User Guide
Page 37
...settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W User's Guide 37 You can create your own custom zones. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. The rest of this section provides more 3G (cellular) connections. It...server and many other powerful features. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP ...
...settings are made by zone, not by interface, port, or network. ZyWALL USG 20/20W User's Guide 37 You can create your own custom zones. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. The rest of this section provides more 3G (cellular) connections. It...server and many other powerful features. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP ...
User Guide
Page 77
... case-sensitive. Only the remote IPSec device can initiate the VPN tunnel. • Site-to an IPSec server. Choose this to connect to -site with Dynamic Peer - This ZyWALL can initiate the VPN tunnel. • Remote Access (Server Role) - Choose this to -site - ZyWALL USG 20/20W User's Guide 77 You may use 1-31 alphanumeric characters, underscores (_), or dashes...
... case-sensitive. Only the remote IPSec device can initiate the VPN tunnel. • Site-to an IPSec server. Choose this to connect to -site with Dynamic Peer - This ZyWALL can initiate the VPN tunnel. • Remote Access (Server Role) - Choose this to -site - ZyWALL USG 20/20W User's Guide 77 You may use 1-31 alphanumeric characters, underscores (_), or dashes...
User Guide
Page 81
... has a static IP address or a domain name. Choose this VPN connection (and VPN gateway). ZyWALL USG 20/20W User's Guide 81 Figure 44 VPN Advanced Wizard: Scenario Rule Name: Type the name used to identify this to -site - The clients have dynamic IP addresses and are also known as... 39 on the left of the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. This ZyWALL can initiate the VPN tunnel. • Site-to display the following screen. You may use 1-31 alphanumeric characters, underscores (_), or dashes ...
... has a static IP address or a domain name. Choose this VPN connection (and VPN gateway). ZyWALL USG 20/20W User's Guide 81 Figure 44 VPN Advanced Wizard: Scenario Rule Name: Type the name used to identify this to -site - The clients have dynamic IP addresses and are also known as... 39 on the left of the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. This ZyWALL can initiate the VPN tunnel. • Site-to display the following screen. You may use 1-31 alphanumeric characters, underscores (_), or dashes ...
User Guide
Page 84
...the site-to Diffie-Hellman Group 1 a 768 bit random number. Select this may affect throughput). MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/...security. SHA-1 gives higher security. You can also specify a subnet. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel. • Perfect Forward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is more secure, yet slower). • Local ...
...the site-to Diffie-Hellman Group 1 a 768 bit random number. Select this may affect throughput). MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 20/...security. SHA-1 gives higher security. You can also specify a subnet. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel. • Perfect Forward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is more secure, yet slower). • Local ...
User Guide
Page 101
... the Access field set to Allow and the Log field set to No. ZyWALL USG 20/20W User's Guide 101 Note: The ZyWALL checks the firewall rules in the sequence. 6.5.14 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. Make...
... the Access field set to Allow and the Log field set to No. ZyWALL USG 20/20W User's Guide 101 Note: The ZyWALL checks the firewall rules in the sequence. 6.5.14 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication. Make...
User Guide
Page 119
...LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection screen's Connect icon. 7.4.3 Configure Security Policies for the remote. Click OK. Under VPN Gateway select Site-to the IPSec_VPN zone. The new VPN connection was assigned to -site and the VPN gateway (VPN_GW_EXAMPLE). By ...router and try to connect to a device on zones. ZyWALL USG 20/20W User's Guide 119 Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on ) that apply to establish the VPN tunnel. If you should also allow UDP port 500 (...
...LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection screen's Connect icon. 7.4.3 Configure Security Policies for the remote. Click OK. Under VPN Gateway select Site-to the IPSec_VPN zone. The new VPN connection was assigned to -site and the VPN gateway (VPN_GW_EXAMPLE). By ...router and try to connect to a device on zones. ZyWALL USG 20/20W User's Guide 119 Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on ) that apply to establish the VPN tunnel. If you should also allow UDP port 500 (...
User Guide
Page 391
...VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. A secure VPN is an example of tunneling, encryption, authentication, access control and auditing. You can use the VPN tunnel and the IPSec SA settings (phase 2 settings). ZyWALL USG 20.../20W User's Guide 391 Internet Protocol Security (IPSec) is a standards-based VPN that uses ...
...VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer. A secure VPN is an example of tunneling, encryption, authentication, access control and auditing. You can use the VPN tunnel and the IPSec SA settings (phase 2 settings). ZyWALL USG 20.../20W User's Guide 391 Internet Protocol Security (IPSec) is a standards-based VPN that uses ...
User Guide
Page 393
... the remote policy. This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. This ZyWALL can initiate the VPN tunnel. ZyWALL USG 20/20W User's Guide 393 The remote IPSec router can also initiate the VPN tunnel if this ZyWALL can have dynamic IP addresses and are also known... related information on these screens. Only this ZyWALL has a static IP address or a domain name. Choose this if the remote IPSec router has a static IP address or a domain name. Table 113 IPSec VPN Application Scenarios SITE-TO-SITE SITE-TO-SITE WITH REMOTE ACCESS DYNAMIC PEER (SERVER ROLE)...
... the remote policy. This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. This ZyWALL can initiate the VPN tunnel. ZyWALL USG 20/20W User's Guide 393 The remote IPSec router can also initiate the VPN tunnel if this ZyWALL can have dynamic IP addresses and are also known... related information on these screens. Only this ZyWALL has a static IP address or a domain name. Choose this if the remote IPSec router has a static IP address or a domain name. Table 113 IPSec VPN Application Scenarios SITE-TO-SITE SITE-TO-SITE WITH REMOTE ACCESS DYNAMIC PEER (SERVER ROLE)...
User Guide
Page 398
... IPSec SA. NetBIOS packets are also known as dial-in users. It may use . 398 ZyWALL USG 20/20W User's Guide This ZyWALL can initiate the VPN tunnel. Choose this VPN connection is case-sensitive. VPN Gateway Select the VPN gateway this to -site - The clients have dynamic IP addresses and are TCP or UDP packets that best describes...
... IPSec SA. NetBIOS packets are also known as dial-in users. It may use . 398 ZyWALL USG 20/20W User's Guide This ZyWALL can initiate the VPN tunnel. Choose this VPN connection is case-sensitive. VPN Gateway Select the VPN gateway this to -site - The clients have dynamic IP addresses and are TCP or UDP packets that best describes...
User Guide
Page 428
... (EPS) checking makes sure users' computers comply with defined corporate policies before they can access the SSL VPN tunnel. Configure address objects for details on SSL application objects. 428 ZyWALL USG 20/20W User's Guide Finding Out More • See Section 6.5.15 on page 101 for related information on...addresses of the DNS and WINS servers that defines a range of the local computer, server, or web site SSL users are to be able to changes, the ZyWALL automatically propagates the changes through the SSL policies that is referenced by an SSL access policy. Configure an address...
... (EPS) checking makes sure users' computers comply with defined corporate policies before they can access the SSL VPN tunnel. Configure address objects for details on SSL application objects. 428 ZyWALL USG 20/20W User's Guide Finding Out More • See Section 6.5.15 on page 101 for related information on...addresses of the DNS and WINS servers that defines a range of the local computer, server, or web site SSL users are to be able to changes, the ZyWALL automatically propagates the changes through the SSL policies that is referenced by an SSL access policy. Configure an address...
User Guide
Page 437
...ZyWALL USG 20/20W User's Guide 437 CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN screens. Network Resource Access Methods As a remote user, you can access resources on the local network. Figure 258 Network Example WWW Internet A 25.1.1 What You Need to Know The ZyWALL...shows a network example where a remote user (A) logs into the ZyWALL, the ZyWALL automatically loads the ZyWALL SecuExtender client program to network resources such as if you can access intranet sites, web-based applications, or web-based e-mails using Microsoft Outlook ...
...ZyWALL USG 20/20W User's Guide 437 CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN screens. Network Resource Access Methods As a remote user, you can access resources on the local network. Figure 258 Network Example WWW Internet A 25.1.1 What You Need to Know The ZyWALL...shows a network example where a remote user (A) logs into the ZyWALL, the ZyWALL automatically loads the ZyWALL SecuExtender client program to network resources such as if you can access intranet sites, web-based applications, or web-based e-mails using Microsoft Outlook ...
