User Guide
Page 21
.../Edit Screen 542 33.3 User Group Summary Screen 545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What You Can Do... Screen 555 34.2.1 Address Add/Edit Screen 557 34.3 Address Group Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
.../Edit Screen 542 33.3 User Group Summary Screen 545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What You Can Do... Screen 555 34.2.1 Address Add/Edit Screen 557 34.3 Address Group Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
User Guide
Page 44
... setting. If your web browser, and go to generate a number. If you log in. 4 Click Login. By default, the ZyWALL automatically routes this request to its HTTPS server, and it in using the default user name and password, the Update Admin Info screen (Figure 7 on page 45) appears. The...Enter it is only good for one login. You must use the OTP (One-Time Password) token to http://192.168.1.1. The number is recommended to generate a new number the next time you logged in the One-Time Password field. Figure 7 Update Admin Info Screen 44 ZyWALL USG 20/20W User's Guide
... setting. If your web browser, and go to generate a number. If you log in. 4 Click Login. By default, the ZyWALL automatically routes this request to its HTTPS server, and it in using the default user name and password, the Update Admin Info screen (Figure 7 on page 45) appears. The...Enter it is only good for one login. You must use the OTP (One-Time Password) token to http://192.168.1.1. The number is recommended to generate a new number the next time you logged in the One-Time Password field. Figure 7 Update Admin Info Screen 44 ZyWALL USG 20/20W User's Guide
User Guide
Page 45
... ZyWALL USG 20/20W User's Guide 45 Follow the directions in this screen does not appear anymore. navigation panel • C - If you change the password for the default user account, this screen. Figure 8 Dashboard B A C 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name and default password. If you change the default password, the Login...
... ZyWALL USG 20/20W User's Guide 45 Follow the directions in this screen does not appear anymore. navigation panel • C - If you change the password for the default user account, this screen. Figure 8 Dashboard B A C 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name and default password. If you change the default password, the Login...
User Guide
Page 169
... go to the Session Monitor screen to system default configuration - ZyWALL USG 20/20W User's Guide 169 Fallback to see details about the ZyWALL's startup state. Hover your cursor over this field to display the Show CPU Usage icon that takes you to the Login Users ZyWALL. These are traversing the ZyWALL. Number of This field displays the number...
... go to the Session Monitor screen to system default configuration - ZyWALL USG 20/20W User's Guide 169 Fallback to see details about the ZyWALL's startup state. Hover your cursor over this field to display the Show CPU Usage icon that takes you to the Login Users ZyWALL. These are traversing the ZyWALL. Number of This field displays the number...
User Guide
Page 369
... policy in yet. The ZyWALL automatically displays the login screen whenever it routes HTTP traffic for the default authentication policy that the ZyWALL uses on traffic that dictates... when the policy applies. force - Source This displays the source address object to the login screen. Chapter 21 Authentication Policy Table 103 Configuration > Auth. unnecessary - required - You can edit the default rule but not delete it displays here. Users need to be authenticated. ZyWALL USG 20/20W...
... policy in yet. The ZyWALL automatically displays the login screen whenever it routes HTTP traffic for the default authentication policy that the ZyWALL uses on traffic that dictates... when the policy applies. force - Source This displays the source address object to the login screen. Chapter 21 Authentication Policy Table 103 Configuration > Auth. unnecessary - required - You can edit the default rule but not delete it displays here. Users need to be authenticated. ZyWALL USG 20/20W...
User Guide
Page 371
...of one that defines when the policy applies. ZyWALL USG 20/20W User's Guide 371 Users need to have the ZyWALL generate a log (log), log and alert (log alert) or not (no) for this to have the ZyWALL automatically display the login screen when users who have not logged in the... with the one that the most users should match last. Select an endpoint security object and use for packets that match the default policy. Select any endpoint security objects that require authentication. Click Cancel to remove them to be authenticated. Enable EPS Checking Select this...
...of one that defines when the policy applies. ZyWALL USG 20/20W User's Guide 371 Users need to have the ZyWALL generate a log (log), log and alert (log alert) or not (no) for this to have the ZyWALL automatically display the login screen when users who have not logged in the... with the one that the most users should match last. Select an endpoint security object and use for packets that match the default policy. Select any endpoint security objects that require authentication. Click Cancel to remove them to be authenticated. Enable EPS Checking Select this...
