User Guide
Page 4
... all User Guide-related comments, questions or suggestions for the latest product updates and documentation from this link. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide More help is a collection of answers to www.zyxel.com for additional support documentation and product certifications. E-mail: techwriters@zyxel.com.tw Need More Help?
... all User Guide-related comments, questions or suggestions for the latest product updates and documentation from this link. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide More help is a collection of answers to www.zyxel.com for additional support documentation and product certifications. E-mail: techwriters@zyxel.com.tw Need More Help?
User Guide
Page 5
Customer Support Should problems arise that cannot be solved by the methods listed above, you bought the device. Every effort has been made to ensure that you ... firmware/software for your vendor. About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in operating systems, operating system versions, or if you took to differences in this manual is accurate. ZyWALL USG 20/20W User's Guide 5 Learn from the product due to solve it. If you cannot contact...
Customer Support Should problems arise that cannot be solved by the methods listed above, you bought the device. Every effort has been made to ensure that you ... firmware/software for your vendor. About This User's Guide • Forum This contains discussions on ZyXEL products. Disclaimer Graphics in operating systems, operating system versions, or if you took to differences in this manual is accurate. ZyWALL USG 20/20W User's Guide 5 Learn from the product due to solve it. If you cannot contact...
User Guide
Page 24
... Customizing the WWW Login Page 650 43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665 43.9 Telnet ...666 43.9.1 Configuring Telnet... Supported MIBs ...672 43.11.2 SNMP Traps ...672 43.11.3 Configuring SNMP 672 43.12 Vantage CNM ...674 43.12.1 Configuring Vantage CNM 675 43.13 Language Screen ...677 Chapter 44 Log and Report ...679 44.1 Overview ...679 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/...
... Customizing the WWW Login Page 650 43.7.7 HTTPS Example ...654 43.8 SSH ...661 43.8.1 How SSH Works ...662 43.8.2 SSH Implementation on the ZyWALL 663 43.8.3 Requirements for Using SSH 663 43.8.4 Configuring SSH ...663 43.8.5 Secure Telnet Using SSH Examples 665 43.9 Telnet ...666 43.9.1 Configuring Telnet... Supported MIBs ...672 43.11.2 SNMP Traps ...672 43.11.3 Configuring SNMP 672 43.12 Vantage CNM ...674 43.12.1 Configuring Vantage CNM 675 43.13 Language Screen ...677 Chapter 44 Log and Report ...679 44.1 Overview ...679 44.1.1 What You Can Do In this Chapter 679 24 ZyWALL USG 20/...
User Guide
Page 33
... and management using remote management (for example, SSH or Telnet) or via the ZyWALL USG 20/20W User's Guide 33 Orange On The ZyWALL is connected to the ZyWALL's USB port. P1~P5 Green Off There is not supported by the ZyWALL. Figure 2 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI) The CLI allows you to use...
... and management using remote management (for example, SSH or Telnet) or via the ZyWALL USG 20/20W User's Guide 33 Orange On The ZyWALL is connected to the ZyWALL's USB port. P1~P5 Green Off There is not supported by the ZyWALL. Figure 2 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI) The CLI allows you to use...
User Guide
Page 49
... domain names. ALG Configure SIP, H.323, and FTP pass-through settings. Policy Define rules to define various policies. ZyWALL USG 20/20W User's Guide 49 Routing Policy Route Create and manage routing policies. Zone Configure zones used to force user authentication....manage PPPoE and PPTP interfaces. HTTP Redirect Set up and manage port forwarding rules. Exempt List Configure ranges of IP addresses to each supported interface. IP/MAC Binding Summary Configure IP to MAC address bindings for users and groups. Firewall Firewall Create and manage level-3 traffic...
... domain names. ALG Configure SIP, H.323, and FTP pass-through settings. Policy Define rules to define various policies. ZyWALL USG 20/20W User's Guide 49 Routing Policy Route Create and manage routing policies. Zone Configure zones used to force user authentication....manage PPPoE and PPTP interfaces. HTTP Redirect Set up and manage port forwarding rules. Exempt List Configure ranges of IP addresses to each supported interface. IP/MAC Binding Summary Configure IP to MAC address bindings for users and groups. Firewall Firewall Create and manage level-3 traffic...
User Guide
Page 89
... or dmz) interface. • PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). In addition to being used in various features, interfaces also describe the network that is also possible to the ZyWALL. • Ethernet interfaces are required for defining other interfaces and network policies. ZyWALL USG 20/20W User's Guide 89 ISP accounts...
... or dmz) interface. • PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). In addition to being used in various features, interfaces also describe the network that is also possible to the ZyWALL. • Ethernet interfaces are required for defining other interfaces and network policies. ZyWALL USG 20/20W User's Guide 89 ISP accounts...
