User Guide
Page 15
... IPSec Monitor Screen 196 9.12.1 Regular Expressions in Searching IPSec SAs 198 9.13 The SSL Connection Monitor Screen 198 9.14 The Content Filter Statistics Screen 200 9.15 Content Filter Cache Screen 202 9.16 The Anti-Spam Statistics Screen 204 9.17 The Anti-Spam Status Screen 206 9.18 Log Screen ...207 Chapter... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
... IPSec Monitor Screen 196 9.12.1 Regular Expressions in Searching IPSec SAs 198 9.13 The SSL Connection Monitor Screen 198 9.14 The Content Filter Statistics Screen 200 9.15 Content Filter Cache Screen 202 9.16 The Anti-Spam Statistics Screen 204 9.17 The Anti-Spam Status Screen 206 9.18 Log Screen ...207 Chapter... ...214 Chapter 11 Interfaces ...217 11.1 Interface Overview ...217 11.1.1 What You Can Do in this Chapter 217 11.1.2 What You Need to Know 218 ZyWALL USG 20/20W User's Guide 15
User Guide
Page 102
... New Policy. MENU ITEM(S) Configuration > BWM PREREQUISITES Zones Examples: Suppose you want to give a user named Bob FTP access but with a limited download speed of 200 kbps from LAN (FTP client) to WAN (FTP server). 1 Create user account for Bill if you created for Bob. 3 Select from LAN zone to WAN... traffic and protocol anomalies. You can access what content and at what times. You must have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide
... New Policy. MENU ITEM(S) Configuration > BWM PREREQUISITES Zones Examples: Suppose you want to give a user named Bob FTP access but with a limited download speed of 200 kbps from LAN (FTP client) to WAN (FTP server). 1 Create user account for Bill if you created for Bob. 3 Select from LAN zone to WAN... traffic and protocol anomalies. You can access what content and at what times. You must have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide
User Guide
Page 120
...) Yes 100K Yes (M-F, 08:30~18:00) Boss (Andy) Yes 100K Yes Guest (guest) Yes 50K No Others No --- Click the Add icon. 120 ZyWALL USG 20/20W User's Guide This is possible to export user names from the RADIUS server to a text file, then you will set up the policies in... ZyWALL has its default settings. 7.5.1 Set Up User Accounts Set up user authentication using the RADIUS server. See Bandwidth Management on page 445 for more on bandwidth management. No LAN1-TODMZ ACCESS Yes No Yes Yes No No The users are authenticated by an external RADIUS server at 192.168.1.200...
...) Yes 100K Yes (M-F, 08:30~18:00) Boss (Andy) Yes 100K Yes Guest (guest) Yes 50K No Others No --- Click the Add icon. 120 ZyWALL USG 20/20W User's Guide This is possible to export user names from the RADIUS server to a text file, then you will set up the policies in... ZyWALL has its default settings. 7.5.1 Set Up User Accounts Set up user authentication using the RADIUS server. See Bandwidth Management on page 445 for more on bandwidth management. No LAN1-TODMZ ACCESS Yes No Yes Yes No No The users are authenticated by an external RADIUS server at 192.168.1.200...
User Guide
Page 178
...you can also log out individual users and delete related session information. • Use the Anti-X Statistics > Content Filter screen (Section 9.14 on page 200) to start or stop data collection and view content filter statistics. • Use the Anti-X Statistics > Content Filter > Cache screen (Section 9.15 on.... 9.2 The Port Statistics Screen Use this screen, click Monitor > System Status > Port Statistics. Figure 135 Monitor > System Status > Port Statistics 178 ZyWALL USG 20/20W User's Guide To access this screen to list the users currently logged into the VPN SSL client portal.
