User Guide
Page 3
...@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL Web...Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. Note: It is recommended you read Chapter 7 on page 29 chapter for ZyWALL application examples. • Subsequent chapters are arranged by menu item as defined in the Web Configurator. ZyWALL USG 20/20W User's Guide 3
...@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL Web...Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. Note: It is recommended you read Chapter 7 on page 29 chapter for ZyWALL application examples. • Subsequent chapters are arranged by menu item as defined in the Web Configurator. ZyWALL USG 20/20W User's Guide 3
User Guide
Page 4
... and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to the following address, or use your product, the answer may be here. Thank ... is a collection of answers to use e-mail instead. This is available at www.zyxel.com. • Download Library Search for improvement to www.zyxel.com for additional support documentation and product certifications. About This User's Guide •.... • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide
... and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to the following address, or use your product, the answer may be here. Thank ... is a collection of answers to use e-mail instead. This is available at www.zyxel.com. • Download Library Search for improvement to www.zyxel.com for additional support documentation and product certifications. About This User's Guide •.... • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 20/20W User's Guide
User Guide
Page 5
.../contact_us.php for the region in this manual is accurate. About This User's Guide • Forum This contains discussions on ZyXEL products. Every effort has been made to ensure that you received your device. • Brief description of the problem and the... from others who use ZyXEL products and share your device. Customer Support Should problems arise that cannot be solved by the methods listed above, you bought the device. Disclaimer Graphics in which you should contact your vendor, then contact a ZyXEL office for contact information. ZyWALL USG 20/20W User's Guide 5...
.../contact_us.php for the region in this manual is accurate. About This User's Guide • Forum This contains discussions on ZyXEL products. Every effort has been made to ensure that you received your device. • Brief description of the problem and the... from others who use ZyXEL products and share your device. Customer Support Should problems arise that cannot be solved by the methods listed above, you bought the device. Disclaimer Graphics in which you should contact your vendor, then contact a ZyXEL office for contact information. ZyWALL USG 20/20W User's Guide 5...
User Guide
Page 150
... software if you how to have a wireless client (not included with the ZyWALL) use the wireless network. 7.13.3.1 Configure the ZyXEL Wireless Client Utility This example covers how to configure ZyXEL's wireless client utility (not included with the ZyWALL) to a rogue AP). 150 ZyWALL USG 20/20W User's Guide Figure 107 Configuration > Network > Interface > WLAN 7.13.3 Set...
... software if you how to have a wireless client (not included with the ZyWALL) use the wireless network. 7.13.3.1 Configure the ZyXEL Wireless Client Utility This example covers how to configure ZyXEL's wireless client utility (not included with the ZyWALL) to a rogue AP). 150 ZyWALL USG 20/20W User's Guide Figure 107 Configuration > Network > Interface > WLAN 7.13.3 Set...
User Guide
Page 151
Select Infrastructure and click Next. Figure 108 ZyXEL Wireless Client Chapter 7 Tutorials 2 Add a new profile. It is also the SSID (name) of the wireless network. 1 Open the wireless client utility and click Profile. This example uses "ZYXEL_WPA" as the name. Figure 109 ZyXEL Wireless Client > Profile ZyWALL USG 20/20W User's Guide 151
Select Infrastructure and click Next. Figure 108 ZyXEL Wireless Client Chapter 7 Tutorials 2 Add a new profile. It is also the SSID (name) of the wireless network. 1 Open the wireless client utility and click Profile. This example uses "ZYXEL_WPA" as the name. Figure 109 ZyXEL Wireless Client > Profile ZyWALL USG 20/20W User's Guide 151
User Guide
Page 152
Configure wlan_user as the security type and click Next. In TTLS Protocol, select PAP. Chapter 7 Tutorials 3 Select WPA2 as the Login Name and enter the account's password (also wlan_user in this example. Click Next. Figure 111 ZyXEL Wireless Client > Profile: Security Settings 152 ZyWALL USG 20/20W User's Guide Figure 110 ZyXEL Wireless Client > Profile: Security Type 4 Set the encryption type to TKIP and the EAP type to TTLS.
