User Guide
Page 14
... Set Up a Firewall Rule For H.323 135 7.10 How to Allow Public Access to a Web Server 136 7.10.1 Create the Address Objects 137 7.10.2 Configure NAT ...137 7.10.3 Set Up a Firewall Rule 138 7.11 How to Use an IPPBX on the DMZ 139 7.11.1 Turn On the ALG ...141 ... 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163 Chapter 8 Dashboard ...165 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
... Set Up a Firewall Rule For H.323 135 7.10 How to Allow Public Access to a Web Server 136 7.10.1 Create the Address Objects 137 7.10.2 Configure NAT ...137 7.10.3 Set Up a Firewall Rule 138 7.11 How to Use an IPPBX on the DMZ 139 7.11.1 Turn On the ALG ...141 ... 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163 Chapter 8 Dashboard ...165 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 33
... 3G USB card. The wireless function is sending or receiving packets on the ZyWALL. This User's Guide provides information about the Web Configurator. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for example, SSH or Telnet) or via the ZyWALL USG 20/20W User's Guide 33 Figure 2 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI...
... 3G USB card. The wireless function is sending or receiving packets on the ZyWALL. This User's Guide provides information about the Web Configurator. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for example, SSH or Telnet) or via the ZyWALL USG 20/20W User's Guide 33 Figure 2 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI...
User Guide
Page 48
...ZyWALL's wireless clients. WLAN Status (For USG 20W only) Displays the connection status of the ZyWALL's DDNS domain names. Traffic Statistics Collect and display traffic statistics. Login Users Lists the users currently logged into the VPN SSL client portal. Cellular Status Displays details about the ZyWALL... and display content filter statistics Cache Manage the ZyWALL's URL cache. Service View the licensed service status and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Chapter 3 Web Configurator 3.3.2.2 Monitor Menu The monitor menu screens display ...
...ZyWALL's wireless clients. WLAN Status (For USG 20W only) Displays the connection status of the ZyWALL's DDNS domain names. Traffic Statistics Collect and display traffic statistics. Login Users Lists the users currently logged into the VPN SSL client portal. Cellular Status Displays details about the ZyWALL... and display content filter statistics Cache Manage the ZyWALL's URL cache. Service View the licensed service status and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Chapter 3 Web Configurator 3.3.2.2 Monitor Menu The monitor menu screens display ...
User Guide
Page 49
... VPN Gateway Configure IKE tunnels. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of IP addresses to force user authentication. ZyWALL USG 20/20W User's Guide 49 Cellular Configure a cellular Internet connection for users and groups. OSPF Configure device-level ...PPP Create and manage PPPoE and PPTP interfaces. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed wireless LAN card. Global Setting Configure the ZyWALL's SSL VPN settings that apply to define various policies. Ethernet Manage Ethernet...
... VPN Gateway Configure IKE tunnels. NAT Set up and manage HTTP redirection rules. Exempt List Configure ranges of IP addresses to force user authentication. ZyWALL USG 20/20W User's Guide 49 Cellular Configure a cellular Internet connection for users and groups. OSPF Configure device-level ...PPP Create and manage PPPoE and PPTP interfaces. IP/MAC Binding Summary Configure IP to MAC address bindings for an installed wireless LAN card. Global Setting Configure the ZyWALL's SSL VPN settings that apply to define various policies. Ethernet Manage Ethernet...
User Guide
Page 146
... can configure 146 ZyWALL USG 20/20W User's Guide Specifying a Source Address is recommended. Figure 104 Configuring the Policy Route 7.13 How to Set Up a Wireless LAN This tutorial applies only to use the range of public IP addresses as the source address for WAN to Public-IPs and click OK. You can configure different interfaces to USG 20W. Chapter...
... can configure 146 ZyWALL USG 20/20W User's Guide Specifying a Source Address is recommended. Figure 104 Configuring the Policy Route 7.13 How to Set Up a Wireless LAN This tutorial applies only to use the range of public IP addresses as the source address for WAN to Public-IPs and click OK. You can configure different interfaces to USG 20W. Chapter...
User Guide
Page 147
... to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. ZyWALL USG 20/20W User's Guide 147 Figure 105 Configuration > Object > User/Group > User > Add 3 Use the Add icon in similar fashion...