...you can also log out individual users and delete related session information. • Use the Anti-X Statistics > Content Filter screen (Section 9.14 on page 200) to start or stop data collection and view content filter statistics. • Use the Anti-X Statistics > Content Filter > Cache screen (Section 9.15 on.... 9.2 The Port Statistics Screen Use this screen, click Monitor > System Status > Port Statistics. Figure 135 Monitor > System Status > Port Statistics 178 ZyWALL USG 20/20W User's Guide To access this screen to list the users currently logged into the VPN SSL client portal.
User Guide
Page 200
... save your changes back to its last-saved settings. ZyWALL USG 20/20W User's Guide This screen displays content filter statistics. All of the statistics are for the time period starting time displays after you restart the ZyWALL or click Flush Data. All of the statistics in ...Filter Statistics Screen Click Monitor > Anti-X Statistics > Content Filter to update the report display. Figure 149 Monitor > Anti-X Statistics > Content Filter 200 The following screen. The format is year, month, day and hour, minute, second. Collecting starts over and a new collection start time displays. ...
... save your changes back to its last-saved settings. ZyWALL USG 20/20W User's Guide This screen displays content filter statistics. All of the statistics are for the time period starting time displays after you restart the ZyWALL or click Flush Data. All of the statistics in ...Filter Statistics Screen Click Monitor > Anti-X Statistics > Content Filter to update the report display. Figure 149 Monitor > Anti-X Statistics > Content Filter 200 The following screen. The format is year, month, day and hour, minute, second. Collecting starts over and a new collection start time displays. ...
User Guide
Page 284
Allowed values are 0 - 1048576. Ingress Bandwidth OK Cancel This is always 255.255.255.255 284 ZyWALL USG 20/20W User's Guide Enter the maximum amount of traffic, in the routing table. IP Address Assignment Most interfaces have an IP address... PPPoE/PPTP interfaces, however, the subnet mask is reserved for Interfaces IP ADDRESS(ES) DESTINATION 100.100.1.1/16 lan1 200.200.200.1/24 wan1 For example, if the ZyWALL gets a packet with a destination address of 200.200.200.200, it routes the packet to interface lan1. Figure 181 Example: Entry in kilobits per second, the...
Allowed values are 0 - 1048576. Ingress Bandwidth OK Cancel This is always 255.255.255.255 284 ZyWALL USG 20/20W User's Guide Enter the maximum amount of traffic, in the routing table. IP Address Assignment Most interfaces have an IP address... PPPoE/PPTP interfaces, however, the subnet mask is reserved for Interfaces IP ADDRESS(ES) DESTINATION 100.100.1.1/16 lan1 200.200.200.1/24 wan1 For example, if the ZyWALL gets a packet with a destination address of 200.200.200.200, it routes the packet to interface lan1. Figure 181 Example: Entry in kilobits per second, the...
User Guide
Page 285
.... In this case, the interface is a DHCP client. Table 74 Example: Routing Table Entry for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.10 0 The gateway is an optional setting for the interface by an external DHCP server on ge2. In PPPoE/PPTP interfaces, the other computer... however, cannot be assigned by default. Interface Parameters The ZyWALL restricts the amount of traffic into and out of the ZyWALL through each interface. If the interface gets its IP address and subnet mask from the network.1 1. ZyWALL USG 20/20W User's Guide 285 In this packet, you can ...
.... In this case, the interface is a DHCP client. Table 74 Example: Routing Table Entry for a Gateway IP ADDRESS(ES) DESTINATION 0.0.0.0/0 200.200.200.10 0 The gateway is an optional setting for the interface by an external DHCP server on ge2. In PPPoE/PPTP interfaces, the other computer... however, cannot be assigned by default. Interface Parameters The ZyWALL restricts the amount of traffic into and out of the ZyWALL through each interface. If the interface gets its IP address and subnet mask from the network.1 1. ZyWALL USG 20/20W User's Guide 285 In this packet, you can ...
User Guide
Page 287
... do not specify the starting address or the pool size, the interface the maximum range of NetBIOS Name Server (NBNS) on page 284. • Gateway - ZyWALL USG 20/20W User's Guide 287 See IP Address Assignment on Windows. WINS WINS (Windows Internet Naming Service) is similar to be the DHCP server and a DHCP... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The...