Configure wlan_user as the security type and click Next. In TTLS Protocol, select PAP. Chapter 7 Tutorials 3 Select WPA2 as the Login Name and enter the account's password (also wlan_user in this example. Click Next. Figure 111 ZyXEL Wireless Client > Profile: Security Settings 152 ZyWALL USG 20/20W User's Guide Figure 110 ZyXEL Wireless Client > Profile: Security Type 4 Set the encryption type to TKIP and the EAP type to TTLS.
User Guide
Page 153
Figure 112 ZyXEL Wireless Client > Profile: Save Chapter 7 Tutorials 6 Click Activate Now. Figure 113 ZyXEL Wireless Client > Profile: Activate ZyWALL USG 20/20W User's Guide 153 5 Confirm your settings and click Save.
Figure 112 ZyXEL Wireless Client > Profile: Save Chapter 7 Tutorials 6 Click Activate Now. Figure 113 ZyXEL Wireless Client > Profile: Activate ZyWALL USG 20/20W User's Guide 153 5 Confirm your settings and click Save.
User Guide
Page 154
Figure 115 Odyssey Access Client Manager > Profiles 154 ZyWALL USG 20/20W User's Guide Figure 114 ZyXEL Wireless Client > Profile: Activate Since the ZyXEL utility does not have the wireless client validate the ZyWALL's certificate, you can go to Section 7.13.3.4 on page 162. 7.13.3.2 Configure the Funk Odyssey Wireless Client This example shows how to configure...
Figure 115 Odyssey Access Client Manager > Profiles 154 ZyWALL USG 20/20W User's Guide Figure 114 ZyXEL Wireless Client > Profile: Activate Since the ZyXEL utility does not have the wireless client validate the ZyWALL's certificate, you can go to Section 7.13.3.4 on page 162. 7.13.3.2 Configure the Funk Odyssey Wireless Client This example shows how to configure...
User Guide
Page 211
ZyWALL USG 20/20W User's Guide 211 myZyXEL.com myZyXEL.com is ZyXEL's online services center where you can register your ZyWALL and activate a service using the Registration screen. Alternatively, go to http:// www.myZyXEL.com with myZyXEL.com and activate a service, such as content filtering. • ...
ZyWALL USG 20/20W User's Guide 211 myZyXEL.com myZyXEL.com is ZyXEL's online services center where you can register your ZyWALL and activate a service using the Registration screen. Alternatively, go to http:// www.myZyXEL.com with myZyXEL.com and activate a service, such as content filtering. • ...
User Guide
Page 433
...VPN Login Domain Name SSL VPN Login Domain Name 1/2 Specify the IP address of the ZyWALL's DDNS entries. The domain name must be registered to one of the ZyWALL (or a gateway device) for SSL VPN login. ZyWALL USG 20/20W User's Guide 433 Use this screen to set the IP address of two WAN ... mode access, enter access messages or upload a custom logo to be one of the ZyWALL's IP addresses or be displayed on your network for each of the ZyWALL (or a gateway device) on the remote user screen. For example, www.zyxel.com is a fully qualified domain name where "www" is the host; The...
...VPN Login Domain Name SSL VPN Login Domain Name 1/2 Specify the IP address of the ZyWALL's DDNS entries. The domain name must be registered to one of the ZyWALL (or a gateway device) for SSL VPN login. ZyWALL USG 20/20W User's Guide 433 Use this screen to set the IP address of two WAN ... mode access, enter access messages or upload a custom logo to be one of the ZyWALL's IP addresses or be displayed on your network for each of the ZyWALL (or a gateway device) on the remote user screen. For example, www.zyxel.com is a fully qualified domain name where "www" is the host; The...
User Guide
Page 434
... Apply to save the changes and/or start the file transfer process. 4 Log in as a user to verify that the new logo displays properly. 434 ZyWALL USG 20/20W User's Guide Logout Message Specify a message to display on the remote user computer. The file size must be displayed on the web browser on... the screen when a user logs out and the SSL VPN connection is recommended. Click Reset Logo to Default to display the ZyXEL company logo on the remote user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 Click...
... Apply to save the changes and/or start the file transfer process. 4 Log in as a user to verify that the new logo displays properly. 434 ZyWALL USG 20/20W User's Guide Logout Message Specify a message to display on the remote user computer. The file size must be displayed on the web browser on... the screen when a user logs out and the SSL VPN connection is recommended. Click Reset Logo to Default to display the ZyXEL company logo on the remote user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 Click...