User Guide
Page 375
...you can configure a To-ZyWALL firewall rule (with From Any To ZyWALL direction) for the ZyWALL. ZyWALL USG 20/20W User's Guide 375 Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the user name only. Chapter 22 Firewall To-ZyWALL Rules Rules with ZyWALL as the packet direction are...IP address and IP protocol type of the ZyWALL. By default: • The firewall allows only LAN, WLAN (USG 20W), or WAN computers to access or manage the ZyWALL. • The ZyWALL drops most packets from the WAN zone to the ZyWALL itself, except for ESP/AH/IKE/NATT/...
...you can configure a To-ZyWALL firewall rule (with From Any To ZyWALL direction) for the ZyWALL. ZyWALL USG 20/20W User's Guide 375 Firewall Rule Criteria The ZyWALL checks the schedule, user name (user's login name on the user name only. Chapter 22 Firewall To-ZyWALL Rules Rules with ZyWALL as the packet direction are...IP address and IP protocol type of the ZyWALL. By default: • The firewall allows only LAN, WLAN (USG 20W), or WAN computers to access or manage the ZyWALL. • The ZyWALL drops most packets from the WAN zone to the ZyWALL itself, except for ESP/AH/IKE/NATT/...
User Guide
Page 433
The domain name must be registered to one of the ZyWALL's DDNS entries. Do not include the host. The ZyWALL displays the normal login screen without the button for SSL VPN login. Leave this screen. ZyWALL USG 20/20W User's Guide 433 Chapter 24 SSL VPN 24.3 The SSL Global Setting Screen Click VPN >...Network Extension Local IP SSL VPN Login Domain Name SSL VPN Login Domain Name 1/2 Specify the IP address of two WAN ports. For example, www.zyxel.com is a fully qualified domain name where "www" is the host; Use this screen to the default settings unless it conflicts with another ...
The domain name must be registered to one of the ZyWALL's DDNS entries. Do not include the host. The ZyWALL displays the normal login screen without the button for SSL VPN login. Leave this screen. ZyWALL USG 20/20W User's Guide 433 Chapter 24 SSL VPN 24.3 The SSL Global Setting Screen Click VPN >...Network Extension Local IP SSL VPN Login Domain Name SSL VPN Login Domain Name 1/2 Specify the IP address of two WAN ports. For example, www.zyxel.com is a fully qualified domain name where "www" is the host; Use this screen to the default settings unless it conflicts with another ...
User Guide
Page 434
...Setting (continued) LABEL DESCRIPTION Message Login Message Specify a message to display on the screen when a user logs in and an SSL VPN connection is the default logo. Specify the location and...enter up to Default Apply Reset Note: The logo graphic must be displayed on the web browser on your computer to verify that the new logo displays properly. 434 ZyWALL USG 20/20W User's Guide... a message to display the ZyXEL company logo on the screen when a user logs out and the SSL VPN connection is terminated successfully. Click Reset Logo to Default to display on the remote ...
...Setting (continued) LABEL DESCRIPTION Message Login Message Specify a message to display on the screen when a user logs in and an SSL VPN connection is the default logo. Specify the location and...enter up to Default Apply Reset Note: The logo graphic must be displayed on the web browser on your computer to verify that the new logo displays properly. 434 ZyWALL USG 20/20W User's Guide... a message to display the ZyXEL company logo on the screen when a user logs out and the SSL VPN connection is terminated successfully. Click Reset Logo to Default to display on the remote ...
User Guide
Page 539
... • The Setting screen (see Section 33.3 on page 547) controls default settings, login settings, lockout settings, and other user groups. User accounts are the types of user accounts the ZyWALL uses. User Types These are used in firewall rules, in addition to controlling... page 545) provides a summary of a user logged into the ZyWALL. User groups may consist of User Accounts TYPE ABILITIES LOGIN METHOD(S) Admin Users admin Change ZyWALL configuration (web, CLI) WWW, TELNET, SSH, FTP, Console ZyWALL USG 20/20W User's Guide 539 You can also set up rules that control...
... • The Setting screen (see Section 33.3 on page 547) controls default settings, login settings, lockout settings, and other user groups. User accounts are the types of user accounts the ZyWALL uses. User Types These are used in firewall rules, in addition to controlling... page 545) provides a summary of a user logged into the ZyWALL. User groups may consist of User Accounts TYPE ABILITIES LOGIN METHOD(S) Admin Users admin Change ZyWALL configuration (web, CLI) WWW, TELNET, SSH, FTP, Console ZyWALL USG 20/20W User's Guide 539 You can also set up rules that control...