... do not specify the starting address or the pool size, the interface the maximum range of NetBIOS Name Server (NBNS) on page 284. • Gateway - ZyWALL USG 20/20W User's Guide 287 See IP Address Assignment on Windows. WINS WINS (Windows Internet Naming Service) is similar to be the DHCP server and a DHCP... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The...
User Guide
Page 332
...dimmed when the entry is the number of all DDNS domain names and their configuration. ZyWALL USG 20/20W User's Guide Table 92 Configuration > Network > DDNS LABEL DESCRIPTION Add Edit Remove ...traffic accordingly. Domain Name This field displays each domain name the ZyWALL can modify the entry's settings. After, you configure the ZyWALL, it and click Activate. To turn off an entry, ... remove an entry, select it and click Inactivate. # This is inactive. The ZyWALL confirms you to configure the ZyWALL. Finding Out More See Section 6.5.8 on these screens. 16.2 The DDNS Screen ...
...dimmed when the entry is the number of all DDNS domain names and their configuration. ZyWALL USG 20/20W User's Guide Table 92 Configuration > Network > DDNS LABEL DESCRIPTION Add Edit Remove ...traffic accordingly. Domain Name This field displays each domain name the ZyWALL can modify the entry's settings. After, you configure the ZyWALL, it and click Activate. To turn off an entry, ... remove an entry, select it and click Inactivate. # This is inactive. The ZyWALL confirms you to configure the ZyWALL. Finding Out More See Section 6.5.8 on these screens. 16.2 The DDNS Screen ...
User Guide
Page 455
...more bandwidth and have maximize bandwidth usage enabled. Figure 279 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Outbound 200 kbps Inbound 500 kbps Bandwidth Management Priority • The ZyWALL gives bandwidth to "borrow" any unused bandwidth on the out-going interface's bandwidth...bandwidth management disabled as priority 7 (the lowest priority). ZyWALL USG 20/20W User's Guide 455 The connection initiator is limited to divide any unused bandwidth on the out-going interface. based scheduler to 200 kbps. Chapter 28 Bandwidth Management Outbound and Inbound Bandwidth ...
...more bandwidth and have maximize bandwidth usage enabled. Figure 279 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Outbound 200 kbps Inbound 500 kbps Bandwidth Management Priority • The ZyWALL gives bandwidth to "borrow" any unused bandwidth on the out-going interface's bandwidth...bandwidth management disabled as priority 7 (the lowest priority). ZyWALL USG 20/20W User's Guide 455 The connection initiator is limited to divide any unused bandwidth on the out-going interface. based scheduler to 200 kbps. Chapter 28 Bandwidth Management Outbound and Inbound Bandwidth ...
User Guide
Page 456
... traffic. You configure policy A for server A's traffic and policy B for FTP servers A and B. U. B. Yes Yes PRIORITY ACTUAL RATE 1 800 kbps 2 200 kbps 456 ZyWALL USG 20/20W User's Guide Each server tries to send 1000 kbps, but the WAN is set to it's configured rate (800 kbps), leaving only... 200 kbps for server B. B. Because server A has higher priority, it gets up to a maximum outgoing speed of the unused bandwidth. ...
... traffic. You configure policy A for server A's traffic and policy B for FTP servers A and B. U. B. Yes Yes PRIORITY ACTUAL RATE 1 800 kbps 2 200 kbps 456 ZyWALL USG 20/20W User's Guide Each server tries to send 1000 kbps, but the WAN is set to it's configured rate (800 kbps), leaving only... 200 kbps for server B. B. Because server A has higher priority, it gets up to a maximum outgoing speed of the unused bandwidth. ...