... to create a WLAN interface that uses WPA or WPA2 security and the ZyWALL's local user database for authentication. 7.13.1 Set Up User Accounts The ZyWALL supports TTLS using PAP so you install the wireless LAN card. ZyWALL USG 20/20W User's Guide 147 Figure 105 Configuration > Object > User/Group > User > Add 3 Use the Add icon in similar fashion...
User Guide
Page 148
... Type, otherwise select WPA/WPA-2-Enterprise. Configure the SSID (ZYXEL_WPA in this example). Select to which security settings the ZyWALL applies to . This determines which security zone you want the WLAN interface to authenticate the users. Click OK. 148 ZyWALL USG 20/20W User's Guide If all of your wireless clients support WPA2, select WPA2-Enterprise as...
... Type, otherwise select WPA/WPA-2-Enterprise. Configure the SSID (ZYXEL_WPA in this example). Select to which security settings the ZyWALL applies to . This determines which security zone you want the WLAN interface to authenticate the users. Click OK. 148 ZyWALL USG 20/20W User's Guide If all of your wireless clients support WPA2, select WPA2-Enterprise as...
User Guide
Page 150
... software if you how to have a wireless client (not included with the ZyWALL) use the wireless network. 7.13.3.1 Configure the ZyXEL Wireless Client Utility This example covers how to configure ZyXEL's wireless client utility (not included with the ZyWALL) to a rogue AP). 150 ZyWALL USG 20/20W User's Guide Figure 107 Configuration > Network > Interface > WLAN 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface...
... software if you how to have a wireless client (not included with the ZyWALL) use the wireless network. 7.13.3.1 Configure the ZyXEL Wireless Client Utility This example covers how to configure ZyXEL's wireless client utility (not included with the ZyWALL) to a rogue AP). 150 ZyWALL USG 20/20W User's Guide Figure 107 Configuration > Network > Interface > WLAN 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface...
User Guide
Page 152
In TTLS Protocol, select PAP. Click Next. Figure 111 ZyXEL Wireless Client > Profile: Security Settings 152 ZyWALL USG 20/20W User's Guide Configure wlan_user as the security type and click Next. Chapter 7 Tutorials 3 Select WPA2 as the Login Name and enter the account's password (also wlan_user in this example. Figure 110 ZyXEL Wireless Client > Profile: Security Type 4 Set the encryption type to TKIP and the EAP type to TTLS.
In TTLS Protocol, select PAP. Click Next. Figure 111 ZyXEL Wireless Client > Profile: Security Settings 152 ZyWALL USG 20/20W User's Guide Configure wlan_user as the security type and click Next. Chapter 7 Tutorials 3 Select WPA2 as the Login Name and enter the account's password (also wlan_user in this example. Figure 110 ZyXEL Wireless Client > Profile: Security Type 4 Set the encryption type to TKIP and the EAP type to TTLS.
User Guide
Page 154
... Section 7.13.3.4 on page 162. 7.13.3.2 Configure the Funk Odyssey Wireless Client This example shows how to configure Funk's Odyssey Access Client Manager wireless client software (not included with the ZyWALL) to use the WLAN interface. 1 Open the Odyssey wireless client software and click Profiles > Add. Figure 115 Odyssey Access Client Manager > Profiles 154 ZyWALL USG 20/20W User's Guide
... Section 7.13.3.4 on page 162. 7.13.3.2 Configure the Funk Odyssey Wireless Client This example shows how to configure Funk's Odyssey Access Client Manager wireless client software (not included with the ZyWALL) to use the WLAN interface. 1 Open the Odyssey wireless client software and click Profiles > Add. Figure 115 Odyssey Access Client Manager > Profiles 154 ZyWALL USG 20/20W User's Guide
User Guide
Page 157
... Use the next section to import the ZyWALL's certificate into the wireless client. 7.13.3.3 Wireless Clients Import the ZyWALL's Certificate You must import the ZyWALL's certificate into the wireless clients if they are to export the certificate the ZyWALL is using profile and select the profile you configured ("ZYXEL_WPA" in this example). ZyWALL USG 20/20W User's Guide 157 Chapter 7 Tutorials 6 Enter...
... Use the next section to import the ZyWALL's certificate into the wireless client. 7.13.3.3 Wireless Clients Import the ZyWALL's Certificate You must import the ZyWALL's certificate into the wireless clients if they are to export the certificate the ZyWALL is using profile and select the profile you configured ("ZYXEL_WPA" in this example). ZyWALL USG 20/20W User's Guide 157 Chapter 7 Tutorials 6 Enter...
