User Guide
Page 14
... Up a Firewall Rule 138 7.11 How to Use an IPPBX on the DMZ 139 7.11.1 Turn On the ALG ...141 7.11.2 Create the Address Objects 141 7.11.3 Setup a NAT Policy for the IPPBX 142 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 143 7.11.5 Set Up a DMZ to LAN... Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163 Chapter 8 Dashboard ...165 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/...
... Up a Firewall Rule 138 7.11 How to Use an IPPBX on the DMZ 139 7.11.1 Turn On the ALG ...141 7.11.2 Create the Address Objects 141 7.11.3 Setup a NAT Policy for the IPPBX 142 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 143 7.11.5 Set Up a DMZ to LAN... Create the WLAN Interface 147 7.13.3 Set Up the Wireless Clients to Use the WLAN Interface 150 Part II: Technical Reference 163 Chapter 8 Dashboard ...165 8.1 Overview ...165 8.1.1 What You Can Do in this Chapter 165 8.2 The Dashboard Screen ...165 8.2.1 The CPU Usage Screen 171 8.2.2 The Memory Usage Screen 172 14 ZyWALL USG 20/...
User Guide
Page 37
.... • One or more information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 20/20W User's Guide 37 You can create your own custom zones. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful...
.... • One or more information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 20/20W User's Guide 37 You can create your own custom zones. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful...
User Guide
Page 49
...continued) FOLDER OR LINK TAB FUNCTION Interface Port Role Use this screen to all connections. Bridge Create and manage bridges and virtual bridge interfaces. Routing Policy Route Create and manage routing policies. OSPF Configure device-level OSPF settings, including areas and virtual links....interfaces) for load balancing and link High Availability (HA). ZyWALL USG 20/20W User's Guide 49 Zone Configure zones used to force user authentication. DDNS Profile Define and manage the ZyWALL's DDNS domain names. NAT Set up and manage HTTP redirection rules. SSL VPN Access...
...continued) FOLDER OR LINK TAB FUNCTION Interface Port Role Use this screen to all connections. Bridge Create and manage bridges and virtual bridge interfaces. Routing Policy Route Create and manage routing policies. OSPF Configure device-level OSPF settings, including areas and virtual links....interfaces) for load balancing and link High Availability (HA). ZyWALL USG 20/20W User's Guide 49 Zone Configure zones used to force user authentication. DDNS Profile Define and manage the ZyWALL's DDNS domain names. NAT Set up and manage HTTP redirection rules. SSL VPN Access...
User Guide
Page 88
... DMZ) A zone is an overview of interfaces and VPN tunnels) simplify security settings. Use interfaces in configuring other features. 88 ZyWALL USG 20/20W User's Guide For a list of common objects, see what objects are configured and which configuration settings reference specific objects. 6.2 ...Configuration > Objects screens to see Section 6.6 on page 53) to create objects before you use interfaces and zones in configuring VPN, zones, trunks, DDNS, policy routes, static routes, HTTP redirect, and NAT. Port roles combine physical ports into interfaces. Use the Object Reference...
... DMZ) A zone is an overview of interfaces and VPN tunnels) simplify security settings. Use interfaces in configuring other features. 88 ZyWALL USG 20/20W User's Guide For a list of common objects, see what objects are configured and which configuration settings reference specific objects. 6.2 ...Configuration > Objects screens to see Section 6.6 on page 53) to create objects before you use interfaces and zones in configuring VPN, zones, trunks, DDNS, policy routes, static routes, HTTP redirect, and NAT. Port roles combine physical ports into interfaces. Use the Object Reference...
User Guide
Page 92
... interfaces as well as any Ethernet interfaces that are set up policy routes for IPSec traffic. • Policy routes can create Many 1:1 NAT entries to translate a range of private network addresses to a range of the external interfaces to the default WAN trunk. Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide
... interfaces as well as any Ethernet interfaces that are set up policy routes for IPSec traffic. • Policy routes can create Many 1:1 NAT entries to translate a range of private network addresses to a range of the external interfaces to the default WAN trunk. Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide
User Guide
Page 93
... clients to the other checks, for more . If a private network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the ZyWALL check the policy routes first by enabling the policy route feature's Use Policy Route to Override Direct Route option (see... page 297 for example the firewall check. ZyWALL USG 20/20W User's Guide 93 Configure policy routes to 1 NAT rules. See Chapter 13 on to a range of the ZyWALL's interfaces. It maps a range of private network servers that the outside clients use to 1 NAT rules. A many 1 to access the server...
