User Guide
Page 13
... Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter...113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature...
... Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter...113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13 Table of Contents 6.5.1 Feature...
User Guide
Page 50
...spam policies. DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Create and manage groups of authenticating users. Method Create and manage ways of Active Directory Group servers. SSL Application Create SSL web application objects. 50 ZyWALL USG 20/20W User's Guide Chapter 3... Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION BWM Anti-X ADP General Display and manage ADP bindings. Black/White List Set up a black list to identify...
...spam policies. DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Create and manage groups of authenticating users. Method Create and manage ways of Active Directory Group servers. SSL Application Create SSL web application objects. 50 ZyWALL USG 20/20W User's Guide Chapter 3... Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION BWM Anti-X ADP General Display and manage ADP bindings. Black/White List Set up a black list to identify...
User Guide
Page 51
... configuration files for the ZyWALL. System Host Name Configure the system and domain name for the ZyWALL. SSH Configure SSH server and SSH service settings. SNMP Configure SNMP communities and services. ZyWALL USG 20/20W User's Guide 51...Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to be managed by the Vantage CNM server. Vantage CNM Configure and allow your ZyWALL to manage configuration and firmware files, run shell script files for the ZyWALL. DNS Configure the DNS...
... configuration files for the ZyWALL. System Host Name Configure the system and domain name for the ZyWALL. SSH Configure SSH server and SSH service settings. SNMP Configure SNMP communities and services. ZyWALL USG 20/20W User's Guide 51...Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to be managed by the Vantage CNM server. Vantage CNM Configure and allow your ZyWALL to manage configuration and firmware files, run shell script files for the ZyWALL. DNS Configure the DNS...
User Guide
Page 74
...IP address(es) in this interface uses to connect to access it . The DNS server is extremely important because without it, you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Figure 37 Interface Wizard: Summary WAN (PPTP Shown) The ... and only appears for mapping a domain name to the right. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for a PPTP interface. Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: ...
...IP address(es) in this interface uses to connect to access it . The DNS server is extremely important because without it, you must know the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Figure 37 Interface Wizard: Summary WAN (PPTP Shown) The ... and only appears for mapping a domain name to the right. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for a PPTP interface. Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: ...
User Guide
Page 75
... is Static, these fields display the DNS server IP address(es). Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This field ...displays to connect with your ISP. If you can be idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. If the IP Address Assignment is static or dynamic (Auto). Yes means the ZyWALL uses the idle timeout. Second DNS...Up Idle Timeout Connection ID WAN Interface Zone IP Address Assignment First DNS Server This is the user name given to open the VPN ...
... is Static, these fields display the DNS server IP address(es). Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 This field ...displays to connect with your ISP. If you can be idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. If the IP Address Assignment is static or dynamic (Auto). Yes means the ZyWALL uses the idle timeout. Second DNS...Up Idle Timeout Connection ID WAN Interface Zone IP Address Assignment First DNS Server This is the user name given to open the VPN ...
User Guide
Page 98
... zones, not interfaces, in many security settings, such as the interface on page 88 for the new zone. The ZyWALL helps maintain this mapping. MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.9 NAT Use Network Address Translation (NAT) to the ZyWALL. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20/20W User's Guide Zones cannot overlap. Virtual... VPN WHERE USED Firewall, remote management, ADP Example: For example, to create the DMZ-2 zone, click Network > Zone and then the Add icon. 6.5.8 DDNS Dynamic DNS maps a domain name to at most one zone.
... zones, not interfaces, in many security settings, such as the interface on page 88 for the new zone. The ZyWALL helps maintain this mapping. MENU ITEM(S) Configuration > Network > DDNS PREREQUISITES Interface 6.5.9 NAT Use Network Address Translation (NAT) to the ZyWALL. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20/20W User's Guide Zones cannot overlap. Virtual... VPN WHERE USED Firewall, remote management, ADP Example: For example, to create the DMZ-2 zone, click Network > Zone and then the Add icon. 6.5.8 DDNS Dynamic DNS maps a domain name to at most one zone.
User Guide
Page 101
... Example: See Chapter 7 on page 107. 6.5.15 SSL VPN Use SSL VPN to -ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 107. The ZyWALL also offers hub-and-spoke VPN. ZyWALL USG 20/20W User's Guide 101 MENU ITEM(S) Configuration > VPN > IPSec VPN; MENU ITEM(S) ...Allow and the Log field set to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to give remote users secure network access. Note: The ZyWALL checks the firewall rules ...
