User Guide
Page 59
... Click Go to Dashboard to skip the installation setup wizard or click Next to configure the WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 20/20W User's Guide 59 Figure 23 Installation Setup Wizard • Click the double arrow in this screen to start configuring for background information... - This chapter provides information on configuring the Web Configurator's installation setup wizard. This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup Wizard screen displays.
... Click Go to Dashboard to skip the installation setup wizard or click Next to configure the WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 20/20W User's Guide 59 Figure 23 Installation Setup Wizard • Click the double arrow in this screen to start configuring for background information... - This chapter provides information on configuring the Web Configurator's installation setup wizard. This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup Wizard screen displays.
User Guide
Page 61
... WAN connection will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected Auto as given to 64 characters long. • Authentication Type - Options are: ZyWALL USG 20/20W User's Guide 61 Auto displays if you selected static IP address assignment. Enter a DNS server's IP address(es). Figure 26 Internet...
... WAN connection will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected Auto as given to 64 characters long. • Authentication Type - Options are: ZyWALL USG 20/20W User's Guide 61 Auto displays if you selected static IP address assignment. Enter a DNS server's IP address(es). Figure 26 Internet...
User Guide
Page 90
... and Zone Configuration This section introduces the ZyWALL's default zone member physical interfaces and the default configuration of physical ports P2 and P3 on the ZyWALL). Figure 50 Default Network Topology Table 14 ZyWALL USG 20 Default Port, Interface, and Zone Configuration PORT INTERFACE ZONE IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS P1 P2, P3 wan1 lan1 P4...
... and Zone Configuration This section introduces the ZyWALL's default zone member physical interfaces and the default configuration of physical ports P2 and P3 on the ZyWALL). Figure 50 Default Network Topology Table 14 ZyWALL USG 20 Default Port, Interface, and Zone Configuration PORT INTERFACE ZONE IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS P1 P2, P3 wan1 lan1 P4...
User Guide
Page 92
Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide Examples of internal interfaces are set as the packets match an entry in > Defragmentation >...; You do not need to configure anything to all of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines the packets and determines how to bottom....range of private network addresses to a range of the external interfaces to WAN traffic). The ZyWALL automatically adds all LAN to the default WAN trunk.
Chapter 6 Configuration Basics Traffic in one 92 ZyWALL USG 20/20W User's Guide Examples of internal interfaces are set as the packets match an entry in > Defragmentation >...; You do not need to configure anything to all of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines the packets and determines how to bottom....range of private network addresses to a range of the external interfaces to WAN traffic). The ZyWALL automatically adds all LAN to the default WAN trunk.
User Guide
Page 96
Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide MENU ITEM(S) Configuration > Network > Interface > Trunk PREREQUISITES Interfaces WHERE USED Policy routes Example: See Chapter 7 on page 88... PREREQUISITES Internet access to myZyXEL.com 6.5.3 Interface See Section 6.2 on page 107. 6.5.5 Policy Routes Use policy routes to override the ZyWALL's default routing behavior in the DMZ zone and uses a private IP address. MENU ITEM(S) PREREQUISITES Configuration > Network > Interface (except Network > Interface > Trunk) Port groups (configured in the Interface ...
Most of the ZyWALL), port triggering, 96 ZyWALL USG 20/20W User's Guide MENU ITEM(S) Configuration > Network > Interface > Trunk PREREQUISITES Interfaces WHERE USED Policy routes Example: See Chapter 7 on page 88... PREREQUISITES Internet access to myZyXEL.com 6.5.3 Interface See Section 6.2 on page 107. 6.5.5 Policy Routes Use policy routes to override the ZyWALL's default routing behavior in the DMZ zone and uses a private IP address. MENU ITEM(S) PREREQUISITES Configuration > Network > Interface (except Network > Interface > Trunk) Port groups (configured in the Interface ...