User Guide
Page 540
...in the remote server. 2 User account (Ext-User) in the ZyWALL. 3 Default user account for this user in the ZyWALL. Chapter 33 User/Group Table 151 Types of User Accounts (continued) TYPE ABILITIES LOGIN METHOD(S) limited-admin Look at ZyWALL configuration (web, CLI) WWW, TELNET, SSH, Console Access Users ...policies for this session to get the user type (see Table 151 on page 583, respectively.) Note: If the ZyWALL tries to set up specific policies for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radius-users) in the ZyWALL. 540 ZyWALL USG 20/20W User's Guide
...in the remote server. 2 User account (Ext-User) in the ZyWALL. 3 Default user account for this user in the ZyWALL. Chapter 33 User/Group Table 151 Types of User Accounts (continued) TYPE ABILITIES LOGIN METHOD(S) limited-admin Look at ZyWALL configuration (web, CLI) WWW, TELNET, SSH, Console Access Users ...policies for this session to get the user type (see Table 151 on page 583, respectively.) Note: If the ZyWALL tries to set up specific policies for AD users (ad-users), LDAP users (ldap-users) or RADIUS users (radius-users) in the ZyWALL. 540 ZyWALL USG 20/20W User's Guide
User Guide
Page 541
... 33 User/Group See Setting up the attributes in an external server. Note: You cannot put the default admin account into the ZyWALL to authenticate users with WPA or WPA2 instead of needing an external RADIUS server. User Groups User groups...See Section 37.2.1 on page 577 for a list of user accounts or other user groups. ZyWALL USG 20/20W User's Guide 541 If you can use via the ZyWALL, you want to group users by the value of creating separate rules for the AD or ... See Section 33.4.2 on page 552 for some information on page 553 for a user-aware login example.
... 33 User/Group See Setting up the attributes in an external server. Note: You cannot put the default admin account into the ZyWALL to authenticate users with WPA or WPA2 instead of needing an external RADIUS server. User Groups User groups...See Section 37.2.1 on page 577 for a list of user accounts or other user groups. ZyWALL USG 20/20W User's Guide 541 If you can use via the ZyWALL, you want to group users by the value of creating separate rules for the AD or ... See Section 33.4.2 on page 552 for some information on page 553 for a user-aware login example.
User Guide
Page 547
The order of this group and move them to move it routes traffic for the ZyWALL. Click OK to save your changes. 33.4 Setting Screen The Setting screen controls default settings, login settings, lockout settings, and other user settings for them . You can double-click a single entry to move them . You can also use... The Member list displays the names of the users and user groups that you do not want to be members of members is not important. ZyWALL USG 20/20W User's Guide 547
The order of this group and move them to move it routes traffic for the ZyWALL. Click OK to save your changes. 33.4 Setting Screen The Setting screen controls default settings, login settings, lockout settings, and other user settings for them . You can double-click a single entry to move them . You can also use... The Member list displays the names of the users and user groups that you do not want to be members of members is not important. ZyWALL USG 20/20W User's Guide 547
User Guide
Page 548
... settings. Double-click an entry or select it is not associated with a specific entry. 548 ZyWALL USG 20/20W User's Guide Figure 323 Configuration > Object > User/Group > Setting The following table describes the labels in this screen, login to use the default settings. You can modify the entry's settings. # This field is a sequential value, and it...
... settings. Double-click an entry or select it is not associated with a specific entry. 548 ZyWALL USG 20/20W User's Guide Figure 323 Configuration > Object > User/Group > Setting The following table describes the labels in this screen, login to use the default settings. You can modify the entry's settings. # This field is a sequential value, and it...
User Guide
Page 550
... must wait to try to login again, if logon retry limit is enabled and the maximum retry count is effective when Limit ... Type the maximum number of times each access user. These default authentication timeout settings also control the settings for any user account's authentication timeout settings. 550 ZyWALL USG 20/20W User's Guide Chapter 33...
... must wait to try to login again, if logon retry limit is enabled and the maximum retry count is effective when Limit ... Type the maximum number of times each access user. These default authentication timeout settings also control the settings for any user account's authentication timeout settings. 550 ZyWALL USG 20/20W User's Guide Chapter 33...
User Guide
Page 552
...Access users can select this check box to reset the lease time automatically 30 seconds before the ZyWALL automatically logs the access user out, regardless of the lease time. 552 ZyWALL USG 20/20W User's Guide timeout This field displays the amount of lease time that remains before it . Remaining...specify a lease time shorter than or equal to the one that you specified. The default value is the lease time that you specified. Chapter 33 User/Group 33.4.2 User Aware Login Example Access users cannot use the Web Configurator to browse the configuration of time remaining ...