... Example: See Chapter 7 on page 107. 6.5.15 SSL VPN Use SSL VPN to -ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 107. The ZyWALL also offers hub-and-spoke VPN. ZyWALL USG 20/20W User's Guide 101 MENU ITEM(S) Configuration > VPN > IPSec VPN; MENU ITEM(S) ...Allow and the Log field set to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to give remote users secure network access. Note: The ZyWALL checks the firewall rules ...
User Guide
Page 105
... address object for the administrator's computer. • Select the WAN zone. • Set the action to Accept. 6.7.2 Logs and Reports The ZyWALL provides a system log, offers two e-mail profiles to which to send log messages, and...ZyWALL. MENU ITEM(S) Configuration > System > DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM, Language PREREQUISITES To-ZyWALL firewall, zones, addresses, address groups, certificates (WWW, SSH, FTP, Vantage CNM), authentication methods (WWW) Example: Suppose you statistical reports on a daily basis. MENU ITEM(S) Configuration > Log & Report ZyWALL USG 20...
... address object for the administrator's computer. • Select the WAN zone. • Set the action to Accept. 6.7.2 Logs and Reports The ZyWALL provides a system log, offers two e-mail profiles to which to send log messages, and...ZyWALL. MENU ITEM(S) Configuration > System > DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM, Language PREREQUISITES To-ZyWALL firewall, zones, addresses, address groups, certificates (WWW, SSH, FTP, Vantage CNM), authentication methods (WWW) Example: Suppose you statistical reports on a daily basis. MENU ITEM(S) Configuration > Log & Report ZyWALL USG 20...
User Guide
Page 205
...the Anti-Spam > Status screen. Select Sender IP to set whether the ZyWALL forwards or drops sessions that the ZyWALL has detected. Use the Anti-Spam > General screen to list the source IP addresses from which the ZyWALL has detected the most spam. Top Sender By Use this... e-mails that the anti-spam feature can check the sender and relay IP addresses in an e-mail's header against DNS (Domain Name Service)-based spam Black Lists (DNSBLs). ZyWALL USG 20/20W User's Guide 205 This column displays the e-mail addresses from the sender. Chapter 9 Monitor Table 42 Monitor ...
...the Anti-Spam > Status screen. Select Sender IP to set whether the ZyWALL forwards or drops sessions that the ZyWALL has detected. Use the Anti-Spam > General screen to list the source IP addresses from which the ZyWALL has detected the most spam. Top Sender By Use this... e-mails that the anti-spam feature can check the sender and relay IP addresses in an e-mail's header against DNS (Domain Name Service)-based spam Black Lists (DNSBLs). ZyWALL USG 20/20W User's Guide 205 This column displays the e-mail addresses from the sender. Chapter 9 Monitor Table 42 Monitor ...
User Guide
Page 229
...the network. Custom Defined - select the DNS server that another DHCP server for a TCP connectivity check. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL Check Port DHCP Setting DESCRIPTION This field only displays when you set the Check Method to the network. DHCP ... if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is optional. enter a static IP address. From ISP - ZyWALL USG 20/20W User's Guide 229 Enter the IP address of this field is blank, the IP Pool Start Address must be blank. IP Pool...
...the network. Custom Defined - select the DNS server that another DHCP server for a TCP connectivity check. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL Check Port DHCP Setting DESCRIPTION This field only displays when you set the Check Method to the network. DHCP ... if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is optional. enter a static IP address. From ISP - ZyWALL USG 20/20W User's Guide 229 Enter the IP address of this field is blank, the IP Pool Start Address must be blank. IP Pool...
User Guide
Page 255
...DHCP server for the network. DHCP Settings DHCP Select what part of DHCP service the ZyWALL provides to the network. DHCP Relay - Relay Server 1 Enter the IP address of traffic, in bytes, that can move through the interface. ZyWALL USG 20/20W User's Guide 255 Interface .... There is reserved for all computers in kilobits per second, the ZyWALL can receive from which the ZyWALL begins allocating IP addresses. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to one or more DHCP servers you specify. DHCP Server...
...DHCP server for the network. DHCP Settings DHCP Select what part of DHCP service the ZyWALL provides to the network. DHCP Relay - Relay Server 1 Enter the IP address of traffic, in bytes, that can move through the interface. ZyWALL USG 20/20W User's Guide 255 Interface .... There is reserved for all computers in kilobits per second, the ZyWALL can receive from which the ZyWALL begins allocating IP addresses. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to one or more DHCP servers you specify. DHCP Server...