User Guide
Page 452
Figure 277 ZyWALL SecuExtender Uninstallation 452 ZyWALL USG 20/20W User's Guide Figure 276 Uninstalling the ZyWALL SecuExtender Confirmation 3 Windows uninstalls the ZyWALL SecuExtender. Chapter 27 ZyWALL SecuExtender connected but not send any traffic through it until you right-click the icon and...click the icon and select Stop Connection to disconnect the SSL VPN tunnel. 27.6 Uninstalling the ZyWALL SecuExtender Do the following if you need to remove the ZyWALL SecuExtender. 1 Click start > All Programs > ZyXEL > ZyWALL SecuExtender > Uninstall. 2 In the confirmation screen, click Yes.
Figure 277 ZyWALL SecuExtender Uninstallation 452 ZyWALL USG 20/20W User's Guide Figure 276 Uninstalling the ZyWALL SecuExtender Confirmation 3 Windows uninstalls the ZyWALL SecuExtender. Chapter 27 ZyWALL SecuExtender connected but not send any traffic through it until you right-click the icon and...click the icon and select Stop Connection to disconnect the SSL VPN tunnel. 27.6 Uninstalling the ZyWALL SecuExtender Do the following if you need to remove the ZyWALL SecuExtender. 1 Click start > All Programs > ZyXEL > ZyWALL SecuExtender > Uninstall. 2 In the confirmation screen, click Yes.
User Guide
Page 488
....tw/news/ pressroom.php, the domain name is news/pressroom.php. 488 ZyWALL USG 20/20W User's Guide For example, with the URL www.zyxel.com.tw/news/pressroom.php, the file path is www.zyxel.com.tw. External Web Filtering Service When you specify. When a matching policy is the characters that has millions of...
....tw/news/ pressroom.php, the domain name is news/pressroom.php. 488 ZyWALL USG 20/20W User's Guide For example, with the URL www.zyxel.com.tw/news/pressroom.php, the file path is www.zyxel.com.tw. External Web Filtering Service When you specify. When a matching policy is the characters that has millions of...
User Guide
Page 489
...Configuration > Anti-X > Content Filter > General to enable content filtering, view and order ZyWALL USG 20/20W User's Guide 489 It would also find "news" in the domain name (www.zyxel.com.tw). Chapter 30 Content Filtering Since the ZyWALL checks the URL's domain name (or IP address) and file path separately, it would... not find "tw/news". Use this screen to open the Content Filter General screen. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the ZyWALL would find "tw" in the file path (news/pressroom.php) but it will not find items that go across the two....
...Configuration > Anti-X > Content Filter > General to enable content filtering, view and order ZyWALL USG 20/20W User's Guide 489 It would also find "news" in the domain name (www.zyxel.com.tw). Chapter 30 Content Filtering Since the ZyWALL checks the URL's domain name (or IP address) and file path separately, it would... not find "tw/news". Use this screen to open the Content Filter General screen. For example, with the URL www.zyxel.com.tw/news/pressroom.php, the ZyWALL would find "tw" in the file path (news/pressroom.php) but it will not find items that go across the two....
User Guide
Page 510
...filtering by adding them to this list. Click this to be allowed by pointing to this proxy server. For example, entering "zyxel.com" also allows "www.zyxel.com", "partner.zyxel.com", "press.zyxel.com", and so on ID. Select an entry and click this to create a new entry. When a proxy server is... not matter. Select an entry and click this to be allowed by adding them to allow all kinds. In certain cases, it . 510 ZyWALL USG 20/20W User's Guide Do not enter the complete URL of all .com domains. Some web servers use them to this to delete it may...
...filtering by adding them to this list. Click this to be allowed by pointing to this proxy server. For example, entering "zyxel.com" also allows "www.zyxel.com", "partner.zyxel.com", "press.zyxel.com", and so on ID. Select an entry and click this to create a new entry. When a proxy server is... not matter. Select an entry and click this to be allowed by adding them to allow all kinds. In certain cases, it . 510 ZyWALL USG 20/20W User's Guide Do not enter the complete URL of all .com domains. Some web servers use them to this to delete it may...