User Guide
Page 100
...default, the firewall only allows management connections from the SIP proxy server on DMZ to the LAN so VoIP users on the LAN can configure firewall rules based on the ZyWALL. You could configure a firewall rule to allow VoIP sessions from the LAN or WAN zone. You can receive calls. 100 ZyWALL USG 20...) and services (or service groups). MENU ITEM(S) Configuration > Network > ALG 6.5.12 Auth. Chapter 6 Configuration Basics 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for VoIP calls. You can also specify additional signaling port ...
...default, the firewall only allows management connections from the SIP proxy server on DMZ to the LAN so VoIP users on the LAN can configure firewall rules based on the ZyWALL. You could configure a firewall rule to allow VoIP sessions from the LAN or WAN zone. You can receive calls. 100 ZyWALL USG 20...) and services (or service groups). MENU ITEM(S) Configuration > Network > ALG 6.5.12 Auth. Chapter 6 Configuration Basics 5 Specify the IP address of the HTTP proxy server. 6 Specify the port number to use for VoIP calls. You can also specify additional signaling port ...
User Guide
Page 102
...subscribed to the content filter service. 1 Create a user account for a specific IP address, destination port or IP range and specify allowed amounts of the wizards. MENU ITEM(S) Configuration > Anti-X ...limited download speed of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP to specific.... You must have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide You can define which user accounts (or groups) can subscribe using the menu ...
...subscribed to the content filter service. 1 Create a user account for a specific IP address, destination port or IP range and specify allowed amounts of the wizards. MENU ITEM(S) Configuration > Anti-X ...limited download speed of 200 kbps from LAN zone to WAN zone (default). 4 Set BWM inbound value to 200kbps and keep the default values for all other fields. 6.5.17 ADP Use ADP to specific.... You must have not done so already (Configuration > Object > User/Group). 102 ZyWALL USG 20/20W User's Guide You can define which user accounts (or groups) can subscribe using the menu ...
User Guide
Page 107
... how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 90 for details. ZyWALL USG 20/20W User's Guide 107 Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator to apply ...so you create a new VPN zone. • The wan1 interface uses a static IP address of using the Web Configurator, see Section 6.2.2 on page 43 for the default configuration). • You want to be able to set up features in the ZyWALL. CHAPTER 7 Tutorials Here are examples of 1.2.3.4.
... how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 90 for details. ZyWALL USG 20/20W User's Guide 107 Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator to apply ...so you create a new VPN zone. • The wan1 interface uses a static IP address of using the Web Configurator, see Section 6.2.2 on page 43 for the default configuration). • You want to be able to set up features in the ZyWALL. CHAPTER 7 Tutorials Here are examples of 1.2.3.4.
User Guide
Page 109
... Port Roles Example 7.1.3 Configure the DMZ Interface for a separate local network. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to set the dmz interface (created in the previous section) for a Local Network Here is how to ...Interface > Ethernet > Edit wan1 7.1.2 Configure Port Roles Here is how to connected DHCP clients. ZyWALL USG 20/20W User's Guide 109 Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet ...
... Port Roles Example 7.1.3 Configure the DMZ Interface for a separate local network. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to set the dmz interface (created in the previous section) for a Local Network Here is how to ...Interface > Ethernet > Edit wan1 7.1.2 Configure Port Roles Here is how to connected DHCP clients. ZyWALL USG 20/20W User's Guide 109 Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet ...
User Guide
Page 119
The new VPN connection was assigned to establish the VPN tunnel. ZyWALL USG 20/20W User's Guide 119 Click OK. Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on ) that apply to -... IPSec_VPN zone. If you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). By default, there are no security restrictions on the IPSec_VPN zone, so, next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should set up security policies (firewall rules and...
The new VPN connection was assigned to establish the VPN tunnel. ZyWALL USG 20/20W User's Guide 119 Click OK. Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on ) that apply to -... IPSec_VPN zone. If you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). By default, there are no security restrictions on the IPSec_VPN zone, so, next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should set up security policies (firewall rules and...
