User Guide
Page 3
...User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL. Read each chapter carefully for detailed information on that menu item. • To find the information you use the Web Configurator to use the Command-Line Interface (CLI) to configure the ZyWALL...Configurator. Note: It is recommended you require. ZyWALL USG 20/20W User's Guide 3 How To Use This Guide • Read Chapter 1 on page 107 for an overview of Contents, the Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find specific information ...
...User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL. Read each chapter carefully for detailed information on that menu item. • To find the information you use the Web Configurator to use the Command-Line Interface (CLI) to configure the ZyWALL...Configurator. Note: It is recommended you require. ZyWALL USG 20/20W User's Guide 3 How To Use This Guide • Read Chapter 1 on page 107 for an overview of Contents, the Index, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find specific information ...
User Guide
Page 5
... the problem and the steps you bought the device. About This User's Guide • Forum This contains discussions on ZyXEL products. Every effort has been made to ensure that the information in which you took to differences in this manual is accurate. ZyWALL USG 20/20W User's Guide 5 Learn from the product due to solve it. If...
... the problem and the steps you bought the device. About This User's Guide • Forum This contains discussions on ZyXEL products. Every effort has been made to ensure that the information in which you took to differences in this manual is accurate. ZyWALL USG 20/20W User's Guide 5 Learn from the product due to solve it. If...
User Guide
Page 19
...The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN ...User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User...
...The VPN Connection Screen 394 23.2.1 The VPN Connection Add/Edit (IKE) Screen 396 23.2.2 The VPN Connection Add/Edit Manual Key Screen 403 23.3 The VPN Gateway Screen 406 23.3.1 The VPN Gateway Add/Edit Screen 407 23.4 IPSec VPN ...User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20/20W User...
User Guide
Page 35
... using the shutdown command writes all cached data to shut down and then manually turn off or remove the power. Disconnecting the power Power off occurs when you may temporarily lose access to the ZyWALL. ZyWALL USG 20/20W User's Guide 35 The ZyWALL does not stop the system processes or write cached data to local storage...
... using the shutdown command writes all cached data to shut down and then manually turn off or remove the power. Disconnecting the power Power off occurs when you may temporarily lose access to the ZyWALL. ZyWALL USG 20/20W User's Guide 35 The ZyWALL does not stop the system processes or write cached data to local storage...
User Guide
Page 184
...back to its last-saved settings. You can click the Refresh button to start and when to have to update it manually in the report. you can collect information from which to the right. Figure 138 Monitor > System Status > Traffic ...ZyWALL when to start and stop collecting information for these reports. You cannot schedule data collection; If the ZyWALL has already been collecting data, the collection period displays to collect information. Statistics Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User...
...back to its last-saved settings. You can click the Refresh button to start and when to have to update it manually in the report. you can collect information from which to the right. Figure 138 Monitor > System Status > Traffic ...ZyWALL when to start and stop collecting information for these reports. You cannot schedule data collection; If the ZyWALL has already been collecting data, the collection period displays to collect information. Statistics Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 184 ZyWALL USG 20/20W User...
User Guide
Page 196
...this screen, click Monitor > VPN Monitor > IPSec. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide Deactivated - the available disk space is less than the disk space full threshold (see Section 43.2 on the ZyWALL. Removing - no USB storage device is a basic description of the type of the ... USB storage device is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . you can remove it . the connected USB storage device was manually unmounted by the ZyWALL. Click Use It to manage active IPSec SAs. This button is grayed out if ...
...this screen, click Monitor > VPN Monitor > IPSec. Chapter 9 Monitor The following 196 ZyWALL USG 20/20W User's Guide Deactivated - the available disk space is less than the disk space full threshold (see Section 43.2 on the ZyWALL. Removing - no USB storage device is a basic description of the type of the ... USB storage device is disabled (turned off) on page 630 for some reason the ZyWALL cannot mount it . you can remove it . the connected USB storage device was manually unmounted by the ZyWALL. Click Use It to manage active IPSec SAs. This button is grayed out if ...