User Guide
Page 161
You can see the newly imported certificate listed in the ZyWALL's My Certificates screen's Subject and Issuer fields (respectively). The values in the Issued To and Issued By fields should match those in the ...open after the import is being displayed, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). ZyWALL USG 20/20W User's Guide 161 Figure 127 Configuration > Object > Certificate > My Certificates Repeat the steps to import the certificate into each wireless client computer that is to validate the ZyWALL's certificate when using the WLAN interface.
You can see the newly imported certificate listed in the ZyWALL's My Certificates screen's Subject and Issuer fields (respectively). The values in the Issued To and Issued By fields should match those in the ...open after the import is being displayed, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). ZyWALL USG 20/20W User's Guide 161 Figure 127 Configuration > Object > Certificate > My Certificates Repeat the steps to import the certificate into each wireless client computer that is to validate the ZyWALL's certificate when using the WLAN interface.
User Guide
Page 217
... Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Use the Trunk screens (Chapter 12 on page 222) to configure the Ethernet interfaces. You can only be associated with one Ethernet interface. • Use the Bridge screens (Section 11.9 on top...wireless LAN card. • Use the VLAN screens (Section 11.8 on page 264) to divide the physical network into a single network. • Use the Virtual Interface screen (Section 11.9.3 on top of interfaces used within the system operationally. VLAN interfaces receive and send tagged frames. ZyWALL USG 20/20W...
... Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Use the Trunk screens (Chapter 12 on page 222) to configure the Ethernet interfaces. You can only be associated with one Ethernet interface. • Use the Bridge screens (Section 11.9 on top...wireless LAN card. • Use the VLAN screens (Section 11.8 on page 264) to divide the physical network into a single network. • Use the Virtual Interface screen (Section 11.9.3 on top of interfaces used within the system operationally. VLAN interfaces receive and send tagged frames. ZyWALL USG 20/20W...
User Guide
Page 218
...--Ethernet, PPP, cellular, VLAN, bridge, and 218 ZyWALL USG 20/20W User's Guide Port groups create a hardware connection between ...• WLAN interfaces are for wireless LAN (IEEE 802.11b/g) connections via an installed wireless LAN card (for example) is...USG 20W only). • Virtual interfaces provide additional routing information in the ZyWALL. Types of Interfaces You can create several types of interface). • An interface is a logical entity through which (layer-3) packets pass. • An interface is a kind of interface. RIP and OSPF are also configured in the ZyWALL...
...--Ethernet, PPP, cellular, VLAN, bridge, and 218 ZyWALL USG 20/20W User's Guide Port groups create a hardware connection between ...• WLAN interfaces are for wireless LAN (IEEE 802.11b/g) connections via an installed wireless LAN card (for example) is...USG 20W only). • Virtual interfaces provide additional routing information in the ZyWALL. Types of Interfaces You can create several types of interface). • An interface is a logical entity through which (layer-3) packets pass. • An interface is a kind of interface. RIP and OSPF are also configured in the ZyWALL...
User Guide
Page 239
...wireless technology. Click OK to save your changes back to mobile devices. Click Cancel to exit this interface. ZyWALL USG 20/20W User's Guide 239 It allows fast transfer of a WAN trunk for load balancing. Note: The actual data rate you obtain varies depending on the 3G card you can configure... and bandwidth is only allocated to users when they send data. Chapter 11 Interfaces Table 54 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can...
...wireless technology. Click OK to save your changes back to mobile devices. Click Cancel to exit this interface. ZyWALL USG 20/20W User's Guide 239 It allows fast transfer of a WAN trunk for load balancing. Note: The actual data rate you obtain varies depending on the 3G card you can configure... and bandwidth is only allocated to users when they send data. Chapter 11 Interfaces Table 54 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can...
User Guide
Page 240
...originally 1x EvolutionData Only), also referred to as 3GSM. Packetswitched HSDPA (High-Speed Downlink Packet Access) is an evolution of wireless technologies. The brand name for IS-95 is sometimes marketed as EVDO, EVDO, or just EV, is a mobile telephony... (3G) wireless standard defined in ITUA specification, is cdmaOne. GSM (Global System for GSM switched Evolution (EDGE), Enhanced GPRS (EGPRS), etc. To change your 3G WAN settings, click Configuration > Network > Interface > Cellular. See Chapter 51 on different subnets. 240 ZyWALL USG 20/20W User's Guide...