User Guide
Page 457
... two. PRIORITY ACTUAL RATE A 300 kbps Yes 1 550 kbps B 200 kbps Yes 2 450 kbps Priority and Over Allotment of Bandwidth Effect Server A has a configured rate that equals the total amount of 450 kbps. ZyWALL USG 20/20W User's Guide 457 Server B gets its priority, server B gets... almost no effect on page 299 for limited bandwidth. U. Even though the ZyWALL still attempts to an ADSL device with this configuration. For example...
... two. PRIORITY ACTUAL RATE A 300 kbps Yes 1 550 kbps B 200 kbps Yes 2 450 kbps Priority and Over Allotment of Bandwidth Effect Server A has a configured rate that equals the total amount of 450 kbps. ZyWALL USG 20/20W User's Guide 457 Server B gets its priority, server B gets... almost no effect on page 299 for limited bandwidth. U. Even though the ZyWALL still attempts to an ADSL device with this configuration. For example...
User Guide
Page 458
...traffic from the WAN to the DMZ must be the lowest priority and limited so it is also limited to 200 kbps. U. Chapter 28 Bandwidth Management Here is limited to 200 kbps. U. 28.1.3.1 Setting the Interface's Bandwidth Use the interface screens to set the WAN zone interface's upstream... 1 Gbps connections, but it must be equal to (or slightly less than) what the rules need to LAN or DMZ. 458 ZyWALL USG 20/20W User's Guide B. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to WAN Outbound: 100 Kbps Inbound: 500 Kbps ...
...traffic from the WAN to the DMZ must be the lowest priority and limited so it is also limited to 200 kbps. U. Chapter 28 Bandwidth Management Here is limited to 200 kbps. U. 28.1.3.1 Setting the Interface's Bandwidth Use the interface screens to set the WAN zone interface's upstream... 1 Gbps connections, but it must be equal to (or slightly less than) what the rules need to LAN or DMZ. 458 ZyWALL USG 20/20W User's Guide B. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to WAN Outbound: 100 Kbps Inbound: 500 Kbps ...
User Guide
Page 459
...directions reversed (WAN to Any instead of Any to WAN). 28.1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 20/20W User's Guide 459 Chapter 28 Bandwidth Management • Enable maximize bandwidth usage so the SIP traffic can borrow unused... bandwidth. Figure 282 SIP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 28.1.3.3 SIP WAN ...
...directions reversed (WAN to Any instead of Any to WAN). 28.1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 20/20W User's Guide 459 Chapter 28 Bandwidth Management • Enable maximize bandwidth usage so the SIP traffic can borrow unused... bandwidth. Figure 282 SIP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 28.1.3.3 SIP WAN ...
User Guide
Page 647
...the labels in the Service Control table to access the ZyWALL Web Configurator using secure HTTPs connections. ZyWALL USG 20/20W User's Guide 647 Chapter 43 System Note: Admin Service Control deals with management access (to the ZyWALL (logging into SSL VPN for example). User Service ...Control deals with the IP address that matches the IP address(es) in this screen. Table 200 Configuration >...
...the labels in the Service Control table to access the ZyWALL Web Configurator using secure HTTPs connections. ZyWALL USG 20/20W User's Guide 647 Chapter 43 System Note: Admin Service Control deals with management access (to the ZyWALL (logging into SSL VPN for example). User Service ...Control deals with the IP address that matches the IP address(es) in this screen. Table 200 Configuration >...
User Guide
Page 648
... client. Add Edit Remove Move # User Service Control specifies from which the administrators can access the ZyWALL zone(s) configured in the Zone field (Accept) or not (Deny). 648 ZyWALL USG 20/20W User's Guide You can also specify the IP addresses from which zones an administrator can use... entry or select it before doing so. If you want to put it and click Remove. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Server Port Authenticate Client Certificates Server Certificate Redirect HTTP to modify the entry's...
... client. Add Edit Remove Move # User Service Control specifies from which the administrators can access the ZyWALL zone(s) configured in the Zone field (Accept) or not (Deny). 648 ZyWALL USG 20/20W User's Guide You can also specify the IP addresses from which zones an administrator can use... entry or select it before doing so. If you want to put it and click Remove. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Server Port Authenticate Client Certificates Server Certificate Redirect HTTP to modify the entry's...
