User Guide
Page 15
... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....Expressions in Searching IPSec SAs 198 9.13 The SSL Connection Monitor Screen 198 9.14 The Content Filter Statistics Screen 200 9.15 Content Filter Cache Screen 202 9.16 The Anti-Spam Statistics Screen 204 9.17 The Anti-Spam Status Screen... Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....Expressions in Searching IPSec SAs 198 9.13 The SSL Connection Monitor Screen 198 9.14 The Content Filter Statistics Screen 200 9.15 Content Filter Cache Screen 202 9.16 The Anti-Spam Statistics Screen 204 9.17 The Anti-Spam Status Screen... Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 102
.... MENU ITEM(S) Configuration > BWM PREREQUISITES Zones Examples: Suppose you have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide You can define which user accounts (or groups) can subscribe using the menu item or one of bandwidth and priorities. MENU ITEM(S) Configuration > Anti...already subscribed to specific categories of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP to WAN (FTP server). 1 Create user account for Bob. 2 Click ...
.... MENU ITEM(S) Configuration > BWM PREREQUISITES Zones Examples: Suppose you have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide You can define which user accounts (or groups) can subscribe using the menu item or one of bandwidth and priorities. MENU ITEM(S) Configuration > Anti...already subscribed to specific categories of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP to WAN (FTP server). 1 Create user account for Bob. 2 Click ...
User Guide
Page 120
... using the RADIUS server. Click the Add icon. 120 ZyWALL USG 20/20W User's Guide Table 18 User-aware Access Control Example GROUP (USER) WEB SURFING WEB BANDWIDTH MSN Finance (Leo) Yes 200K No Engineer (Steven) Yes 100K No Sales (Debbie) Yes 100K Yes (M-F, 08:30~18:00) Boss ... will set up the following example, where you might create a script to create the user accounts instead. No LAN1-TODMZ ACCESS Yes No Yes Yes No No The users are authenticated by an external RADIUS server at 192.168.1.200. If it is a simple example that does not include priorities for specific...
... using the RADIUS server. Click the Add icon. 120 ZyWALL USG 20/20W User's Guide Table 18 User-aware Access Control Example GROUP (USER) WEB SURFING WEB BANDWIDTH MSN Finance (Leo) Yes 200K No Engineer (Steven) Yes 100K No Sales (Debbie) Yes 100K Yes (M-F, 08:30~18:00) Boss ... will set up the following example, where you might create a script to create the user accounts instead. No LAN1-TODMZ ACCESS Yes No Yes Yes No No The users are authenticated by an external RADIUS server at 192.168.1.200. If it is a simple example that does not include priorities for specific...
User Guide
Page 178
...users and delete related session information. • Use the Anti-X Statistics > Content Filter screen (Section 9.14 on page 200) to start or stop data collection and view content filter statistics. • Use the Anti-X Statistics > Content Filter > Cache screen (Section 9.15 on page 202) to view and configure your ZyWALL... 206) to see Section 9.13 on page 198) to list the users currently logged into the VPN SSL client portal. Figure 135 Monitor > System Status > Port Statistics 178 ZyWALL USG 20/20W User's Guide You can change the way the log is currently checking and DNSBL statistics...
...users and delete related session information. • Use the Anti-X Statistics > Content Filter screen (Section 9.14 on page 200) to start or stop data collection and view content filter statistics. • Use the Anti-X Statistics > Content Filter > Cache screen (Section 9.15 on page 202) to view and configure your ZyWALL... 206) to see Section 9.13 on page 198) to list the users currently logged into the VPN SSL client portal. Figure 135 Monitor > System Status > Port Statistics 178 ZyWALL USG 20/20W User's Guide You can change the way the log is currently checking and DNSBL statistics...
User Guide
Page 200
... are erased if you click Apply. All of the statistics are for the time period starting time displays after you restart the ZyWALL or click Flush Data. The format is year, month, day and hour, minute, second. Click Apply to save your changes... return the screen to the ZyWALL. Figure 149 Monitor > Anti-X Statistics > Content Filter 200 The following table describes the labels in this check box to have the ZyWALL collect content filtering statistics. Collecting starts over and a new collection start time displays. ZyWALL USG 20/20W User's Guide Chapter 9 Monitor 9.14 The...