User Guide
Page 197
... the information you want to find it . See Section 9.12.1 on page 198 for more details. This field displays N/A if the IPSec SA uses manual keys. ZyWALL USG 20/20W User's Guide 197 Total Connection This field displays the total number of entries. Use up to reverse the sort order. Search Click this IPSec SA...
... the information you want to find it . See Section 9.12.1 on page 198 for more details. This field displays N/A if the IPSec SA uses manual keys. ZyWALL USG 20/20W User's Guide 197 Total Connection This field displays the total number of entries. Use up to reverse the sort order. Search Click this IPSec SA...
User Guide
Page 198
...example, with "abc*123", any type) of characters in front of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide Click Monitor > VPN Monitor > SSL to do not use a question mark or asterisk. 9.13 The SSL Connection...amount of a VPN connection or policy name has the ZyWALL check the beginning and end and ignore the middle. A VPN connection or policy name named "testacc" for example would match. This field displays N/A if the IPSec SA uses manual keys. Chapter 9 Monitor Table 38 Monitor > VPN Monitor...
...example, with "abc*123", any type) of characters in front of active SSL VPN connections. • Log out individual users and delete related session information. 198 ZyWALL USG 20/20W User's Guide Click Monitor > VPN Monitor > SSL to do not use a question mark or asterisk. 9.13 The SSL Connection...amount of a VPN connection or policy name has the ZyWALL check the beginning and end and ignore the middle. A VPN connection or policy name named "testacc" for example would match. This field displays N/A if the IPSec SA uses manual keys. Chapter 9 Monitor Table 38 Monitor > VPN Monitor...
User Guide
Page 203
... time to live (TTL) (1 to clear all web site addresses from the cache manually. URL This is the index number of minutes left before the blocked URLs. ZyWALL USG 20/20W User's Guide 203 This is a web site's address that the ZyWALL previously checked with the external content filtering database. Click this limit higher will speed...
... time to live (TTL) (1 to clear all web site addresses from the cache manually. URL This is the index number of minutes left before the blocked URLs. ZyWALL USG 20/20W User's Guide 203 This is a web site's address that the ZyWALL previously checked with the external content filtering database. Click this limit higher will speed...
User Guide
Page 227
... to belong. MAC Address This field is read -only. This option appears when Interface Properties is to a local network. The ZyWALL automatically adds this screen to change a related address object for this if you want to which this interface is External or General....and gateway manually. You can use alphanumeric characters, hyphens, and underscores, and it can be up to change the IP address of this IP address on the interface itself. This option appears when Interface Properties is for connecting to 11 characters long. ZyWALL USG 20/20W User's Guide...
... to belong. MAC Address This field is read -only. This option appears when Interface Properties is to a local network. The ZyWALL automatically adds this screen to change a related address object for this if you want to which this interface is External or General....and gateway manually. You can use alphanumeric characters, hyphens, and underscores, and it can be up to change the IP address of this IP address on the interface itself. This option appears when Interface Properties is for connecting to 11 characters long. ZyWALL USG 20/20W User's Guide...
User Guide
Page 230
...IP addresses and specific MAC addresses. Receive Version This field is effective when RIP is enabled. Choices are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide Remove Select an entry and click this to request the information again. RIP Setting See Section 14.2 on another device's MAC address. Direction...interface. This stops anyone else from the drop-down list box. Use this entry's MAC address. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. BiDir - This interface receives routing information. Out-Only -
...IP addresses and specific MAC addresses. Receive Version This field is effective when RIP is enabled. Choices are 1, 2, and 1 and 2. 230 ZyWALL USG 20/20W User's Guide Remove Select an entry and click this to request the information again. RIP Setting See Section 14.2 on another device's MAC address. Direction...interface. This stops anyone else from the drop-down list box. Use this entry's MAC address. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. BiDir - This interface receives routing information. Out-Only -
User Guide
Page 231
...field is effective when RIP is MD5. Select None to 16 characters long. use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can consist of another device or ...using a plain-text password Text Authentication Key MD5 Authentication ID MD5 Authentication Key MAC Address Setting MD5 - otherwise, the ZyWALL uses multicasting. Type the password for MD5 authentication. The ID can not be between 1 and 65,535) to identify itself. ZyWALL USG 20/20W User's Guide 231
...field is effective when RIP is MD5. Select None to 16 characters long. use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of alphanumeric characters and the underscore, and it can consist of another device or ...using a plain-text password Text Authentication Key MD5 Authentication ID MD5 Authentication Key MAC Address Setting MD5 - otherwise, the ZyWALL uses multicasting. Type the password for MD5 authentication. The ID can not be between 1 and 65,535) to identify itself. ZyWALL USG 20/20W User's Guide 231
User Guide
Page 234
...User Configuration PPP interfaces. See Section 11.3.2 on page 232 for a Dial-on an entry, select it before doing so. Add Click this screen, click Configuration > Network > Interface > PPP. Connect To connect an interface, select it is described in testing the interface orto manually... where you want to create a new user-configured PPP interface. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide Inactivate To turn on -Demand PPPoE...