... clients to the other checks, for more . If a private network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the ZyWALL check the policy routes first by enabling the policy route feature's Use Policy Route to Override Direct Route option (see... page 297 for example the firewall check. ZyWALL USG 20/20W User's Guide 93 Configure policy routes to 1 NAT rules. See Chapter 13 on to a range of the ZyWALL's interfaces. It maps a range of private network servers that the outside clients use to 1 NAT rules. A many 1 to access the server...
User Guide
Page 94
Chapter 6 Configuration Basics 4 Auto VPN Policy: The ZyWALL automatically creates these routing entries for how to select which trunk the ZyWALL uses as the packets match an entry in through an internal interface, if it through RIP and OSPF. See Chapter 13 on page ... IPSec rules up above the policy routes (see Section 23.2 on page 292 for the VPN rules. Figure 53 NAT Table Checking Flow 1 SNAT defined in the NAT table instead of requiring a separate policy route. 94 ZyWALL USG 20/20W User's Guide Disabling the IPSec VPN feature's Use Policy Route to bandwidth management.
Chapter 6 Configuration Basics 4 Auto VPN Policy: The ZyWALL automatically creates these routing entries for how to select which trunk the ZyWALL uses as the packets match an entry in through an internal interface, if it through RIP and OSPF. See Chapter 13 on page ... IPSec rules up above the policy routes (see Section 23.2 on page 292 for the VPN rules. Figure 53 NAT Table Checking Flow 1 SNAT defined in the NAT table instead of requiring a separate policy route. 94 ZyWALL USG 20/20W User's Guide Disabling the IPSec VPN feature's Use Policy Route to bandwidth management.
User Guide
Page 95
... USED These are two uses for information about each screen. There are other features you should usually create a policy route for a policy route unless time is one of the criterion. ZyWALL USG 20/20W User's Guide 95 Each feature description is organized as the menu item(s) in this User's Guide...find the main screen(s) for this feature. Chapter 6 Configuration Basics 4 SNAT is also now performed by default and included in the NAT table. 6.5 Feature Configuration Overview This section provides information about configuring the main features in the list of prerequisites.
... USED These are two uses for information about each screen. There are other features you should usually create a policy route for a policy route unless time is one of the criterion. ZyWALL USG 20/20W User's Guide 95 Each feature description is organized as the menu item(s) in this User's Guide...find the main screen(s) for this feature. Chapter 6 Configuration Basics 4 SNAT is also now performed by default and included in the NAT table. 6.5 Feature Configuration Overview This section provides information about configuring the main features in the list of prerequisites.
User Guide
Page 96
Note: When you create an interface, there is in the DMZ zone and uses a private IP address. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide Chapter 6 Configuration Basics 6.5.2 Licensing Registration Use these screens to register your ZyWALL and subscribe to a zone. To configure dmz's settings, click ...the Interface > Port Grouping screen) WHERE USED Zones, trunks, IPSec VPN, DDNS, policy routes, static routes, HTTP redirect, NAT Example: The dmz interface is no security applied on page 88 for bandwidth management (out of the features that use policy ...
Note: When you create an interface, there is in the DMZ zone and uses a private IP address. Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide Chapter 6 Configuration Basics 6.5.2 Licensing Registration Use these screens to register your ZyWALL and subscribe to a zone. To configure dmz's settings, click ...the Interface > Port Grouping screen) WHERE USED Zones, trunks, IPSec VPN, DDNS, policy routes, static routes, HTTP redirect, NAT Example: The dmz interface is no security applied on page 88 for bandwidth management (out of the features that use policy ...