... are erased if you click Apply. All of the statistics are for the time period starting time displays after you restart the ZyWALL or click Flush Data. The format is year, month, day and hour, minute, second. Click Apply to save your changes... return the screen to the ZyWALL. Figure 149 Monitor > Anti-X Statistics > Content Filter 200 The following table describes the labels in this check box to have the ZyWALL collect content filtering statistics. Collecting starts over and a new collection start time displays. ZyWALL USG 20/20W User's Guide Chapter 9 Monitor 9.14 The...
User Guide
Page 284
...200.200.200.1/24 wan1 For example, if the ZyWALL gets a packet with a destination address of 200.200.200.200, it routes the packet to the ZyWALL. Ingress Bandwidth OK Cancel This is used to exit this screen without saving. 11.10 Interface Technical Reference Here is always 255.255.255.255 284 ZyWALL USG 20/20W User's Guide... Click OK to save your changes back to interface lan1. Allowed values are 0 - 1048576. Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface. ...
...200.200.200.1/24 wan1 For example, if the ZyWALL gets a packet with a destination address of 200.200.200.200, it routes the packet to the ZyWALL. Ingress Bandwidth OK Cancel This is used to exit this screen without saving. 11.10 Interface Technical Reference Here is always 255.255.255.255 284 ZyWALL USG 20/20W User's Guide... Click OK to save your changes back to interface lan1. Allowed values are 0 - 1048576. Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface. ...
User Guide
Page 285
... is an optional setting for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.10 0 The gateway is a DHCP client. At the time of traffic the ZyWALL allows in the routing table. For these interfaces, you can only enter...200.200.200.100 on the network. Table 74 Example: Routing Table Entry for each interface. • Egress bandwidth sets the amount of traffic the ZyWALL sends out through the interface to the network. • Ingress bandwidth sets the amount of writing, the ZyWALL does not support ingress bandwidth management. ZyWALL USG 20/20W User's Guide...
... is an optional setting for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.10 0 The gateway is a DHCP client. At the time of traffic the ZyWALL allows in the routing table. For these interfaces, you can only enter...200.200.200.100 on the network. Table 74 Example: Routing Table Entry for each interface. • Egress bandwidth sets the amount of traffic the ZyWALL sends out through the interface to the network. • Ingress bandwidth sets the amount of writing, the ZyWALL does not support ingress bandwidth management. ZyWALL USG 20/20W User's Guide...
User Guide
Page 287
... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The... interface assigns the corresponding IP address. The interface provides the same gateway you can have to DNS servers that provide DNS services for DHCP clients. ZyWALL USG 20/20W User's Guide 287 For example, if the interface's IP address is 9.9.9.1 and subnet mask is in the first entry, if the subnet mask is a Windows implementation...
... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The... interface assigns the corresponding IP address. The interface provides the same gateway you can have to DNS servers that provide DNS services for DHCP clients. ZyWALL USG 20/20W User's Guide 287 For example, if the interface's IP address is 9.9.9.1 and subnet mask is in the first entry, if the subnet mask is a Windows implementation...
User Guide
Page 332
... doing so. After, you are using. To turn off an entry, select it and click Activate. The ZyWALL confirms you want to remove it automatically sends updated IP addresses to configure the ZyWALL. ZyWALL USG 20/20W User's Guide Figure 200 Configuration > Network > DDNS 332 The following screen. Finding Out More See Section 6.5.8 on page 98 for related...
... doing so. After, you are using. To turn off an entry, select it and click Activate. The ZyWALL confirms you want to remove it automatically sends updated IP addresses to configure the ZyWALL. ZyWALL USG 20/20W User's Guide Figure 200 Configuration > Network > DDNS 332 The following screen. Finding Out More See Section 6.5.8 on page 98 for related...
User Guide
Page 455
... the LAN1 so inbound means the traffic traveling from the LAN1 to the WAN. ZyWALL USG 20/20W User's Guide 455 Figure 279 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Outbound 200 kbps Inbound 500 kbps Bandwidth Management Priority • The ZyWALL gives bandwidth to WAN policy for other applications. Take a LAN1 to higher-priority traffic...
... the LAN1 so inbound means the traffic traveling from the LAN1 to the WAN. ZyWALL USG 20/20W User's Guide 455 Figure 279 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Outbound 200 kbps Inbound 500 kbps Bandwidth Management Priority • The ZyWALL gives bandwidth to WAN policy for other applications. Take a LAN1 to higher-priority traffic...
