User Guide
Page 3
...ZyWALL USG 20/20W User's Guide 3 Note: It is designed to show you how to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real time help provides. • It is highly recommended you read Chapter 7 on page 107 for ZyWALL... Audience This manual is highly recommended you read Chapter 6 on page 87 for detailed information on essential terms used in the ZyWALL, what prerequisites... Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you want to configure the ZyWALL. Read each screen.) It also contains a connection diagram...
...ZyWALL USG 20/20W User's Guide 3 Note: It is designed to show you how to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real time help provides. • It is highly recommended you read Chapter 7 on page 107 for ZyWALL... Audience This manual is highly recommended you read Chapter 6 on page 87 for detailed information on essential terms used in the ZyWALL, what prerequisites... Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you want to configure the ZyWALL. Read each screen.) It also contains a connection diagram...
User Guide
Page 5
...then contact a ZyXEL office for the region in which you took to solve it. Every effort has been made to differences in this manual is accurate. If you cannot contact your device. • Brief description of the problem and the steps you bought the device. ZyWALL USG 20/20W User's Guide... 5 See http://www.zyxel.com/web/contact_us.php for your device. About This...
...then contact a ZyXEL office for the region in which you took to solve it. Every effort has been made to differences in this manual is accurate. If you cannot contact your device. • Brief description of the problem and the steps you bought the device. ZyWALL USG 20/20W User's Guide... 5 See http://www.zyxel.com/web/contact_us.php for your device. About This...
User Guide
Page 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ...Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
... 394 23.2 The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN Background Information 415 ...Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User's Guide 19
User Guide
Page 35
... using the shutdown command writes all cached data to the ZyWALL. The ZyWALL does not stop the system processes or write cached data to network resources. The ZyWALL simply turns off or remove the power. Wait for the device to shut down and then manually turn off occurs when you may temporarily lose access... processes when you apply configuration files or run shell scripts although you turn off the power to the local storage and stops the system processes. ZyWALL USG 20/20W User's Guide 35
... using the shutdown command writes all cached data to the ZyWALL. The ZyWALL does not stop the system processes or write cached data to network resources. The ZyWALL simply turns off or remove the power. Wait for the device to shut down and then manually turn off occurs when you may temporarily lose access... processes when you apply configuration files or run shell scripts although you turn off the power to the local storage and stops the system processes. ZyWALL USG 20/20W User's Guide 35
User Guide
Page 184
...Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User's Guide Click Reset to return the screen to the right. You can click the Refresh button to update it manually in the report. you can collect information from which to collect information. The following... screen. The progress is a limit on page 186 for these reports. Chapter 9 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for more information. Click Apply to save your changes back to the...
...Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User's Guide Click Reset to return the screen to the right. You can click the Refresh button to update it manually in the report. you can collect information from which to collect information. The following... screen. The progress is a limit on page 186 for these reports. Chapter 9 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for more information. Click Apply to save your changes back to the...
User Guide
Page 196
...turned off) on page 630 for some reason the ZyWALL cannot mount it . Ready - Deactivated - Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide the connected USB storage device was manually unmounted by the ZyWALL, such as NTFS. the USB device is not ...supported by using the USB storage device so you can have the ZyWALL mount a connected USB storage device...
...turned off) on page 630 for some reason the ZyWALL cannot mount it . Ready - Deactivated - Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide the connected USB storage device was manually unmounted by the ZyWALL, such as NTFS. the USB device is not ...supported by using the USB storage device so you can have the ZyWALL mount a connected USB storage device...
User Guide
Page 197
... click Search to 30 alphanumeric and characters. Policy This field displays the content of associated IPSec SAs. ZyWALL USG 20/20W User's Guide 197 Chapter 9 Monitor screen appears. This field displays N/A if the IPSec SA uses manual keys. Figure 147 Monitor > VPN Monitor > IPSec Each field is encapsulated. Page x of the IPSec SA. connection...