User Guide
Page 135
...ZyWALL USG 20/20W User's Guide 135 Configure a name for -H323 IP address to go to LAN1 IP address 192.168.1.56. Here is how to configure a firewall rule to -LAN traffic drops all traffic. Figure 89 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default ...firewall rule for -H323). Set the Mapped IP to NAT 1:1. Chapter 7 Tutorials 2 Click Configuration > Network > NAT > Add. You want the LAN H.323 device to receive ...
...ZyWALL USG 20/20W User's Guide 135 Configure a name for -H323 IP address to go to LAN1 IP address 192.168.1.56. Here is how to configure a firewall rule to -LAN traffic drops all traffic. Figure 89 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default ...firewall rule for -H323). Set the Mapped IP to NAT 1:1. Chapter 7 Tutorials 2 Click Configuration > Network > NAT > Add. You want the LAN H.323 device to receive ...
User Guide
Page 138
... Figure 94 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 343... for IP address 1.1.1.1, users can just go to the domain name to access the HTTP server. Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. 138 ZyWALL USG 20/20W User's Guide
... Figure 94 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 343... for IP address 1.1.1.1, users can just go to the domain name to access the HTTP server. Chapter 7 Tutorials • Keep Enable NAT Loopback selected to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. 138 ZyWALL USG 20/20W User's Guide
User Guide
Page 143
• Click OK. ZyWALL USG 20/20W User's Guide 143 Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to for IP address 1.1.1.2, users can use it to connect to the IPPBX. If a domain name is registered for making SIP calls.
• Click OK. ZyWALL USG 20/20W User's Guide 143 Figure 100 Configuration > Network > NAT > Add Chapter 7 Tutorials 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to for IP address 1.1.1.2, users can use it to connect to the IPPBX. If a domain name is registered for making SIP calls.
User Guide
Page 144
...LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to the SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide Set the Access field to allow the IPPBX to send SIP traffic to allow... and click OK. IPPBX_DMZ is the destination because the ZyWALL applies NAT to the IPPBX's DMZ IP address object (DMZ_SIP). Chapter 7 Tutorials 1 Click Configuration > Firewall >...
...LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to the SIP clients on the LAN. 144 ZyWALL USG 20/20W User's Guide Set the Access field to allow the IPPBX to send SIP traffic to allow... and click OK. IPPBX_DMZ is the destination because the ZyWALL applies NAT to the IPPBX's DMZ IP address object (DMZ_SIP). Chapter 7 Tutorials 1 Click Configuration > Firewall >...
User Guide
Page 148
...clients support WPA2, select WPA2-Enterprise as follows. The ZyWALL can modify it to the WLAN interface. Click OK. 148 ZyWALL USG 20/20W User's Guide The ZyWALL's security settings are configured by zones. Configure the interface's IP address and set it if you want to belong (the... WLAN zone in this example). This determines which security zone you want the WLAN interface to . You can use its default ...
...clients support WPA2, select WPA2-Enterprise as follows. The ZyWALL can modify it to the WLAN interface. Click OK. 148 ZyWALL USG 20/20W User's Guide The ZyWALL's security settings are configured by zones. Configure the interface's IP address and set it if you want to belong (the... WLAN zone in this example). This determines which security zone you want the WLAN interface to . You can use its default ...
User Guide
Page 169
...Status This field displays details about the active sessions. Fallback to the ZyWALL's DHCP clients and the IP addresses reserved for the first time or you intentionally reset the ZyWALL to display the Show CPU Usage icon that are currently logged in to... the ZyWALL. System default configuration - The ZyWALL was unable to apply the startup-config.conf configuration file and fell back to see details about the ZyWALL's startup state. Firmware update OK - The application of the ZyWALL's processing capability is still applying the system configuration. ZyWALL USG 20/20W...