User Guide
Page 456
U. PRIORITY A 300 kbps No 1 B 200 kbps No 1 ACTUAL RATE 300 kbps 200 kbps Priority Effect Here the configured rates total more than the available bandwidth and maximize bandwidth usage is disabled, both servers get a larger... and policy B for FTP servers A and B. Table 127 Configured Rate Effect POLICY CONFIGURED RATE MAX. Yes Yes PRIORITY ACTUAL RATE 1 800 kbps 2 200 kbps 456 ZyWALL USG 20/20W User's Guide Bandwidth Management Behavior The following table the configured rates total less than the available bandwidth. Each server tries to send 1000 kbps, but the...
U. PRIORITY A 300 kbps No 1 B 200 kbps No 1 ACTUAL RATE 300 kbps 200 kbps Priority Effect Here the configured rates total more than the available bandwidth and maximize bandwidth usage is disabled, both servers get a larger... and policy B for FTP servers A and B. Table 127 Configured Rate Effect POLICY CONFIGURED RATE MAX. Yes Yes PRIORITY ACTUAL RATE 1 800 kbps 2 200 kbps 456 ZyWALL USG 20/20W User's Guide Bandwidth Management Behavior The following table the configured rates total less than the available bandwidth. Each server tries to send 1000 kbps, but the...
User Guide
Page 457
...unused bandwidth each ). The priority has no bandwidth with different priorities (as shown here) as a configuration error. B. U. ZyWALL USG 20/20W User's Guide 457 Chapter 28 Bandwidth Management Maximize Bandwidth Usage Effect With maximize bandwidth usage enabled, after each server gets its configured rate, ...a total of traffic with this configuration. You should regard extreme over allotment of 550 kbps. So server A gets its configured rate of 200 kbps plus 250 kbps for a total of 450 kbps. PRIORITY ACTUAL RATE A 1000 kbps Yes 1 999 kbps B 1000 kbps Yes...
...unused bandwidth each ). The priority has no bandwidth with different priorities (as shown here) as a configuration error. B. U. ZyWALL USG 20/20W User's Guide 457 Chapter 28 Bandwidth Management Maximize Bandwidth Usage Effect With maximize bandwidth usage enabled, after each server gets its configured rate, ...a total of traffic with this configuration. You should regard extreme over allotment of 550 kbps. So server A gets its configured rate of 200 kbps plus 250 kbps for a total of 450 kbps. PRIORITY ACTUAL RATE A 1000 kbps Yes 1 999 kbps B 1000 kbps Yes...
User Guide
Page 458
... an overview of if it is an outgoing call or an incoming call. HTTP: Any to Any Outbound: 200 Kbps Inbound: 200 Kbps Priority: 1 Max. B. FTP: WAN to 200 kbps. B. U. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to the LAN and DMZ... from VIP users must be limited so it does not interfere with SIP and HTTP traffic. • FTP traffic from the LAN and DMZ) is limited to LAN or DMZ. 458 ZyWALL USG 20/20W User's Guide
... an overview of if it is an outgoing call or an incoming call. HTTP: Any to Any Outbound: 200 Kbps Inbound: 200 Kbps Priority: 1 Max. B. FTP: WAN to 200 kbps. B. U. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to the LAN and DMZ... from VIP users must be limited so it does not interfere with SIP and HTTP traffic. • FTP traffic from the LAN and DMZ) is limited to LAN or DMZ. 458 ZyWALL USG 20/20W User's Guide
User Guide
Page 459
...Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 28.1.3.3 SIP WAN to Any Bandwidth Management Example You also create a policy for other applications (except SIP) to lower priorities so the local users' HTTP traffic gets... 283 HTTP Any to WAN Bandwidth Management Example • Inbound traffic gets more bandwidth as the local users will probably download more than they upload (and the ADSL connection supports this). • Second highest ....1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 20/20W User's Guide 459
...Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 28.1.3.3 SIP WAN to Any Bandwidth Management Example You also create a policy for other applications (except SIP) to lower priorities so the local users' HTTP traffic gets... 283 HTTP Any to WAN Bandwidth Management Example • Inbound traffic gets more bandwidth as the local users will probably download more than they upload (and the ADSL connection supports this). • Second highest ....1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 20/20W User's Guide 459
User Guide
Page 647
ZyWALL USG 20/20W User's Guide 647 Figure 378 Configuration > System > WWW > Service Control The following table describes the labels in the Service Control table to access the ZyWALL Web Configurator using secure HTTPs connections. Table 200 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the...
ZyWALL USG 20/20W User's Guide 647 Figure 378 Configuration > System > WWW > Service Control The following table describes the labels in the Service Control table to access the ZyWALL Web Configurator using secure HTTPs connections. Table 200 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the...
