User Guide
Page 3
E-mail techwriters@zyxel.com.tw if you cannot find specific information in the ZyWALL Web Configurator. • Read Chapter 4 on page 59 if you're using the installation wizard for first time setup and you want more detailed information ... the ZyWALL. • Read Chapter 3 on page 43 for detailed information on that feature. • It is highly recommended you use the Command-Line Interface (CLI) to the main components, icons and menus in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. ZyWALL USG 20/20W User's Guide 3
E-mail techwriters@zyxel.com.tw if you cannot find specific information in the ZyWALL Web Configurator. • Read Chapter 4 on page 59 if you're using the installation wizard for first time setup and you want more detailed information ... the ZyWALL. • Read Chapter 3 on page 43 for detailed information on that feature. • It is highly recommended you use the Command-Line Interface (CLI) to the main components, icons and menus in this guide, use the Contents Overview, the Table of Contents, the Index, or search the PDF file. ZyWALL USG 20/20W User's Guide 3
User Guide
Page 4
... efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. More help you. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation...
... efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. More help you. Thank you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation...
User Guide
Page 5
... in operating systems, operating system versions, or if you should contact your device. Learn from the product due to solve it. ZyWALL USG 20/20W User's Guide 5 If you cannot contact your vendor, then contact a ZyXEL office for the region in which you took to differences in this book may differ slightly from others who use...
... in operating systems, operating system versions, or if you should contact your device. Learn from the product due to solve it. ZyWALL USG 20/20W User's Guide 5 If you cannot contact your vendor, then contact a ZyXEL office for the region in which you took to differences in this book may differ slightly from others who use...
User Guide
Page 6
...( > ) within a screen name denotes a mouse click. Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. For example, "k" for kilo may denote "1000" or "1024", "M" for mega...the "scientific" value. For example, Maintenance > Log > Log Setting means you first click Maintenance in this User's Guide. • Product labels, screen names, field labels and field choices are shown in the navigation panel, ... you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide
...( > ) within a screen name denotes a mouse click. Syntax Conventions • The ZyWALL may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. For example, "k" for kilo may denote "1000" or "1024", "M" for mega...the "scientific" value. For example, Maintenance > Log > Log Setting means you first click Maintenance in this User's Guide. • Product labels, screen names, field labels and field choices are shown in the navigation panel, ... you other important information (for example, other words". 6 ZyWALL USG 20/20W User's Guide
User Guide
Page 7
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
The ZyWALL icon is not an exact representation of your device. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 20/20W User's Guide 7 Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
... BY AN INCORRECT TYPE. Dispose them . • Always disconnect all the connections are indoors. Used electrical and electronic equipment should not be treated separately. 8 ZyWALL USG 20/20W User's Guide This device meets ETSI and FCC certification requirements when using the included antenna(s). WEEE stands for your device. There is known as the WEEE mark...
... BY AN INCORRECT TYPE. Dispose them . • Always disconnect all the connections are indoors. Used electrical and electronic equipment should not be treated separately. 8 ZyWALL USG 20/20W User's Guide This device meets ETSI and FCC certification requirements when using the included antenna(s). WEEE stands for your device. There is known as the WEEE mark...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...Binding ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 10
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
Contents Overview Schedules ...567 AAA Server ...573 Authentication Method ...583 Certificates ...589 ISP Accounts ...611 SSL Application ...615 Endpoint Security ...621 System ...629 Log and Report ...679 File Manager ...693 Diagnostics ...705 Packet Flow Explore ...715 Reboot ...723 Shutdown ...725 Troubleshooting ...727 Product Specifications ...741 10 ZyWALL USG 20/20W User's Guide
User Guide
Page 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
... Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20/20W User's Guide 11
User Guide
Page 12
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Finish 80 5.5.4 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup ...
... 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W User's Guide Finish 80 5.5.4 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Table of Contents Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup ...
User Guide
Page 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
... 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104 6.7 System ...105 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM 105 6.7.2 Logs and Reports ...105 6.7.3 File Manager ...106 6.7.4 Diagnostics ...106 6.7.5 Shutdown ...106 Chapter... an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
User Guide
Page 14
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
....1 Create the Public IP Address Range Object 145 7.12.2 Configure the Policy Route 146 7.13 How to Set Up a Wireless LAN 146 7.13.1 Set Up User Accounts 147 7.13.2 Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163... 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/20W User's Guide
User Guide
Page 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
...Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in this Chapter 177 9.2 The Port... 183 9.5 The Session Monitor Screen 186 9.6 The DDNS Status Screen 189 9.7 IP/MAC Binding Monitor ...189 9.8 The Login Users Screen 190 9.9 WLAN Status Screen ...191 9.10 The following table describes the labels in this menu.Cellular Status Screen 192 9....You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 16
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
....2.1 Policy Route Edit Screen 303 13.3 IP Static Route Screen ...307 13.3.1 Static Route Add/Edit Screen 308 13.4 Policy Routing Technical Reference 309 16 ZyWALL USG 20/20W User's Guide
User Guide
Page 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
... 18.1 Overview ...347 18.1.1 What You Can Do in this Chapter 347 18.1.2 What You Need to Know 348 18.2 The HTTP Redirect Screen 349 ZyWALL USG 20/20W User's Guide 17
User Guide
Page 18
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
...25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens ...Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide...
User Guide
Page 20
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
Table of Contents 27.6 Uninstalling the ZyWALL SecuExtender 452 Chapter 28 Bandwidth Management...453 28.1 Overview ...453 28.1.1 What You Can Do in this Chapter 453 28.1.2 What You Need to Know ....5.1 Content Filter Blocked and Warning Messages 508 30.6 Content Filter Customization Screen 508 30.7 Content Filter Technical Reference 511 Chapter 31 Content Filter Reports ...513 20 ZyWALL USG 20/20W User's Guide
User Guide
Page 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
... List Screen 531 32.6 The DNSBL Screen ...532 32.7 Anti-Spam Technical Reference 534 Chapter 33 User/Group ...539 33.1 Overview ...539 33.1.1 What You Can Do in this Chapter 539 33.1.2 What You Need ...545 33.3.1 Group Add/Edit Screen 546 33.4 Setting Screen ...547 33.4.1 Default User Authentication Timeout Settings Edit Screens 550 33.4.2 User Aware Login Example 552 33.5 User /Group Technical Reference 553 Chapter 34 Addresses...555 34.1 Overview ...555 34.1.1 What...Summary Screen 558 34.3.1 Address Group Add/Edit Screen 559 Chapter 35 Services ...561 ZyWALL USG 20/20W User's Guide 21
User Guide
Page 22
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide