User Guide
Page 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
Contents Overview Contents Overview User's Guide ...27 Introducing the ZyWALL ...29 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...107 ...359 Authentication Policy ...365 Firewall ...373 IPSec VPN ...391 SSL VPN ...427 SSL User Screens ...437 SSL User Application Screens 447 ZyWALL SecuExtender ...449 Bandwidth Management ...453 ADP ...467 Content Filtering ...487 Content Filter Reports ...513 Anti-Spam ...521 User/Group ...539 Addresses ...555 Services ...561 ZyWALL USG 20/20W User's Guide 9
User Guide
Page 11
...Management Overview ...33 1.5 Starting and Stopping the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control... 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20...
...Management Overview ...33 1.5 Starting and Stopping the ZyWALL 34 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...39 2.2.2 SSL VPN Network Access 39 2.2.3 User-Aware Access Control... 41 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...46 3.3.2 Navigation Panel ...47 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 ZyWALL USG 20...
User Guide
Page 12
... 5.5.7 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W...
... 5.5.7 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 90 6.3 Terminology in the ZyWALL 91 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 12 ZyWALL USG 20/20W...
User Guide
Page 13
... DDNS ...98 6.5.9 NAT ...98 6.5.10 HTTP Redirect ...99 6.5.11 ALG ...100 6.5.12 Auth. Policy ...100 6.5.13 Firewall ...100 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104... Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
... DDNS ...98 6.5.9 NAT ...98 6.5.10 HTTP Redirect ...99 6.5.11 ALG ...100 6.5.12 Auth. Policy ...100 6.5.13 Firewall ...100 6.5.14 IPSec VPN ...101 6.5.15 SSL VPN ...101 6.5.16 Bandwidth Management 102 6.5.17 ADP ...102 6.5.18 Content Filter ...102 6.5.19 Anti-Spam ...103 6.6 Objects ...103 6.6.1 User/Group ...104... Bandwidth on Ethernet Interfaces 113 7.3.2 Configure the WAN Trunk 114 7.4 How to Set Up an IPSec VPN Tunnel 116 7.4.1 Set Up the VPN Gateway 117 7.4.2 Set Up the VPN Connection 118 7.4.3 Configure Security Policies for the VPN Tunnel 119 ZyWALL USG 20/20W User's Guide 13
User Guide
Page 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
Table of Contents 8.2.3 The Active Sessions Screen 173 8.2.4 The VPN Status Screen 174 8.2.5 The DHCP Table Screen 174 8.2.6 The Number of Login Users Screen 175 Chapter 9 Monitor...177 9.1 Overview ...177 9.1.1 What You Can Do in ... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 18
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
... 19.3 ALG Technical Reference 357 Chapter 20 IP/MAC Binding ...359 20.1 IP/MAC Binding Overview 359 20.1.1 What You Can Do in this Chapter 359 20.1.2 What You Need to Know 360 20.2 IP/MAC Binding Summary 360 20.2.1 IP/MAC Binding Edit 361 20.2.2 Static DHCP Edit ...362 20.3 IP/MAC Binding Exempt List 363 Chapter... 382 22.2.2 The Firewall Add/Edit Screen 385 22.3 The Session Limit Screen 386 22.3.1 The Session Limit Add/Edit Screen 388 Chapter 23 IPSec VPN...391 18 ZyWALL USG 20/20W User's Guide
User Guide
Page 19
... You Need to Know 437 25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application ...Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20...
... You Need to Know 437 25.2 Remote User Login ...438 25.3 The SSL VPN User Screens 443 25.4 Bookmarking the ZyWALL 444 25.5 Logging Out of the SSL VPN User Screens 444 Chapter 26 SSL User Application Screens 447 26.1 SSL User Application ...Screens Overview 447 26.2 The Application Screen 447 Chapter 27 ZyWALL SecuExtender...449 27.1 The ZyWALL SecuExtender Icon 449 27.2 Statistics ...450 27.3 View Log ...451 27.4 Suspend and Resume the Connection 451 27.5 Stop the Connection ...452 ZyWALL USG 20...
User Guide
Page 22
... You Can Do in this Chapter 583 38.1.2 Before You Begin 583 38.1.3 Example: Selecting a VPN Authentication Method 583 38.2 Authentication Method Objects 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
... You Can Do in this Chapter 583 38.1.2 Before You Begin 583 38.1.3 Example: Selecting a VPN Authentication Method 583 38.2 Authentication Method Objects 584 38.2.1 Creating an Authentication Method Object 585 Chapter 39 Certificates ...589 39.1 Overview ...589 39.1.1 What You Can Do in this Chapter 589 22 ZyWALL USG 20/20W User's Guide
User Guide
Page 29
... in an existing network with the reliability of the ZyWALL's features. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. See Chapter 2 on page 37 for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. ZyWALL USG 20/20W User's Guide 29 The DeMilitarized Zone (DMZ...
... in an existing network with the reliability of the ZyWALL's features. The ZyWALL's security features include VPN, firewall, content filtering, ADP (Anomaly Detection and Protection), and certificates. See Chapter 2 on page 37 for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. ZyWALL USG 20/20W User's Guide 29 The DeMilitarized Zone (DMZ...
User Guide
Page 37
..., set up one or more of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The rest...
..., set up one or more of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewallcontent filtering, ADP (Anomaly Detection and Protection), and certificates. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. You can create your own custom zones. ZyWALL USG 20/20W User's Guide 37 The rest...
User Guide
Page 39
... with other companies, branch offices, telecommuters, and business travelers to provide secure access to your ZyWALL. See also Chapter 7 on page 107 for your network. You can configure the ZyWALL to provide SSL VPN network access to remote users. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications...