...Status This field displays details about the active sessions. Fallback to the ZyWALL's DHCP clients and the IP addresses reserved for the first time or you intentionally reset the ZyWALL to display the Show CPU Usage icon that are currently logged in to... the ZyWALL. System default configuration - The ZyWALL was unable to apply the startup-config.conf configuration file and fell back to see details about the ZyWALL's startup state. Firmware update OK - The application of the ZyWALL's processing capability is still applying the system configuration. ZyWALL USG 20/20W...
User Guide
Page 227
... options do not automatically adjust and you may also need to change this interface to the default WAN trunk. IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. This option appears when Interface Properties is assigned to its destination. Enter... same network as firewall, remote management. This option appears when Interface Properties is read -only. Enter the IP address of this interface is not used elsewhere. ZyWALL USG 20/20W User's Guide 227 It is to add routing and SNAT settings for traffic flowing from a DHCP server...
... options do not automatically adjust and you may also need to change this interface to the default WAN trunk. IP Address Assignment Get Automatically These IP address fields configure an IP address on page 715. This option appears when Interface Properties is assigned to its destination. Enter... same network as firewall, remote management. This option appears when Interface Properties is read -only. Enter the IP address of this interface is not used elsewhere. ZyWALL USG 20/20W User's Guide 227 It is to add routing and SNAT settings for traffic flowing from a DHCP server...
User Guide
Page 228
... Select this to turn on this value is External or General. Check Default Select this to specify a domain name or IP address for the connectivity check. Gateway Check this address Select this to use the default gateway for the connectivity check. Enter that the gateway allows. Ingress Bandwidth... of seconds to wait for future use based on this interface. If two or more gateways have the ZyWALL regularly ping the gateway you specify to make sure it . 228 ZyWALL USG 20/20W User's Guide Check Fail Tolerance Enter the number of traffic, in kilobits per second, the...
... Select this to turn on this value is External or General. Check Default Select this to specify a domain name or IP address for the connectivity check. Gateway Check this address Select this to use the default gateway for the connectivity check. Enter that the gateway allows. Ingress Bandwidth... of seconds to wait for future use based on this interface. If two or more gateways have the ZyWALL regularly ping the gateway you specify to make sure it . 228 ZyWALL USG 20/20W User's Guide Check Fail Tolerance Enter the number of traffic, in kilobits per second, the...
User Guide
Page 666
...: 3 The CLI screen displays next. 43.9 Telnet You can come. 666 ZyWALL USG 20/20W User's Guide If this is the first time you are connecting to the ZyWALL using the default IP address of known hosts. Figure 403 SSH Example 2: Log in to the ZyWALL. Enter "telnet 192.168.1.1 22" at a terminal prompt and press [ENTER...
...: 3 The CLI screen displays next. 43.9 Telnet You can come. 666 ZyWALL USG 20/20W User's Guide If this is the first time you are connecting to the ZyWALL using the default IP address of known hosts. Figure 403 SSH Example 2: Log in to the ZyWALL. Enter "telnet 192.168.1.1 22" at a terminal prompt and press [ENTER...
User Guide
Page 741
...Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P2, P3) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P2, P3) Default Password 1234 This table provides hardware specifications. Table 229 Hardware Specifications FEATURE SPECIFICATION Ethernet Interfaces Number of key features. This table provides basic device specifications. It is not included. ZyWALL USG 20... connector 1, 2.0 plug and play See www.zyxel.com for the supported 3G cards. 12V DC Temperature: 0 C to 40 C Humidity: 20% to 95% (non-condensing) Temperature: -30 C to 60 C Humidity...
...Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P2, P3) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P2, P3) Default Password 1234 This table provides hardware specifications. Table 229 Hardware Specifications FEATURE SPECIFICATION Ethernet Interfaces Number of key features. This table provides basic device specifications. It is not included. ZyWALL USG 20... connector 1, 2.0 plug and play See www.zyxel.com for the supported 3G cards. 12V DC Temperature: 0 C to 40 C Humidity: 20% to 95% (non-condensing) Temperature: -30 C to 60 C Humidity...