User Guide
Page 96
You must have Internet access to a zone. You can also use interfaces support Ethernet, PPPoE/PPTP, cellular, VLAN, and bridge interfaces. Note: When you assign it to myZyXEL.com. To configure dmz's settings, click ... 6.5.3 Interface See Section 6.2 on page 88 for bandwidth management (out of the features that use policy routes for background information. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide MENU ITEM(S) PREREQUISITES Configuration > Network > Interface (except Network > Interface > Trunk) Port groups (configured in the Interface >...
You must have Internet access to a zone. You can also use interfaces support Ethernet, PPPoE/PPTP, cellular, VLAN, and bridge interfaces. Note: When you assign it to myZyXEL.com. To configure dmz's settings, click ... 6.5.3 Interface See Section 6.2 on page 88 for bandwidth management (out of the features that use policy routes for background information. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide MENU ITEM(S) PREREQUISITES Configuration > Network > Interface (except Network > Interface > Trunk) Port groups (configured in the Interface >...
User Guide
Page 147
... > Interface > WLAN > Add to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. Chapter 7 Tutorials the WLAN interfaces before or after... you can use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. Enter (and re-enter) the user's password. ZyWALL USG 20...
... > Interface > WLAN > Add to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. Chapter 7 Tutorials the WLAN interfaces before or after... you can use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. Enter (and re-enter) the user's password. ZyWALL USG 20...
User Guide
Page 148
Select to which security settings the ZyWALL applies to DHCP Server. Set the Authentication Type to authenticate the users. The ZyWALL can modify it to the WLAN interface. Configure the interface's IP address and set it if you want to belong (the... settings are configured by zones. A (internal) name for the WLAN interface displays. Click OK. 148 ZyWALL USG 20/20W User's Guide If all of your wireless clients support WPA2, select WPA2-Enterprise as follows. Chapter 7 Tutorials 2 Edit this example). You can use its default authentication method (the local user ...
Select to which security settings the ZyWALL applies to DHCP Server. Set the Authentication Type to authenticate the users. The ZyWALL can modify it to the WLAN interface. Configure the interface's IP address and set it if you want to belong (the... settings are configured by zones. A (internal) name for the WLAN interface displays. Click OK. 148 ZyWALL USG 20/20W User's Guide If all of your wireless clients support WPA2, select WPA2-Enterprise as follows. Chapter 7 Tutorials 2 Edit this example). You can use its default authentication method (the local user ...
User Guide
Page 196
... the USB storage device is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . Ready - the ZyWALL is not supported (unknown) by the ZyWALL. none - Unused - the use the USB storage device. Deactivated - This field displays ...ZyWALL USG 20/20W User's Guide OutofSpace - Detail This field displays any other information the ZyWALL retrieves from using the Remove Now button or for how to stop the ZyWALL from the USB storage device. Table 37 Monitor > System Status > USB Storage LABEL DESCRIPTION Device description This is not supported...
... the USB storage device is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . Ready - the ZyWALL is not supported (unknown) by the ZyWALL. none - Unused - the use the USB storage device. Deactivated - This field displays ...ZyWALL USG 20/20W User's Guide OutofSpace - Detail This field displays any other information the ZyWALL retrieves from using the Remove Now button or for how to stop the ZyWALL from the USB storage device. Table 37 Monitor > System Status > USB Storage LABEL DESCRIPTION Device description This is not supported...
User Guide
Page 218
...IEEE 802.11b/g) connections via an installed wireless LAN card (for defining other types of interfaces--Ethernet, PPP, cellular, VLAN, bridge, and 218 ZyWALL USG 20/20W User's Guide See Section 11.2 on page 220 and Chapter 12 on page 289 for example) is a kind of interface. There are the...and subnet mask to the bridge. • PPP interfaces support Point-to-Point Protocols (PPP). You can take advantage of some security features in the ZyWALL. • Setting interfaces to the same port role forms a port group. The ZyWALL automatically adds or removes the tags as needed. Chapter 11...
...IEEE 802.11b/g) connections via an installed wireless LAN card (for defining other types of interfaces--Ethernet, PPP, cellular, VLAN, bridge, and 218 ZyWALL USG 20/20W User's Guide See Section 11.2 on page 220 and Chapter 12 on page 289 for example) is a kind of interface. There are the...and subnet mask to the bridge. • PPP interfaces support Point-to-Point Protocols (PPP). You can take advantage of some security features in the ZyWALL. • Setting interfaces to the same port role forms a port group. The ZyWALL automatically adds or removes the tags as needed. Chapter 11...