... with other companies, branch offices, telecommuters, and business travelers to provide secure access to your ZyWALL. See also Chapter 7 on page 107 for your network. You can configure the ZyWALL to provide SSL VPN network access to remote users. ZyWALL USG 20/20W User's Guide 39 Chapter 2 Features and Applications 2.2 Applications These are some example applications...
User Guide
Page 48
... information. DDNS Status Displays the status of the ZyWALL's wireless clients. Cellular Status Displays details about the ZyWALL's 3G connection status. Login Users Lists the users currently logged into the VPN SSL client portal. Service View the licensed service status and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Table 6 Monitor Menu Screens Summary...
... information. DDNS Status Displays the status of the ZyWALL's wireless clients. Cellular Status Displays details about the ZyWALL's 3G connection status. Login Users Lists the users currently logged into the VPN SSL client portal. Service View the licensed service status and upgrade licensed services. 48 ZyWALL USG 20/20W User's Guide Table 6 Monitor Menu Screens Summary...
User Guide
Page 49
...devices connected to force user authentication. Policy Define rules to each supported interface. VPN Gateway Configure IKE tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to which the ZyWALL does not apply IP/MAC binding. VLAN Create and manage VLAN interfaces and... screen to define various policies. Zone Configure zones used to set the ZyWALL's flexible ports as LAN1 or DMZ. Auth. ZyWALL USG 20/20W User's Guide 49 SSL VPN Access Privilege Configure SSL VPN access rights for an installed 3G card. HTTP Redirect Set up and manage...
...devices connected to force user authentication. Policy Define rules to each supported interface. VPN Gateway Configure IKE tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to which the ZyWALL does not apply IP/MAC binding. VLAN Create and manage VLAN interfaces and... screen to define various policies. Zone Configure zones used to set the ZyWALL's flexible ports as LAN1 or DMZ. Auth. ZyWALL USG 20/20W User's Guide 49 SSL VPN Access Privilege Configure SSL VPN access rights for an installed 3G card. HTTP Redirect Set up and manage...
User Guide
Page 61
... the field as the IP Address Assignment in the order you can be up to resolve domain names for VPN, DDNS and the time server. Options are: ZyWALL USG 20/20W User's Guide 61 The ZyWALL uses these (in the previous screen. Figure 26 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service...
... the field as the IP Address Assignment in the order you can be up to resolve domain names for VPN, DDNS and the time server. Options are: ZyWALL USG 20/20W User's Guide 61 The ZyWALL uses these (in the previous screen. Figure 26 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service...
User Guide
Page 62
... to resolve domain names for VPN, DDNS and the time server. Enter a DNS server's IP address(es). Leave the field as the IP Address Assignment in seconds that elapses before you can be up to time out. This field can access it . 62 ZyWALL USG 20/20W User's Guide Your ZyWALL accepts MSCHAP-V2 only...
... to resolve domain names for VPN, DDNS and the time server. Enter a DNS server's IP address(es). Leave the field as the IP Address Assignment in seconds that elapses before you can be up to time out. This field can access it . 62 ZyWALL USG 20/20W User's Guide Your ZyWALL accepts MSCHAP-V2 only...
User Guide
Page 64
Chapter 4 Installation Setup Wizard • Select Nailed-Up if you do not want the connection to resolve domain names for VPN, DDNS and the time server. This field is optional and depends on the requirements of a computer before the router automatically disconnects from the PPTP server...) assigned to you by your ISP. • Type the IP Subnet Mask assigned to you do not want to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you must follow the "c:id" and "n:...
Chapter 4 Installation Setup Wizard • Select Nailed-Up if you do not want the connection to resolve domain names for VPN, DDNS and the time server. This field is optional and depends on the requirements of a computer before the router automatically disconnects from the PPTP server...) assigned to you by your ISP. • Type the IP Subnet Mask assigned to you do not want to configure DNS servers. 64 ZyWALL USG 20/20W User's Guide The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you must follow the "c:id" and "n:...
User Guide
Page 69
... 31 Quick Setup • WAN Interface Click this User's Guide for a secure connection to set up a WAN (Internet) connection. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or ...the feature-specific chapters in this link to open the first Quick Setup screen. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator. In the ...
... 31 Quick Setup • WAN Interface Click this User's Guide for a secure connection to set up a WAN (Internet) connection. ZyWALL USG 20/20W User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or ...the feature-specific chapters in this link to open the first Quick Setup screen. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. This wizard creates matching ISP account settings in the Web Configurator. In the ...
User Guide
Page 74
... DNS server (in order to the previous screen. The DNS server is read-only and only appears for VPN, DDNS and the time server. It displays the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First...
... DNS server (in order to the previous screen. The DNS server is read-only and only appears for VPN, DDNS and the time server. It displays the IP address of the PPTP server. 74 ZyWALL USG 20/20W User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First...
User Guide
Page 75
Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 If you by your ISP. If the IP Address Assignment is static or dynamic (Auto). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to open the VPN Setup Wizard ... Setup Click VPN Setup in configuring more VPN connections or other features. This identifies the interface you can be idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. Yes means the ZyWALL uses the idle timeout. Click Next. If No displays ...
Figure 38 VPN Quick Setup Wizard ZyWALL USG 20/20W User's Guide 75 If you by your ISP. If the IP Address Assignment is static or dynamic (Auto). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you configure to open the VPN Setup Wizard ... Setup Click VPN Setup in configuring more VPN connections or other features. This identifies the interface you can be idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. Yes means the ZyWALL uses the idle timeout. Click Next. If No displays ...
User Guide
Page 76
... want to configure. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 20/20W User's Guide Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. Figure 39 VPN Setup Wizard: Wizard Type Express: Use this...
... want to configure. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 20/20W User's Guide Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. Figure 39 VPN Setup Wizard: Wizard Type Express: Use this...