...User Configuration PPP interfaces. See Section 11.3.2 on page 232 for a Dial-on an entry, select it before doing so. Add Click this screen, click Configuration > Network > Interface > PPP. Connect To connect an interface, select it is described in testing the interface orto manually... where you want to create a new user-configured PPP interface. Table 53 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 234 ZyWALL USG 20/20W User's Guide Inactivate To turn on -Demand PPPoE...
User Guide
Page 237
...server configures the IP address automatically. The dropdown box lists ISP accounts by name. Click Hide Advanced Settings to specify the IP address manually. In this PPPoE/PPTP interface uses. It is built. Protocol This field is read -only. Use Fixed IP Address Select this interface...the ZyWALL establish the PPPoE/PPTP connection only when there is blank if the ISP account uses PPTP. Use Create new Object if you want to display fewer settings. It displays the PPPoE service name specified in the following table. This field is traffic. ZyWALL USG 20/20W User's ...
...server configures the IP address automatically. The dropdown box lists ISP accounts by name. Click Hide Advanced Settings to specify the IP address manually. In this PPPoE/PPTP interface uses. It is built. Protocol This field is read -only. Use Fixed IP Address Select this interface...the ZyWALL establish the PPPoE/PPTP connection only when there is blank if the ISP account uses PPTP. Use Create new Object if you want to display fewer settings. It displays the PPPoE service name specified in the following table. This field is traffic. ZyWALL USG 20/20W User's ...
User Guide
Page 239
... the same channel and bandwidth is a digital, packet-switched wireless technology. Click OK to save your changes back to the ZyWALL. ZyWALL USG 20/20W User's Guide 239 Click Cancel to exit this interface. Note: The actual data rate you obtain varies depending on page 241). • You... signal strength to the service provider's base station, and so on. • (refer to Section 11.5.1 on the 3G card you can manually configure a policy route to associate traffic with this screen without saving. 11.5 Cellular Configuration Screen (3G) 3G (Third Generation) is only allocated to...
... the same channel and bandwidth is a digital, packet-switched wireless technology. Click OK to save your changes back to the ZyWALL. ZyWALL USG 20/20W User's Guide 239 Click Cancel to exit this interface. Note: The actual data rate you obtain varies depending on page 241). • You... signal strength to the service provider's base station, and so on. • (refer to Section 11.5.1 on the 3G card you can manually configure a policy route to associate traffic with this screen without saving. 11.5 Cellular Configuration Screen (3G) 3G (Third Generation) is only allocated to...
User Guide
Page 241
...describes the labels in this in testing the interface or to create a new cellular interface. This field displays the name of the interface. ZyWALL USG 20/20W User's Guide 241 To disconnect an interface, select it and click Edit to open a screen where you want to remove it and click Connect...is a sequential value, and it and click Remove. This field displays the profile of ISP settings that shows which settings use this to manually establish the connection. Click Apply to save your changes back to its last-saved settings. 11.5.1 Cellular Add/Edit Screen To change your ...