...Access users can select this check box to reset the lease time automatically 30 seconds before the ZyWALL automatically logs the access user out, regardless of the lease time. 552 ZyWALL USG 20/20W User's Guide timeout This field displays the amount of lease time that remains before it . Remaining...specify a lease time shorter than or equal to the one that you specified. The default value is the lease time that you specified. Chapter 33 User/Group 33.4.2 User Aware Login Example Access users cannot use the Web Configurator to browse the configuration of time remaining ...
User Guide
Page 575
...to authenticate administrative users logging into the ZyWALL's Web Configurator or network access users logging into the network through the ZyWALL. You create and store user profile and login information on page 579) to configure the default external RADIUS server to use the ...to validate a large number of a database specialized for fast information retrieval and filtering activities. Normally, the directory structure reflects the geographical or ZyWALL USG 20/20W User's Guide 575 Chapter 37 AAA Server • Use the Configuration > Object > AAA Server > RADIUS screen (Section 37.3 on ...
...to authenticate administrative users logging into the ZyWALL's Web Configurator or network access users logging into the network through the ZyWALL. You create and store user profile and login information on page 579) to configure the default external RADIUS server to use the ...to validate a large number of a database specialized for fast information retrieval and filtering activities. Normally, the directory structure reflects the geographical or ZyWALL USG 20/20W User's Guide 575 Chapter 37 AAA Server • Use the Configuration > Object > AAA Server > RADIUS screen (Section 37.3 on ...
User Guide
Page 606
...login name (up to 31 ASCII characters) from the entity maintaining the server (usually a certification authority). Password Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP server (usually a certification authority). Port Use this read -only fields display detailed information about the certificate. 606 ZyWALL USG 20/20W... 39 Certificates The following table describes the labels in order to assess the OCSP server. LDAP is the default server port number for LDAP. OCSP Server Select this check box if the directory server uses LDAP (Lightweight...
...login name (up to 31 ASCII characters) from the entity maintaining the server (usually a certification authority). Password Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP server (usually a certification authority). Port Use this read -only fields display detailed information about the certificate. 606 ZyWALL USG 20/20W... 39 Certificates The following table describes the labels in order to assess the OCSP server. LDAP is the default server port number for LDAP. OCSP Server Select this check box if the directory server uses LDAP (Lightweight...
User Guide
Page 653
... 64 printable ASCII characters. Use up to set how the Web Configurator login screen looks. Spaces are allowed. Spaces are allowed. Customized Access Page Use this screen. Spaces are allowed. ZyWALL USG 20/20W User's Guide 653 Logo File You can upload a graphic logo to ...8226; Enter a pound sign (#) followed by commas. Table 202 Configuration > System > WWW > Login Page LABEL DESCRIPTION Select Type Select whether the Web Configurator uses the default login screen or one that you customize in the rest of the screen. Your desired color should display in...
... 64 printable ASCII characters. Use up to set how the Web Configurator login screen looks. Spaces are allowed. Spaces are allowed. Customized Access Page Use this screen. Spaces are allowed. ZyWALL USG 20/20W User's Guide 653 Logo File You can upload a graphic logo to ...8226; Enter a pound sign (#) followed by commas. Table 202 Configuration > System > WWW > Login Page LABEL DESCRIPTION Select Type Select whether the Web Configurator uses the default login screen or one that you customize in the rest of the screen. Your desired color should display in...
User Guide
Page 654
...Login Page LABEL DESCRIPTION Note Message Enter a note to the Web Configurator login screen; Specify the location and file name of the ZyWALL you wish to access. 43.7.7.1 Internet Explorer Warning Messages When you attempt to access the ZyWALL...No, then Web Configurator access is from the ZyWALL. Figure 383 Security Alert Dialog Box (Internet Explorer) 654 ZyWALL USG 20/20W User's Guide To use a color, select Color...back to the ZyWALL. Window Background Set how the window's background looks. Use up asking if you haven't changed the default HTTPS port on the ZyWALL, then in Internet...
...Login Page LABEL DESCRIPTION Note Message Enter a note to the Web Configurator login screen; Specify the location and file name of the ZyWALL you wish to access. 43.7.7.1 Internet Explorer Warning Messages When you attempt to access the ZyWALL...No, then Web Configurator access is from the ZyWALL. Figure 383 Security Alert Dialog Box (Internet Explorer) 654 ZyWALL USG 20/20W User's Guide To use a color, select Color...back to the ZyWALL. Window Background Set how the window's background looks. Use up asking if you haven't changed the default HTTPS port on the ZyWALL, then in Internet...