USG 20/20W User's Guide 557 Choices are based on page 555), and click either the Add icon or an Edit icon. Enter the IP address that are : HOST, RANGE, SUBNET, INTERFACE IP, INTERFACE SUBNET, and INTERFACE GATEWAY. Use dotted decimal format. This field cannot be...
.... This field is only available if the Address Type is RANGE. Enter the IP address of the network that this field cannot be blank. ZyWALL USG 20/20W User's Guide 557 Choices are based on page 555), and click either the Add icon or an Edit icon. Enter the IP address that are : HOST, RANGE, SUBNET, INTERFACE IP, INTERFACE SUBNET, and INTERFACE GATEWAY. Use dotted decimal format. This field cannot be...
User Guide
Page 957
... onboard flash 169 sessions 169, 173 user accounts for WLAN 147, 541 user authentication 539 external 540 local user database 575 user awareness 541 User Datagram Protocol, see UDP user group objects 539 user groups 539, 541 and content filtering 487 and firewall 386, 389 and policy routes 303, 304, 462, 464 ZyWALL USG 20/20W User's Guide Index configuration overview 104 user name rules 542 user objects 539 user portal links 615...
... onboard flash 169 sessions 169, 173 user accounts for WLAN 147, 541 user authentication 539 external 540 local user database 575 user awareness 541 User Datagram Protocol, see UDP user group objects 539 user groups 539, 541 and content filtering 487 and firewall 386, 389 and policy routes 303, 304, 462, 464 ZyWALL USG 20/20W User's Guide Index configuration overview 104 user name rules 542 user objects 539 user portal links 615...