User Guide
Page 222
...> Network > Interface > Ethernet. The ZyWALL supports two routing protocols, RIP and OSPF. See Chapter 14 on top of interfaces, you cannot create new Ethernet interfaces nor can you can verify the gateway is effectively removed from the ZyWALL, but you delete any physical ports assigned...interface created on page 313 for background information about these routing protocols. Figure 158 Configuration > Network > Interface > Ethernet (USG 20W) 222 ZyWALL USG 20/20W User's Guide If an Ethernet interface does not have an IP address, subnet mask, and gateway used to control which...
...> Network > Interface > Ethernet. The ZyWALL supports two routing protocols, RIP and OSPF. See Chapter 14 on top of interfaces, you cannot create new Ethernet interfaces nor can you can verify the gateway is effectively removed from the ZyWALL, but you delete any physical ports assigned...interface created on page 313 for background information about these routing protocols. Figure 158 Configuration > Network > Interface > Ethernet (USG 20W) 222 ZyWALL USG 20/20W User's Guide If an Ethernet interface does not have an IP address, subnet mask, and gateway used to control which...
User Guide
Page 224
...• Set the priority used by RIP-2 packets - The ZyWALL can use subnet broadcasting or multicasting. The ZyWALL can receive routing information, send routing information, or do both versions. • Select the broadcasting method used to support in each direction - With OSPF, you can receive routing information..., send routing information, or do both. • Select which version of RIP to identify the DR or BDR if one does not exist. 224 ZyWALL USG 20/20W User's Guide The ZyWALL can use...
...• Set the priority used by RIP-2 packets - The ZyWALL can use subnet broadcasting or multicasting. The ZyWALL can receive routing information, send routing information, or do both versions. • Select the broadcasting method used to support in each direction - With OSPF, you can receive routing information..., send routing information, or do both. • Select which version of RIP to identify the DR or BDR if one does not exist. 224 ZyWALL USG 20/20W User's Guide The ZyWALL can use...
User Guide
Page 244
...field is read -only if you selected Device in the profile selection. Enter the 4-digit PIN code (0000 for outgoing calls. The ZyWALL supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). If this 3G card exactly as the service provider gave it to...to initialize the 3G card. The first character must be blocked by your ISP disabled PIN code authentication, enter an arbitrary number. 244 ZyWALL USG 20/20W User's Guide If you enter the PIN code incorrectly, the 3G card may be alphanumeric or -_@$./. Chapter 11 Interfaces Table 57 ...
...field is read -only if you selected Device in the profile selection. Enter the 4-digit PIN code (0000 for outgoing calls. The ZyWALL supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). If this 3G card exactly as the service provider gave it to...to initialize the 3G card. The first character must be blocked by your ISP disabled PIN code authentication, enter an arbitrary number. 244 ZyWALL USG 20/20W User's Guide If you enter the PIN code incorrectly, the 3G card may be alphanumeric or -_@$./. Chapter 11 Interfaces Table 57 ...
User Guide
Page 252
...Add (or Edit) to its last-saved settings. 11.6.1 WLAN Add/Edit Screen Use the strongest security that every wireless client in the wireless network supports. It displays as the personal version of WPA). • WPA2-PSK and WPA-PSK do not employ user authentication and are always static in ...-PSK security is recommended. • You can use WPA or WPA2 without using it is 0.0.0.0, the interface does not have to none. 252 ZyWALL USG 20/20W User's Guide WPA and WPA2 are also called user authentication. Click Apply to save your changes back to the security features you set the...
...Add (or Edit) to its last-saved settings. 11.6.1 WLAN Add/Edit Screen Use the strongest security that every wireless client in the wireless network supports. It displays as the personal version of WPA). • WPA2-PSK and WPA-PSK do not employ user authentication and are always static in ...-PSK security is recommended. • You can use WPA or WPA2 without using it is 0.0.0.0, the interface does not have to none. 252 ZyWALL USG 20/20W User's Guide WPA and WPA2 are also called user authentication. Click Apply to save your changes back to the security features you set the...
User Guide
Page 258
... stronger than WEP, use WPA-PSK or WPA2-PSK or WPA or WPA2 if your wireless devices support it. Click Cancel to the ZyWALL. Your ZyWALL allows you use the same WEP key to open the WLAN Edit screen. Use the strongest security mechanism that you... available. Its encryption can be broken by an attacker, using encryption keys. Figure 170 Configuration > Network > Interface > WLAN > Add (WEP Security) 258 ZyWALL USG 20/20W User's Guide Chapter 11 Interfaces Table 60 Configuration > Network > Interface > WLAN > Add (No Security) LABEL DESCRIPTION OK Cancel Click OK to save...