User Guide
Page 97
... general NAT on the source address. If you have multiple WAN connections. 9 Select the interface that you have multiple WAN connections, select the trunk. 10 Specify the amount of FTP traffic that would also match the FTP traffic. ZyWALL USG 20/20W...as the source address. 6 You don't need to set up the criteria, next-hops, and NAT settings first. Note: The ZyWALL checks the policy routes in the order that the traffic comes in through your custom policy route comes ... if you are listed. So make sure that your WAN connection. 1 Create an address object for your WAN connection.
... general NAT on the source address. If you have multiple WAN connections. 9 Select the interface that you have multiple WAN connections, select the trunk. 10 Specify the amount of FTP traffic that would also match the FTP traffic. ZyWALL USG 20/20W...as the source address. 6 You don't need to set up the criteria, next-hops, and NAT settings first. Note: The ZyWALL checks the policy routes in the order that the traffic comes in through your custom policy route comes ... if you are listed. So make sure that your WAN connection. 1 Create an address object for your WAN connection.
User Guide
Page 98
...create a zone, the ZyWALL does not create any firewall rules, or configure remote management for background information. The ZyWALL only checks regular (through-ZyWALL) firewall rules for packets that are automatically assigned to make computers on page 88 for the new zone. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20.../20W User's Guide Each interface and VPN tunnel can be assigned to a dynamic IP address. The ZyWALL helps maintain this mapping. A zone is a group of interfaces and ...
...create a zone, the ZyWALL does not create any firewall rules, or configure remote management for background information. The ZyWALL only checks regular (through-ZyWALL) firewall rules for packets that are automatically assigned to make computers on page 88 for the new zone. MENU ITEM(S) Configuration > Network > NAT 98 ZyWALL USG 20.../20W User's Guide Each interface and VPN tunnel can be assigned to a dynamic IP address. The ZyWALL helps maintain this mapping. A zone is a group of interfaces and ...
User Guide
Page 101
...over the Internet or any insecure network that uses TCP/IP for communication. MENU ITEM(S) Configuration > VPN > IPSec VPN; ZyWALL USG 20/20W User's Guide 101 you have configured. • You don't need to specify the schedule or the user. •...authentication), addresses (local network, remote network, NAT), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 107. Chapter 6 Configuration Basics 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service). 2 Create an address object for the VoIP server (...
...over the Internet or any insecure network that uses TCP/IP for communication. MENU ITEM(S) Configuration > VPN > IPSec VPN; ZyWALL USG 20/20W User's Guide 101 you have configured. • You don't need to specify the schedule or the user. •...authentication), addresses (local network, remote network, NAT), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 107. Chapter 6 Configuration Basics 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > Service). 2 Create an address object for the VoIP server (...
User Guide
Page 137
... Address Object for the HTTP Server's Private IP Address 2 Create a host address object named Public_HTTP_Server_IP for thepublic WAN IP address 1.1.1.1. ZyWALL USG 20/20W User's Guide 137 So you set the Port Mapping Type to Port, the Protocol Type to TCP, and the original and mapped ports... object. • HTTP traffic and the HTTP server in this example both use TCP port 80. Figure 93 Creating the Address Object for thePublic IP Address 7.10.2 Configure NAT You need a NAT rule to send HTTP traffic coming to IP address 1.1.1.1 on wan1 to the HTTP server's private IP address of...
... Address Object for the HTTP Server's Private IP Address 2 Create a host address object named Public_HTTP_Server_IP for thepublic WAN IP address 1.1.1.1. ZyWALL USG 20/20W User's Guide 137 So you set the Port Mapping Type to Port, the Protocol Type to TCP, and the original and mapped ports... object. • HTTP traffic and the HTTP server in this example both use TCP port 80. Figure 93 Creating the Address Object for thePublic IP Address 7.10.2 Configure NAT You need a NAT rule to send HTTP traffic coming to IP address 1.1.1.1 on wan1 to the HTTP server's private IP address of...