... click Search to 30 alphanumeric and characters. Policy This field displays the content of associated IPSec SAs. ZyWALL USG 20/20W User's Guide 197 Chapter 9 Monitor screen appears. This field displays N/A if the IPSec SA uses manual keys. Figure 147 Monitor > VPN Monitor > IPSec Each field is encapsulated. Page x of the IPSec SA. connection...
User Guide
Page 198
...of traffic that ends with "abc" and ending in "123" matches, no matter how many seconds remain in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. Click Refresh to display the user list. A * in the VPN connection or policy name vary. Click Monitor >... and delete related session information. 198 ZyWALL USG 20/20W User's Guide A VPN connection or policy name named "testacc" for example would match. Wildcards (*) let multiple VPN connection or policy names match the pattern. This field displays N/A if the IPSec SA uses manual keys. For example, use "a?c" (...
...of traffic that ends with "abc" and ending in "123" matches, no matter how many seconds remain in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. Click Refresh to display the user list. A * in the VPN connection or policy name vary. Click Monitor >... and delete related session information. 198 ZyWALL USG 20/20W User's Guide A VPN connection or policy name named "testacc" for example would match. Wildcards (*) let multiple VPN connection or policy names match the pattern. This field displays N/A if the IPSec SA uses manual keys. For example, use "a?c" (...
User Guide
Page 203
...URL cache before the blocked URLs. Setting this screen. URL This is discarded (minutes) from the cache manually. ZyWALL USG 20/20W User's Guide 203 This sets how long the ZyWALL is the number of a categorized web site address record. Click Reset to return the screen to the...access requests but will speed up to display the blocked URLs before the URL entry is a web site's address that the ZyWALL previously checked with the external content filtering database. Apply Reset The external content filtering database frequently adds previously uncategorized web sites and...
...URL cache before the blocked URLs. Setting this screen. URL This is discarded (minutes) from the cache manually. ZyWALL USG 20/20W User's Guide 203 This sets how long the ZyWALL is the number of a categorized web site address record. Click Reset to return the screen to the...access requests but will speed up to display the blocked URLs before the URL entry is a web site's address that the ZyWALL previously checked with the external content filtering database. Apply Reset The external content filtering database frequently adds previously uncategorized web sites and...
User Guide
Page 227
... appears when Interface Properties is read -only. The gateway should be up to specify the IP address, subnet mask, and gateway manually. The ZyWALL automatically adds default SNAT settings for the network connected to an external interface. For General, the rest of the IP address is assigned... interface to an external network (like the Internet). ZyWALL USG 20/20W User's Guide 227 IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. You can be on the interface, you must manually configure a policy route to add routing and SNAT ...
... appears when Interface Properties is read -only. The gateway should be up to specify the IP address, subnet mask, and gateway manually. The ZyWALL automatically adds default SNAT settings for the network connected to an external interface. For General, the rest of the IP address is assigned... interface to an external network (like the Internet). ZyWALL USG 20/20W User's Guide 227 IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. You can be on the interface, you must manually configure a policy route to add routing and SNAT ...
User Guide
Page 230
...using . MAC Address Enter the MAC address to which to assign this to enter how long IP addresses are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide BiDir - Select the RIP version(s) used for more information about RIP. Choices are 1, 2, and 1 and 2. Direction This ... are currently using the interface's IP Pool Start Address and Pool Size. select this to create a new entry. Select the RIP direction from manually using a bound IP address on another device's MAC address. This interface receives routing information. Choices are : infinite - days, hours, and...
...using . MAC Address Enter the MAC address to which to assign this to enter how long IP addresses are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide BiDir - Select the RIP version(s) used for more information about RIP. Choices are 1, 2, and 1 and 2. Direction This ... are currently using the interface's IP Pool Start Address and Pool Size. select this to create a new entry. Select the RIP direction from manually using a bound IP address on another device's MAC address. This interface receives routing information. Choices are : infinite - days, hours, and...