... stronger than WEP, use WPA-PSK or WPA2-PSK or WPA or WPA2 if your wireless devices support it. Click Cancel to the ZyWALL. Your ZyWALL allows you use the same WEP key to open the WLAN Edit screen. Use the strongest security mechanism that you... available. Its encryption can be broken by an attacker, using encryption keys. Figure 170 Configuration > Network > Interface > WLAN > Add (WEP Security) 258 ZyWALL USG 20/20W User's Guide Chapter 11 Interfaces Table 60 Configuration > Network > Interface > WLAN > Add (No Security) LABEL DESCRIPTION OK Cancel Click OK to save...
User Guide
Page 260
...security fields. 260 ZyWALL USG 20/20W User's Guide The only difference between the two is that WPA-PSK uses a simple common password, instead of automatically changing the group key for WPA and WPA-PSK are the same. The re-keying process is also supported in WPA-PSK...labels. Idle Timeout Group Key Update Timer Note: If a RADIUS server authenticates wireless stations, the reauthentication timer on a periodic basis. The ZyWALL automatically disconnects a wireless station from 8 to the WLAN interface. Setting of inactivity. The wireless station needs to enter the username and ...
...security fields. 260 ZyWALL USG 20/20W User's Guide The only difference between the two is that WPA-PSK uses a simple common password, instead of automatically changing the group key for WPA and WPA-PSK are the same. The re-keying process is also supported in WPA-PSK...labels. Idle Timeout Group Key Update Timer Note: If a RADIUS server authenticates wireless stations, the reauthentication timer on a periodic basis. The ZyWALL automatically disconnects a wireless station from 8 to the WLAN interface. Setting of inactivity. The wireless station needs to enter the username and ...
User Guide
Page 262
...all clients. Idle Timeout Group Key Update Timer Note: If wireless station authentication is the WPA equivalent of the Group Key Update Timer is also supported in a WLAN on the RADIUS server has priority. The re-keying process is done using a RADIUS server, the reauthentication timer on a periodic... (up to be the same on the devices' MAC addresses. The screen appears as the key to 31 alphanumeric characters) as shown. 262 ZyWALL USG 20/20W User's Guide The Group Key Update Timer is assigned at which the AP sends a new group key out to stay connected. This key...
...all clients. Idle Timeout Group Key Update Timer Note: If wireless station authentication is the WPA equivalent of the Group Key Update Timer is also supported in a WLAN on the RADIUS server has priority. The re-keying process is done using a RADIUS server, the reauthentication timer on a periodic... (up to be the same on the devices' MAC addresses. The screen appears as the key to 31 alphanumeric characters) as shown. 262 ZyWALL USG 20/20W User's Guide The Group Key Update Timer is assigned at which the AP sends a new group key out to stay connected. This key...
User Guide
Page 275
...and vlan1. Unlike the device-wide bridge mode in the table and sends the packet to the routing table. The bridge interfaces also support more functions, like interface bandwidth parameters, DHCP settings, and connectivity check. Table 69 Example: Routing Table Before and After Bridge Interface...records the source address 0B:0B:0B:0B:0B:0B and port 4 in the table. Chapter 11 Interfaces If computer B responds to or ZyWALL USG 20/20W User's Guide 275 For example, this example, virtual Ethernet interface lan1:1 is also removed from the routing table and adds the bridge ...
...and vlan1. Unlike the device-wide bridge mode in the table and sends the packet to the routing table. The bridge interfaces also support more functions, like interface bandwidth parameters, DHCP settings, and connectivity check. Table 69 Example: Routing Table Before and After Bridge Interface...records the source address 0B:0B:0B:0B:0B:0B and port 4 in the table. Chapter 11 Interfaces If computer B responds to or ZyWALL USG 20/20W User's Guide 275 For example, this example, virtual Ethernet interface lan1:1 is also removed from the routing table and adds the bridge ...
User Guide
Page 285
... send this case, you can specify it as a gateway in the routing table). ZyWALL USG 20/20W User's Guide 285 In this to happen with the lowest metric, or cost. In the example above, if the ZyWALL gets a packet with a destination address of the interfaces. At the time of each interface.... ZyWALL uses the gateway with DHCP clients. In this case, the ZyWALL creates the following entry in the routing table. In many interfaces, you can also let the IP address and subnet mask be DHCP clients. In general, the IP address and subnet mask of writing, the ZyWALL does not support ...
... send this case, you can specify it as a gateway in the routing table). ZyWALL USG 20/20W User's Guide 285 In this to happen with the lowest metric, or cost. In the example above, if the ZyWALL gets a packet with a destination address of the interfaces. At the time of each interface.... ZyWALL uses the gateway with DHCP clients. In this case, the ZyWALL creates the following entry in the routing table. In many interfaces, you can also let the IP address and subnet mask be DHCP clients. In general, the IP address and subnet mask of writing, the ZyWALL does not support ...