User Guide
Page 439
...the One-Time Password field. 4 Click SSL VPN to access network resources. Figure 260 Login Security Screen 3 A login screen displays. Figure 261 Login Screen ZyWALL USG 20/20W User's Guide 439 Figure 259 Enter ...the Address in and establish an SSL VPN connection to the network to log in a Web Browser... 2 Click OK or Yes if a security screen displays. Enter the user name and password of the ZyWALL. Chapter 25...
...the One-Time Password field. 4 Click SSL VPN to access network resources. Figure 260 Login Security Screen 3 A login screen displays. Figure 261 Login Screen ZyWALL USG 20/20W User's Guide 439 Figure 259 Enter ...the Address in and establish an SSL VPN connection to the network to log in a Web Browser... 2 Click OK or Yes if a security screen displays. Enter the user name and password of the ZyWALL. Chapter 25...
User Guide
Page 447
... applications (such as web sites and e-mail) on the ZyWALL's configuration. 26.2 The Application Screen Click the Application tab to display the web screen in the Application screen to display the screen. Figure 272 Application ZyWALL USG 20/20W User's Guide 447 Which applications you can access depends on the network through the SSL VPN connection.
... applications (such as web sites and e-mail) on the ZyWALL's configuration. 26.2 The Application Screen Click the Application tab to display the web screen in the Application screen to display the screen. Figure 272 Application ZyWALL USG 20/20W User's Guide 447 Which applications you can access depends on the network through the SSL VPN connection.
User Guide
Page 615
... screen to specify the name of the local computer, server, or web site SSL users are displayed as links in SSL VPN. Depending on the application type, remote users can configure the following SSL application on the ZyWALL. • Web-based A web-based application allows remote users to access... of application and the address of a folder on a Linux or Windows file server which remote users can access using standard web browsers. ZyWALL USG 20/20W User's Guide 615 Configure an SSL application object to access. Remote User Screen Links Available SSL application names are to be able to...
... screen to specify the name of the local computer, server, or web site SSL users are displayed as links in SSL VPN. Depending on the application type, remote users can configure the following SSL application on the ZyWALL. • Web-based A web-based application allows remote users to access... of application and the address of a folder on a Linux or Windows file server which remote users can access using standard web browsers. ZyWALL USG 20/20W User's Guide 615 Configure an SSL application object to access. Remote User Screen Links Available SSL application names are to be able to...
User Guide
Page 616
...ZyWALL USG 20/20W User's Guide The remote user's computer does not use VNC or RDP client software. Chapter 41 SSL Application Remote Desktop Connections Use SSL VPN to allow remote users to access web sites. 41.1.3 Example: Specifying a Web Site for an internal web site. The address of the web site...to allow remote users to be managed must have VNC (Virtual Network Computing) or RDP (Remote Desktop Protocol) server software installed. The ZyWALL works with web page encryption. 1 Click Configuration > Object > SSL Application in Internet Explorer) VNC • RealVNC • TightVNC ...
...ZyWALL USG 20/20W User's Guide The remote user's computer does not use VNC or RDP client software. Chapter 41 SSL Application Remote Desktop Connections Use SSL VPN to allow remote users to access web sites. 41.1.3 Example: Specifying a Web Site for an internal web site. The address of the web site...to allow remote users to be managed must have VNC (Virtual Network Computing) or RDP (Remote Desktop Protocol) server software installed. The ZyWALL works with web page encryption. 1 Click Configuration > Object > SSL Application in Internet Explorer) VNC • RealVNC • TightVNC ...
User Guide
Page 619
...objects. For example, if you expect the SSL VPN users to display fewer fields. ZyWALL USG 20/20W User's Guide 619 Preview Remote users are not allowed. Server Type Specify the type of configuration fields. Select Weblink to create a link to a web site that you enter "\remote\" in this domain,...://" prefix. This field displays if the Server Type is not within this field, emote users can enter up to the specified web site hosted on the local network. This field displays if the Server Type is set to manage LAN computers that have Remote Desktop Protocol ...