User Guide
Page 231
...up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of this to identify itself. ZyWALL USG 20/20W User's Guide 231 Select this interface only receives routing information. This section ...use the factory assigned default MAC address. Choices are: Same-as-Area - Use Default MAC Address Select this interface. otherwise, the ZyWALL uses multicasting. Passive Interface Select this interface when the area is Text. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > ...
...up to have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of this to identify itself. ZyWALL USG 20/20W User's Guide 231 Select this interface only receives routing information. This section ...use the factory assigned default MAC address. Choices are: Same-as-Area - Use Default MAC Address Select this interface. otherwise, the ZyWALL uses multicasting. Passive Interface Select this interface when the area is Text. Chapter 11 Interfaces Table 51 Configuration > Network > Interface > ...
User Guide
Page 234
... with the (non-removable) System Default PPP interfaces pre-configured. The ZyWALL confirms you can create (and delete) User Configuration PPP interfaces. You might use this in testing the interface orto manually establish the connection for a Dial-on page 232 for an example....in the table below. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide You can modify the entry's settings. Remove To remove a user-configured PPP interface, select it ...
... with the (non-removable) System Default PPP interfaces pre-configured. The ZyWALL confirms you can create (and delete) User Configuration PPP interfaces. You might use this in testing the interface orto manually establish the connection for a Dial-on page 232 for an example....in the table below. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide You can modify the entry's settings. Remove To remove a user-configured PPP interface, select it ...
User Guide
Page 237
... a DHCP client. Click Show Advanced Settings to specify the IP address manually. Use Fixed IP Address Select this option if there is little traffic through the interface or it can be up all the time. ZyWALL USG 20/20W User's Guide 237 Interface Properties Interface Name Specify a name for ...details). User Name This field is blank if the ISP account uses PPTP. It can use this if you need to have the ZyWALL establish the PPPoE/PPTP connection only...
... a DHCP client. Click Show Advanced Settings to specify the IP address manually. Use Fixed IP Address Select this option if there is little traffic through the interface or it can be up all the time. ZyWALL USG 20/20W User's Guide 237 Interface Properties Interface Name Specify a name for ...details). User Name This field is blank if the ISP account uses PPTP. It can use this if you need to have the ZyWALL establish the PPPoE/PPTP connection only...
User Guide
Page 239
ZyWALL USG 20/20W User's Guide 239 Note: The actual data rate you obtain varies ... Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can manually configure a policy route to mobile devices. Bandwidth usage is optimized as part of voice and non-voice data and....5 Cellular Configuration Screen (3G) 3G (Third Generation) is a digital, packet-switched wireless technology. Click Cancel to the ZyWALL. Click Policy Route to go to a screen where you can configure the interface as multiple users share the same channel...
ZyWALL USG 20/20W User's Guide 239 Note: The actual data rate you obtain varies ... Related Setting Configure WAN TRUNK Policy Route OK Cancel Click WAN TRUNK to go to the screen where you can manually configure a policy route to mobile devices. Bandwidth usage is optimized as part of voice and non-voice data and....5 Cellular Configuration Screen (3G) 3G (Third Generation) is a digital, packet-switched wireless technology. Click Cancel to the ZyWALL. Click Policy Route to go to a screen where you can configure the interface as multiple users share the same channel...
User Guide
Page 241
...field displays where the entry's cellular card is inactive. This field displays the profile of ISP settings that you want to manually establish the connection. ZyWALL USG 20/20W User's Guide 241 Figure 165 Configuration > Network > Interface > Cellular Chapter 11 Interfaces The following screen displays. To...click Connect. To remove an entry, select it and click Activate. You might use . Select an entry and click Object References to the ZyWALL. Click Apply to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit). To turn on page ...