User Guide
Page 515
Click your ZyWALL using the Rename button in the Service Management screen (see Figure 305 on page 516). Figure 304 myZyXEL.com: Welcome ZyWALL USG 20/20W User's Guide 515 You can change the descriptive name for your ZyWALL's model name and/or MAC address under Registered ZyXEL Products (the ZyWALL 70 is shown as an example here). Chapter 31 Content Filter Reports 3 A welcome screen displays.
Click your ZyWALL using the Rename button in the Service Management screen (see Figure 305 on page 516). Figure 304 myZyXEL.com: Welcome ZyWALL USG 20/20W User's Guide 515 You can change the descriptive name for your ZyWALL's model name and/or MAC address under Registered ZyXEL Products (the ZyWALL 70 is shown as an example here). Chapter 31 Content Filter Reports 3 A welcome screen displays.
User Guide
Page 543
Figure 320 Configuration > User/Group > User > Add ZyWALL USG 20/20W User's Guide 543 If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used ...-users • operator • sync • admin • any • devicehaecived • ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd To access this screen, go to be alphabetical (A-Z a-z), an...
Figure 320 Configuration > User/Group > User > Add ZyWALL USG 20/20W User's Guide 543 If you enter a user 'bob' but use 'BOB' when connecting via CIFS or FTP, it will use the account settings used ...-users • operator • sync • admin • any • devicehaecived • ftp • lp • mail • radius-users • root • uucp • zyxel • bin • games • news • shutdown • daemon • halt • nobody • sshd To access this screen, go to be alphabetical (A-Z a-z), an...
User Guide
Page 577
... Active Directory (or LDAP) screen. Click Configuration > Object > AAA Server > Active Directory (or LDAP) to display the ZyWALL USG 20/20W User's Guide 577 For example, o=ZyXEL, c=US. 37.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to... Table 171 Configuration > Object > AAA Server > Active Directory (or LDAP) LABEL DESCRIPTION Add Edit Remove Object References Click this screen. The ZyWALL confirms you can use in this to create a new entry. Figure 342 Configuration > Object > AAA Server > Active Directory (or LDAP) ...
... Active Directory (or LDAP) screen. Click Configuration > Object > AAA Server > Active Directory (or LDAP) to display the ZyWALL USG 20/20W User's Guide 577 For example, o=ZyXEL, c=US. 37.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to... Table 171 Configuration > Object > AAA Server > Active Directory (or LDAP) LABEL DESCRIPTION Add Edit Remove Object References Click this screen. The ZyWALL confirms you can use in this to create a new entry. Figure 342 Configuration > Object > AAA Server > Active Directory (or LDAP) ...
User Guide
Page 579
For example, o=ZyXEL, c=US. In this attribute is not in the Username field and click Test. Bind DN Search timeout occurs ...(s) or the AD or LDAP server(s) is to check to determine to which group a user belongs. For example, o=ZyXEL, c=US. Click Cancel to discard the changes. 37.3 RADIUS Server Summary Use the RADIUS screen to manage the list of identifier that... from the server specified above to save the changes. Use a user account from the AD or LDAP server. ZyWALL USG 20/20W User's Guide 579 You can use to log in ) to bind (or log in . If required, enter ...
For example, o=ZyXEL, c=US. In this attribute is not in the Username field and click Test. Bind DN Search timeout occurs ...(s) or the AD or LDAP server(s) is to check to determine to which group a user belongs. For example, o=ZyXEL, c=US. Click Cancel to discard the changes. 37.3 RADIUS Server Summary Use the RADIUS screen to manage the list of identifier that... from the server specified above to save the changes. Use a user account from the AD or LDAP server. ZyWALL USG 20/20W User's Guide 579 You can use to log in ) to bind (or log in . If required, enter ...
User Guide
Page 580
... or select it before the ZyWALL disconnects from the RADIUS server. For example, o=ZyXEL, c=US. In this value unless your network administrator instructs you can modify the entry's settings. Base DN This specifies a directory. Timeout The key is down. Click Apply to its last-saved settings. 580 ZyWALL USG 20/20W User's Guide Click Reset...
... or select it before the ZyWALL disconnects from the RADIUS server. For example, o=ZyXEL, c=US. In this value unless your network administrator instructs you can modify the entry's settings. Base DN This specifies a directory. Timeout The key is down. Click Apply to its last-saved settings. 580 ZyWALL USG 20/20W User's Guide Click Reset...