...describes the labels in this in testing the interface or to create a new cellular interface. This field displays the name of the interface. ZyWALL USG 20/20W User's Guide 241 To disconnect an interface, select it and click Edit to open a screen where you want to remove it and click Connect...is a sequential value, and it and click Remove. This field displays the profile of ISP settings that shows which settings use this to manually establish the connection. Click Apply to save your changes back to its last-saved settings. 11.5.1 Cellular Add/Edit Screen To change your ...
User Guide
Page 243
...configuring for use alphanumeric and characters, and it displays none. Select the zone to manually input the APN (Access Point Name) provided by your service provider. Select this to have the ZyWALL to configure your service provider. Clear this if the connection should always be able... the security settings the ZyWALL uses for the interface. Then select the profile (use one in this interface. Connections with a GSM or HSDPA 3G card. Select Device to use Profile 1 unless your 3G card if you to turn on this screen. ZyWALL USG 20/20W User's Guide 243 Select a...
...configuring for use alphanumeric and characters, and it displays none. Select the zone to manually input the APN (Access Point Name) provided by your service provider. Select this to have the ZyWALL to configure your service provider. Clear this if the connection should always be able... the security settings the ZyWALL uses for the interface. Then select the profile (use one in this interface. Connections with a GSM or HSDPA 3G card. Select Device to use Profile 1 unless your 3G card if you to turn on this screen. ZyWALL USG 20/20W User's Guide 243 Select a...
User Guide
Page 246
...was configured first. If you only have one that allows you want to select this so the ZyWALL does not spend time looking for the user account of card. Select Home to have the ZyWALL automatically detect the type of the installed 3G card. You can set a monthly limit for a...home network is down or another 3G base station's signal is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Metric Enter the priority of a different network. Select the type of network to manually specify the type of 3G service for your 3G connection. Home network is recommended if you...
...was configured first. If you only have one that allows you want to select this so the ZyWALL does not spend time looking for the user account of card. Select Home to have the ZyWALL automatically detect the type of the installed 3G card. You can set a monthly limit for a...home network is down or another 3G base station's signal is exceeded during the month. 246 ZyWALL USG 20/20W User's Guide Metric Enter the priority of a different network. Select the type of network to manually specify the type of 3G service for your 3G connection. Home network is recommended if you...
User Guide
Page 261
...method object that you select Authentication Method. See Chapter 38 on page 583 for only the server-side authentications to Auth Server. ZyWALL USG 20/20W User's Guide 261 Chapter 11 Interfaces Figure 172 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) The following... Select Auth Method to be able to create authentication method objects. The ZyWALL's default configuration also includes an authentication method object named "default" that uses certificates for how to manually specify a RADIUS server's settings in this screen instead of the external ...
...method object that you select Authentication Method. See Chapter 38 on page 583 for only the server-side authentications to Auth Server. ZyWALL USG 20/20W User's Guide 261 Chapter 11 Interfaces Figure 172 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) The following... Select Auth Method to be able to create authentication method objects. The ZyWALL's default configuration also includes an authentication method object named "default" that uses certificates for how to manually specify a RADIUS server's settings in this screen instead of the external ...
User Guide
Page 269
... to specify the IP address, subnet mask, and gateway manually. In this interface in the following table. Gateway Enter the subnet mask of configuration fields. The ZyWALL sends packets to the gateway when it can configure on the ZyWALL. You can use a number from 0~4094. Select the... it does not know how to route the packet to 60 characters long. This field is enabled if you select Use Fixed IP Address. ZyWALL USG 20/20W User's Guide 269 Clear this to turn this interface. Select this to disable this interface on . Table 66 Configuration > Network > Interface > ...
... to specify the IP address, subnet mask, and gateway manually. In this interface in the following table. Gateway Enter the subnet mask of configuration fields. The ZyWALL sends packets to the gateway when it can configure on the ZyWALL. You can use a number from 0~4094. Select the... it does not know how to route the packet to 60 characters long. This field is enabled if you select Use Fixed IP Address. ZyWALL USG 20/20W User's Guide 269 Clear this to turn this interface. Select this to disable this interface on . Table 66 Configuration > Network > Interface > ...