User Guide
Page 256
... the information again. First DNS Server Second DNS Server Third DNS Server First WINS Server, Second WINS Server Lease time Static DHCP Table Add Edit Remove # IP Address MAC Address Description RIP Setting Enable RIP If this field is 10.10.10.10, the ZyWALL can be up to 10... > Interface > WLAN > Add (No Security) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to enable RIP in this interface. 256 ZyWALL USG 20/20W User's Guide select this to the interface. Choices are currently using the interface's IP Pool Start Address and Pool Size. Configure a list of...
... the information again. First DNS Server Second DNS Server Third DNS Server First WINS Server, Second WINS Server Lease time Static DHCP Table Add Edit Remove # IP Address MAC Address Description RIP Setting Enable RIP If this field is 10.10.10.10, the ZyWALL can be up to 10... > Interface > WLAN > Add (No Security) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to enable RIP in this interface. 256 ZyWALL USG 20/20W User's Guide select this to the interface. Choices are currently using the interface's IP Pool Start Address and Pool Size. Configure a list of...
User Guide
Page 280
... from the network through the interface to its destination. Allowed values are : None - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to a screen where you can configure the interface as the interface. Ingress Bandwidth This... - 1500. These fields appear if the ZyWALL is a DHCP Server. 280 ZyWALL USG 20/20W User's Guide Click Policy Route to go to the network. DHCP Setting DHCP Select what type of the gateway. DHCP Relay - These fields appear if the ZyWALL is a DHCP Relay. Relay Server 2 ...
... from the network through the interface to its destination. Allowed values are : None - the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to a screen where you can configure the interface as the interface. Ingress Bandwidth This... - 1500. These fields appear if the ZyWALL is a DHCP Server. 280 ZyWALL USG 20/20W User's Guide Click Policy Route to go to the network. DHCP Setting DHCP Select what type of the gateway. DHCP Relay - These fields appear if the ZyWALL is a DHCP Relay. Relay Server 2 ...
User Guide
Page 286
... routes DHCP requests to re-assemble packets correctly. The maximum number of DNS servers) on different networks. DHCP Settings Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set the bandwidth restrictions very high, you have to handle large data packets.... You can be able to do and usually uses available IP addresses more efficiently. On the other hand, some interfaces can assign its IP address to DHCP clients. 286 ZyWALL USG 20/20W...
... routes DHCP requests to re-assemble packets correctly. The maximum number of DNS servers) on different networks. DHCP Settings Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set the bandwidth restrictions very high, you have to handle large data packets.... You can be able to do and usually uses available IP addresses more efficiently. On the other hand, some interfaces can assign its IP address to DHCP clients. 286 ZyWALL USG 20/20W...
User Guide
Page 331
... Dynamic DNS, Static DNS, and Custom DNS www.dyndns.com Dynu Basic, Premium www.dynu.com No-IP No-IP www.no-ip.com Peanut Hull Peanut Hull www.oray.cn 3322 3322 Dynamic DNS, 3322 Static DNS www.3322.org ZyWALL USG 20/20W User's Guide 331 Note: You must set up a dynamic DNS account ...with a supported DNS service provider before you can use the domain name to contact you (in this ...
... Dynamic DNS, Static DNS, and Custom DNS www.dyndns.com Dynu Basic, Premium www.dynu.com No-IP No-IP www.no-ip.com Peanut Hull Peanut Hull www.oray.cn 3322 3322 Dynamic DNS, 3322 Static DNS www.3322.org ZyWALL USG 20/20W User's Guide 331 Note: You must set up a dynamic DNS account ...with a supported DNS service provider before you can use the domain name to contact you (in this ...
User Guide
Page 334
... > Network > DDNS > Add The following table describes the labels in the ZyWALL. DDNS Type This field is case-sensitive. Table 93 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this screen. Profile Profile Name When you are editing an entry. Select the...domain name. Chapter 16 DDNS 16.2.1 The Dynamic DNS Add/Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the ZyWALL or to edit the configuration of DDNS service you are using. 334 ZyWALL USG 20/20W User's Guide Enable DDNS Select this DDNS ...