User Guide
Page 649
...is allowed or denied to the number that you want to use HTTP to access the ZyWALL. Select a method the HTTPS or HTTP server uses to modify the entry's settings. ZyWALL USG 20/20W User's Guide 649 You can also specify the IP addresses from which zones an ... a number is not an editable rule. Click this action. Select an entry and click Add to access the ZyWALL Web Configurator using the Web Configurator). Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION HTTP Enable Server Port Admin/User Service Control...
...is allowed or denied to the number that you want to use HTTP to access the ZyWALL. Select a method the HTTPS or HTTP server uses to modify the entry's settings. ZyWALL USG 20/20W User's Guide 649 You can also specify the IP addresses from which zones an ... a number is not an editable rule. Click this action. Select an entry and click Add to access the ZyWALL Web Configurator using the Web Configurator). Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION HTTP Enable Server Port Admin/User Service Control...
User Guide
Page 650
...user's access to add a service control rule. You can 650 ZyWALL USG 20/20W User's Guide Action OK Cancel Select a predefined ZyWALL zone on which a incoming service is allowed or denied. Select Accept to access the ZyWALL using this service. Select ALL to allow or deny the computer.... Figure 379 Configuration > System > Service Control Rule > Edit The following table describes the labels in this service. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Apply Reset Click Apply to save your changes back to use in this ...
...user's access to add a service control rule. You can 650 ZyWALL USG 20/20W User's Guide Action OK Cancel Select a predefined ZyWALL zone on which a incoming service is allowed or denied. Select Accept to access the ZyWALL using this service. Select ALL to allow or deny the computer.... Figure 379 Configuration > System > Service Control Rule > Edit The following table describes the labels in this service. Chapter 43 System Table 200 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Apply Reset Click Apply to save your changes back to use in this ...
User Guide
Page 742
... to interface limit 1000 500 500 64 5 16 64 100 25 64 200 742 ZyWALL USG 20/20W User's Guide Chapter 51 Product Specifications This table gives details about the ZyWALL's features. Table 230 ZyWALL Feature Specifications FEATURE # of MAC Flash Size DRAM Size 5 (USG 20) 6 (USG 20W) 128 256 INTERFACE VLAN Virtual (alias) PPP (system default) PPP (user...
... to interface limit 1000 500 500 64 5 16 64 100 25 64 200 742 ZyWALL USG 20/20W User's Guide Chapter 51 Product Specifications This table gives details about the ZyWALL's features. Table 230 ZyWALL Feature Specifications FEATURE # of MAC Flash Size DRAM Size 5 (USG 20) 6 (USG 20W) 128 256 INTERFACE VLAN Virtual (alias) PPP (system default) PPP (user...
User Guide
Page 943
... managed web pages 498 message for blocked access 491 policies 487, 488 prerequisites 102 registration status 215, 492, 497 reports, see content filtering reports statistics 200 testing 507 trial service activation 213 uncategorized pages 498 unsafe web pages 498 URL for blocked access 491 content filtering reports 513 and registration 513... list 174 pool 287 static DHCP 287 diagnostics 705, 712 Diffie-Hellman key group 417 DiffServ 309 Digital Signature Algorithm public-key algorithm, see DSA ZyWALL USG 20/20W User's Guide 943
... managed web pages 498 message for blocked access 491 policies 487, 488 prerequisites 102 registration status 215, 492, 497 reports, see content filtering reports statistics 200 testing 507 trial service activation 213 uncategorized pages 498 unsafe web pages 498 URL for blocked access 491 content filtering reports 513 and registration 513... list 174 pool 287 static DHCP 287 diagnostics 705, 712 Diffie-Hellman key group 417 DiffServ 309 Digital Signature Algorithm public-key algorithm, see DSA ZyWALL USG 20/20W User's Guide 943