User Guide
Page 138
... on page 343 for details). Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the HTTP server. Figure 94 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone... to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the web server. 138 ZyWALL USG 20/20W User's Guide
... on page 343 for details). Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the HTTP server. Figure 94 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone... to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the web server. 138 ZyWALL USG 20/20W User's Guide
User Guide
Page 142
Figure 99 Creating the Public IP Address Object 7.11.3 Setup a NAT Policy for the IPPBX Click Configuration > Network > NAT > Add. • Configure a name for the rule (WAN-DMZ_IPPBX here). • You want the IPPBX to receive calls from the WAN and also be ...for thepublic WAN IP address 1.1.1.2. If a domain name is registered for IP address 1.1.1.2, users can use the IPPBX (see NAT Loopback on page 343 for details). 142 ZyWALL USG 20/20W User's Guide Chapter 7 Tutorials 2 Create a host address object named IPPBX-Public for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ...
Figure 99 Creating the Public IP Address Object 7.11.3 Setup a NAT Policy for the IPPBX Click Configuration > Network > NAT > Add. • Configure a name for the rule (WAN-DMZ_IPPBX here). • You want the IPPBX to receive calls from the WAN and also be ...for thepublic WAN IP address 1.1.1.2. If a domain name is registered for IP address 1.1.1.2, users can use the IPPBX (see NAT Loopback on page 343 for details). 142 ZyWALL USG 20/20W User's Guide Chapter 7 Tutorials 2 Create a host address object named IPPBX-Public for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ...
User Guide
Page 143
If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to the IPPBX. ZyWALL USG 20/20W User's Guide 143 • Click OK.
If a domain name is registered for IP address 1.1.1.2, users can use it to connect to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to the IPPBX. ZyWALL USG 20/20W User's Guide 143 • Click OK.
User Guide
Page 144
...SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide Figure 101 Configuration > Firewall > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to allow the... IPPBX to send SIP traffic to allow and click OK. Chapter 7 Tutorials 1 Click Configuration > Firewall > Add. Set the From field as WAN and the To field as DMZ. Set the Destination to traffic before applying the firewall rule. IPPBX_DMZ is the destination because the ZyWALL applies NAT...
...SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide Figure 101 Configuration > Firewall > Add 7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to allow the... IPPBX to send SIP traffic to allow and click OK. Chapter 7 Tutorials 1 Click Configuration > Firewall > Add. Set the From field as WAN and the To field as DMZ. Set the Destination to traffic before applying the firewall rule. IPPBX_DMZ is the destination because the ZyWALL applies NAT...
User Guide
Page 306
...Triggering Otherwise, select a pre-defined address (group) to use as they are applied in order to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide Use Create new Object if you to allocate bandwidth to a route and prioritize traffic that matches this route. The ordering of the packets...Table 79 Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Source Network Address Translation Select none to not use NAT for this interface. Select outgoing-interface to use the IP address of the outgoing interface as what you want to move an entry to...
...Triggering Otherwise, select a pre-defined address (group) to use as they are applied in order to apply bandwidth shaping. 306 ZyWALL USG 20/20W User's Guide Use Create new Object if you to allocate bandwidth to a route and prioritize traffic that matches this route. The ordering of the packets...Table 79 Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Source Network Address Translation Select none to not use NAT for this interface. Select outgoing-interface to use the IP address of the outgoing interface as what you want to move an entry to...
User Guide
Page 337
... You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on a private network behind the ZyWALL available outside the private network. CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - You can make computers on the Internet. For example, the ...server IP address of a host in the private network available by using ports to forward packets to a different IP address known within another network. ZyWALL USG 20/20W User's Guide 337 Suppose you can also create new NAT rules and edit or delete existing ones.
... You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on a private network behind the ZyWALL available outside the private network. CHAPTER 17 NAT 17.1 NAT Overview NAT (Network Address Translation - You can make computers on the Internet. For example, the ...server IP address of a host in the private network available by using ports to forward packets to a different IP address known within another network. ZyWALL USG 20/20W User's Guide 337 Suppose you can also create new NAT rules and edit or delete existing ones.
User Guide
Page 338
... to the Web Configurator and click Configuration > Network > NAT. Table 94 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen, login to create a new entry. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network...
... to the Web Configurator and click Configuration > Network > NAT. Table 94 Configuration > Network > NAT LABEL DESCRIPTION Add Click this screen, login to create a new entry. In addition, this screen. The following table describes the labels in this screen allows you can modify the entry's settings. 338 ZyWALL USG 20/20W User's Guide Figure 203 Configuration > Network...