User Guide
Page 648
... ZyWALL (using the Web Configurator). To change an entry's position in the numbered list, select the method and click Move to display a field to type a number for where you change the HTTPS server port to use HTTPS to log into SSL VPN for example). Chapter 43 System Table 200... the rule to the number that traffic will match so the ZyWALL will not have certificates already configured in the Zone field (Accept) or not (Deny). 648 ZyWALL USG 20/20W User's Guide You must notify people who need to access the ZyWALL Web Configurator to traffic that has been imported as the URL....
... ZyWALL (using the Web Configurator). To change an entry's position in the numbered list, select the method and click Move to display a field to type a number for where you change the HTTPS server port to use HTTPS to log into SSL VPN for example). Chapter 43 System Table 200... the rule to the number that traffic will match so the ZyWALL will not have certificates already configured in the Zone field (Accept) or not (Deny). 648 ZyWALL USG 20/20W User's Guide You must notify people who need to access the ZyWALL Web Configurator to traffic that has been imported as the URL....
User Guide
Page 649
...access. This is the object name of the IP address(es) with the IP address specified above can access the ZyWALL. ZyWALL USG 20/20W User's Guide 649 The ZyWALL confirms you want to remove it and click Edit to be able to authenticate a client. Zone Address Action Authentication ... field to type a number for a service if needed, however you typed. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION HTTP Enable Server Port Admin/User Service Control Add Edit Remove Move # Select the check box to allow or disallow the computer with...
...access. This is the object name of the IP address(es) with the IP address specified above can access the ZyWALL. ZyWALL USG 20/20W User's Guide 649 The ZyWALL confirms you want to remove it and click Edit to be able to authenticate a client. Zone Address Action Authentication ... field to type a number for a service if needed, however you typed. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION HTTP Enable Server Port Admin/User Service Control Add Edit Remove Move # Select the check box to allow or disallow the computer with...
User Guide
Page 650
... Login Page Click Configuration > System > WWW > Login Page to open the Login Page screen. You can 650 ZyWALL USG 20/20W User's Guide Select ALL to allow or deny any ZyWALL zones from the specified computers. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Apply Reset Click Apply to save your changes...
... Login Page Click Configuration > System > WWW > Login Page to open the Login Page screen. You can 650 ZyWALL USG 20/20W User's Guide Select ALL to allow or deny any ZyWALL zones from the specified computers. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Apply Reset Click Apply to save your changes...
User Guide
Page 742
... Local Users Maximum Admin Users Maximum User Groups Maximum Users in One User Group OBJECTS Address Objects Address Groups Maximum address object in one group Service Objects 8 4 per interface 1 2 2 64 100 6000 1024 8K 128 up to 8 per PR rule up to interface limit 1000 500 500 64 5 16 64 100 25 64 200 742 ZyWALL USG 20/20W User's Guide
... Local Users Maximum Admin Users Maximum User Groups Maximum Users in One User Group OBJECTS Address Objects Address Groups Maximum address object in one group Service Objects 8 4 per interface 1 2 2 64 100 6000 1024 8K 128 up to 8 per PR rule up to interface limit 1000 500 500 64 5 16 64 100 25 64 200 742 ZyWALL USG 20/20W User's Guide
User Guide
Page 943
...491 policies 487, 488 prerequisites 102 registration status 215, 492, 497 reports, see content filtering reports statistics 200 testing 507 trial service activation 213 uncategorized pages 498 unsafe web pages 498 URL for blocked access 491 content...date/time 168, 631 and schedules 567 daylight savings 633 setting manually 635 time server 635 current user list 198 custom access user page 650 login page 650 custom signatures 731 custom.rules file 731 Index D Data Encryption Standard,... 417 DiffServ 309 Digital Signature Algorithm public-key algorithm, see DSA ZyWALL USG 20/20W User's Guide 943
...491 policies 487, 488 prerequisites 102 registration status 215, 492, 497 reports, see content filtering reports statistics 200 testing 507 trial service activation 213 uncategorized pages 498 unsafe web pages 498 URL for blocked access 491 content...date/time 168, 631 and schedules 567 daylight savings 633 setting manually 635 time server 635 current user list 198 custom access user page 650 login page 650 custom signatures 731 custom.rules file 731 Index D Data Encryption Standard,... 417 DiffServ 309 Digital Signature Algorithm public-key algorithm, see DSA ZyWALL USG 20/20W User's Guide 943