...objects. For example, if you expect the SSL VPN users to display fewer fields. ZyWALL USG 20/20W User's Guide 619 Preview Remote users are not allowed. Server Type Specify the type of configuration fields. Select Weblink to create a link to a web site that you enter "\remote\" in this domain,...://" prefix. This field displays if the Server Type is not within this field, emote users can enter up to the specified web site hosted on the local network. This field displays if the Server Type is set to manage LAN computers that have Remote Desktop Protocol ...
User Guide
Page 733
.... Check the configuration for NAT traversal. If you assign the VPN tunnel and the zone from a computer at the other. ZyWALL USG 20/20W User's Guide 733 You must use the same authentication method to a computer at one site to establish the IKE SA. • Both routers must use the same negotiation mode. • Both...
.... Check the configuration for NAT traversal. If you assign the VPN tunnel and the zone from a computer at the other. ZyWALL USG 20/20W User's Guide 733 You must use the same authentication method to a computer at one site to establish the IKE SA. • Both routers must use the same negotiation mode. • Both...
User Guide
Page 947
... general characteristics 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 Index troubleshooting 729 types 89 interfaces 88, 107, 217 and DNS servers 287 and HTTP redirect 350...
... general characteristics 218 IP address 284 metric 285 MTU 286 overlapping IP address and subnet mask 285 port groups, see also VPN site-to-site with dynamic peer 398 static site-to-site 398 ZyWALL USG 20/20W User's Guide 947 Index troubleshooting 729 types 89 interfaces 88, 107, 217 and DNS servers 287 and HTTP redirect 350...
User Guide
Page 958
... basic characteristics 219 VoIP 251 VoIP pass through 358 and firewall 354 and NAT 354 and policy routes 353, 354 see also ALG 352 VPN 391 active protocol 421 and NAT 419 and the firewall 376 basic troubleshooting 732 IKE SA, see IKE SA IPSec 391 IPSec SA proposal 416... Local Area Network, see also HTTP redirect web site ZyXEL 4 web-based SSL application 615 configuration example 616 create 618 weblink 616 webroot-directory-traversal attack 485 weighted round robin (for load balancing) 290 white list (anti-spam) 521, 527, 529, 531 Wi-Fi Protected Access 812 958 ZyWALL USG 20/20W User's Guide
... basic characteristics 219 VoIP 251 VoIP pass through 358 and firewall 354 and NAT 354 and policy routes 353, 354 see also ALG 352 VPN 391 active protocol 421 and NAT 419 and the firewall 376 basic troubleshooting 732 IKE SA, see IKE SA IPSec 391 IPSec SA proposal 416... Local Area Network, see also HTTP redirect web site ZyXEL 4 web-based SSL application 615 configuration example 616 create 618 weblink 616 webroot-directory-traversal attack 485 weighted round robin (for load balancing) 290 white list (anti-spam) 521, 527, 529, 531 Wi-Fi Protected Access 812 958 ZyWALL USG 20/20W User's Guide
User Guide
Page 959
...WINS Windows Internet Naming Service, see also HTTP, HTTPS 130, 646 www.zyxel.com 4 Z zones 88, 327 and firewall 374, 384 and FTP 670 and interfaces 88, 327 and SNMP 674 and SSH 665 and Telnet 668 and VPN 88, 327 and WWW 650 block intra-zone traffic 330, 382 configuration ...overview 98 default 90 extra-zone traffic 328 inter-zone traffic 328 intra-zone traffic 328 prerequisites 98 types of traffic 328 where used 98 ZyWALL terminology differences 91 ZyXEL web site 4 ZyWALL USG 20/20W User's Guide 959...
...WINS Windows Internet Naming Service, see also HTTP, HTTPS 130, 646 www.zyxel.com 4 Z zones 88, 327 and firewall 374, 384 and FTP 670 and interfaces 88, 327 and SNMP 674 and SSH 665 and Telnet 668 and VPN 88, 327 and WWW 650 block intra-zone traffic 330, 382 configuration ...overview 98 default 90 extra-zone traffic 328 inter-zone traffic 328 intra-zone traffic 328 prerequisites 98 types of traffic 328 where used 98 ZyWALL terminology differences 91 ZyXEL web site 4 ZyWALL USG 20/20W User's Guide 959...