... > Network > DDNS > Add The following table describes the labels in the ZyWALL. DDNS Type This field is case-sensitive. Table 93 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this screen. Profile Profile Name When you are editing an entry. Select the...domain name. Chapter 16 DDNS 16.2.1 The Dynamic DNS Add/Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the ZyWALL or to edit the configuration of DDNS service you are using. 334 ZyWALL USG 20/20W User's Guide Enable DDNS Select this DDNS ...
User Guide
Page 368
...DNS as a member allows users' computers to create a new entry after the selected entry. Select an entry and click Add to resolve domain names into IP addresses. To turn on an entry, select it and click Edit to open a screen where you want to which you can modify the entry's settings.... Select any services you want to remove them. Figure 223 Configuration > Auth. Double-click an entry or select it and click Activate. ZyWALL USG 20/20W User's Guide Click Add to a different number in the list, click the Move icon. Select any service that users can configure....
...DNS as a member allows users' computers to create a new entry after the selected entry. Select an entry and click Add to resolve domain names into IP addresses. To turn on an entry, select it and click Edit to open a screen where you want to which you can modify the entry's settings.... Select any services you want to remove them. Figure 223 Configuration > Auth. Double-click an entry or select it and click Activate. ZyWALL USG 20/20W User's Guide Click Add to a different number in the list, click the Move icon. Select any service that users can configure....
User Guide
Page 375
... the firewall rules before the service control rules for traffic destined for DNS and NetBIOS traffic, and generates a log. ZyWALL USG 20/20W User's Guide 375 You can only access the network at the scheduled time. Global Firewall Rules Firewall rules with from an interface ... rules are called global firewall rules. Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the ZyWALL), source IP address, destination IP address and IP protocol type of the ZyWALL. User Specific Firewall Rules You can set up a rule based on page 629 for traffic from any...
... the firewall rules before the service control rules for traffic destined for DNS and NetBIOS traffic, and generates a log. ZyWALL USG 20/20W User's Guide 375 You can only access the network at the scheduled time. Global Firewall Rules Firewall rules with from an interface ... rules are called global firewall rules. Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the ZyWALL), source IP address, destination IP address and IP protocol type of the ZyWALL. User Specific Firewall Rules You can set up a rule based on page 629 for traffic from any...
User Guide
Page 412
...be able to update the encryption and authentication keys and re-negotiate the IKE SA. DNS - This value is only used by an e-mail address; subject alternative name field...This does not affect any string. Type the maximum number of this description. Phase 1 Settings SA Life Time (Seconds) If you can use up to 31 ASCII characters including spaces,...ZyWALL and remote IPSec router have to distinguish between the ZyWALL and remote IPSec router. • You want the remote IPSec router to be any existing IPSec SAs, however. 412 ZyWALL USG 20/20W User's Guide If the ZyWALL...
...be able to update the encryption and authentication keys and re-negotiate the IKE SA. DNS - This value is only used by an e-mail address; subject alternative name field...This does not affect any string. Type the maximum number of this description. Phase 1 Settings SA Life Time (Seconds) If you can use up to 31 ASCII characters including spaces,...ZyWALL and remote IPSec router have to distinguish between the ZyWALL and remote IPSec router. • You want the remote IPSec router to be any existing IPSec SAs, however. 412 ZyWALL USG 20/20W User's Guide If the ZyWALL...
User Guide
Page 637
...DNS Server Address Assignment The ZyWALL can get the DNS server address from the ISP. • You can also configure the ZyWALL to accept or discard DNS queries. Use the DNS screen to configure the ZyWALL to use a DNS server to the specified DHCP client devices. Figure 372 Configuration > System > DNS ZyWALL USG 20...DNS server IP addresses (along with the ZyWALL's WAN IP address), set the DNS server fields to get the DNS server addresses in the following ways. • The ISP tells you the DNS server addresses, usually in the DNS server fields. • If your ZyWALL's DNS settings....
...DNS Server Address Assignment The ZyWALL can get the DNS server address from the ISP. • You can also configure the ZyWALL to accept or discard DNS queries. Use the DNS screen to configure the ZyWALL to use a DNS server to the specified DHCP client devices. Figure 372 Configuration > System > DNS ZyWALL USG 20...DNS server IP addresses (along with the ZyWALL's WAN IP address), set the DNS server fields to get the DNS server addresses in the following ways. • The ISP tells you the DNS server addresses, usually in the DNS server fields. • If your ZyWALL's DNS settings....