...field displays where the entry's cellular card is inactive. This field displays the profile of ISP settings that you want to manually establish the connection. ZyWALL USG 20/20W User's Guide 241 Figure 165 Configuration > Network > Interface > Cellular Chapter 11 Interfaces The following screen displays. To...click Connect. To remove an entry, select it and click Activate. You might use . Select an entry and click Object References to the ZyWALL. Click Apply to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit). To turn on page ...
User Guide
Page 243
... you selected Device in the profile selection. Select Custom in the profile selection to be up to 60 characters long. You can be up . ZyWALL USG 20/20W User's Guide 243 Table 57 Configuration > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings General Settings...to use with a 3G card. Spaces are configuring for use one in the ZyWALL. Chapter 11 Interfaces The following table describes the labels in this if the connection should always be able to manually input the APN (Access Point Name) provided by your 3G card if you ...
... you selected Device in the profile selection. Select Custom in the profile selection to be up to 60 characters long. You can be up . ZyWALL USG 20/20W User's Guide 243 Table 57 Configuration > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings General Settings...to use with a 3G card. Spaces are configuring for use one in the ZyWALL. Chapter 11 Interfaces The following table describes the labels in this if the connection should always be able to manually input the APN (Access Point Name) provided by your 3G card if you ...
User Guide
Page 246
...not know what to select, check with this priority. Select GPRS / EDGE (GSM) only to which you are originally subscribed. You may want to manually specify the type of network to use a 2.5G or 2.75G network (respectively). Select Auto (Default) to allow the 3G device to connect to ...charged differently for the user account of network to the home network. Home network is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Select this so the ZyWALL does not spend time looking for your region. Select Home to have this interface only use based on this entry...
...not know what to select, check with this priority. Select GPRS / EDGE (GSM) only to which you are originally subscribed. You may want to manually specify the type of network to use a 2.5G or 2.75G network (respectively). Select Auto (Default) to allow the 3G device to connect to ...charged differently for the user account of network to the home network. Home network is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Select this so the ZyWALL does not spend time looking for your region. Select Home to have this interface only use based on this entry...
User Guide
Page 261
...extension of the EAP-TLS authentication that you can configure the "default" authentication method object, but it's default configuration uses the ZyWALL's local database for only the server-side authentications to Auth Method. Chapter 11 Interfaces Figure 172 Configuration > Network > Interface ...displays if you set the Authentication Type field to manually specify a RADIUS server's settings in dotted decimal notation. Select the certificate the ZyWALL uses to authenticate itself to create authentication method objects. ZyWALL USG 20/20W User's Guide 261 Select Auth Server to be...
...extension of the EAP-TLS authentication that you can configure the "default" authentication method object, but it's default configuration uses the ZyWALL's local database for only the server-side authentications to Auth Method. Chapter 11 Interfaces Figure 172 Configuration > Network > Interface ...displays if you set the Authentication Type field to manually specify a RADIUS server's settings in dotted decimal notation. Select the certificate the ZyWALL uses to authenticate itself to create authentication method objects. ZyWALL USG 20/20W User's Guide 261 Select Auth Server to be...
User Guide
Page 269
...the following table. Gateway Enter the subnet mask of the IP address is enabled if you are reserved.) Enter a description of configuration fields. ZyWALL USG 20/20W User's Guide 269 Clear this to disable this case, the DHCP server configures the IP address, subnet mask, and gateway automatically. ...VLAN ID. It is a DHCP client. This field is enabled if you want to specify the IP address, subnet mask, and gateway manually. You can configure on which the VLAN interface belongs. The subnet mask indicates what part of this interface. Enter the IP address of the...
...the following table. Gateway Enter the subnet mask of the IP address is enabled if you are reserved.) Enter a description of configuration fields. ZyWALL USG 20/20W User's Guide 269 Clear this to disable this case, the DHCP server configures the IP address, subnet mask, and gateway automatically. ...VLAN ID. It is a DHCP client. This field is enabled if you want to specify the IP address, subnet mask, and gateway manually. You can configure on which the VLAN interface belongs. The subnet mask indicates what part of this interface. Enter the IP address of the...