...originally 1x EvolutionData Only), also referred to as 3GSM. Packetswitched HSDPA (High-Speed Downlink Packet Access) is an evolution of wireless technologies. The brand name for IS-95 is sometimes marketed as EVDO, EVDO, or just EV, is a mobile telephony... (3G) wireless standard defined in ITUA specification, is cdmaOne. GSM (Global System for GSM switched Evolution (EDGE), Enhanced GPRS (EGPRS), etc. To change your 3G WAN settings, click Configuration > Network > Interface > Cellular. See Chapter 51 on different subnets. 240 ZyWALL USG 20/20W User's Guide...
User Guide
Page 248
... circle. The following figure provides an example of a Wireless Network 248 ZyWALL USG 20/20W User's Guide If you select Log or Log-alert you configure and enable budget control, the ZyWALL resets the statistics. The wireless network is exceeded. Figure 167 Example of a wireless network. Chapter 11 Interfaces Table 57 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION Actions...
... circle. The following figure provides an example of a Wireless Network 248 ZyWALL USG 20/20W User's Guide If you select Log or Log-alert you configure and enable budget control, the ZyWALL resets the statistics. The wireless network is exceeded. Figure 167 Example of a wireless network. Chapter 11 Interfaces Table 57 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION Actions...
User Guide
Page 249
... and can protect the information that is the name of the wireless network. See Appendix C on wireless LANs. Figure 168 Configuration > Network > Interface > WLAN ZyWALL USG 20/20W User's Guide 249 Click Configuration > Network > Interface > WLAN to send and receive information. • Every wireless client in a wireless network must use different channels. It stands for more details on page 803...
... and can protect the information that is the name of the wireless network. See Appendix C on wireless LANs. Figure 168 Configuration > Network > Interface > WLAN ZyWALL USG 20/20W User's Guide 249 Click Configuration > Network > Interface > WLAN to send and receive information. • Every wireless client in a wireless network must use different channels. It stands for more details on page 803...
User Guide
Page 250
... the percentage of output power that this WLAN card is to use this to associate with the ZyWALL. If there is the maximum data fragment size that you configure the wireless security settings before it transmits. Select b Only to allow both IEEE802.11b and IEEE802.11g compliant... area, decrease the output power of bytes) for the fragmentation boundary for directed messages. The transmission rate of your ZyWALL's output power. 250 ZyWALL USG 20/20W User's Guide When enabled, a wireless client sends an RTS (Request To Send) and then waits for more information on your...
... the percentage of output power that this WLAN card is to use this to associate with the ZyWALL. If there is the maximum data fragment size that you configure the wireless security settings before it transmits. Select b Only to allow both IEEE802.11b and IEEE802.11g compliant... area, decrease the output power of bytes) for the fragmentation boundary for directed messages. The transmission rate of your ZyWALL's output power. 250 ZyWALL USG 20/20W User's Guide When enabled, a wireless client sends an RTS (Request To Send) and then waits for more information on your...
User Guide
Page 251
...inactive. Select Long to open a screen where you can be because your wireless network is not associated with any interface. See Section 11.3.2 on the packet's IEEE 802.1q or DSCP header. ZyWALL USG 20/20W User's Guide 251 This icon is lit when the entry is active and ...grouping of several A-MSDUs (Aggregate MAC Service Data Units) into one large A-MPDU (Aggregate MAC Protocol Data Unit). Chapter 11 Interfaces Table 58 Configuration > Network > Interface > WLAN LABEL DESCRIPTION QoS Select the Quality of Service priority for an example. This field is a sequential value, and...
...inactive. Select Long to open a screen where you can be because your wireless network is not associated with any interface. See Section 11.3.2 on the packet's IEEE 802.1q or DSCP header. ZyWALL USG 20/20W User's Guide 251 This icon is lit when the entry is active and ...grouping of several A-MSDUs (Aggregate MAC Service Data Units) into one large A-MPDU (Aggregate MAC Protocol Data Unit). Chapter 11 Interfaces Table 58 Configuration > Network > Interface > WLAN LABEL DESCRIPTION QoS Select the Quality of Service priority for an example. This field is a sequential value, and...