User Guide
Page 14
... the DMZ 157 7.12.1 Turn On the ALG ...159 7.12.2 Create the Address Objects 159 7.12.3 Setup a NAT Policy for the IPPBX 160 7.12.4 Set Up a WAN to DMZ Firewall Rule for SIP 161 7.12.5 Set Up a DMZ to LAN Firewall Rule for SIP 162 7.13 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 163 7.13.1 Create the Public IP Address Range Object 163 7.13.2 Configure the Policy Route 164 14 ZyWALL USG 2000 User's Guide
... the DMZ 157 7.12.1 Turn On the ALG ...159 7.12.2 Create the Address Objects 159 7.12.3 Setup a NAT Policy for the IPPBX 160 7.12.4 Set Up a WAN to DMZ Firewall Rule for SIP 161 7.12.5 Set Up a DMZ to LAN Firewall Rule for SIP 162 7.13 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 163 7.13.1 Create the Public IP Address Range Object 163 7.13.2 Configure the Policy Route 164 14 ZyWALL USG 2000 User's Guide
User Guide
Page 59
... certificates. DNS Configure the DNS server and address records for user sessions, and rules to force user authentication. Setting Manage default settings for all users, general settings for the ZyWALL. Address Address Create and manage host, range, and network (subnet) addresses. Configure the default Active Directory settings. Create and manage groups of users. LDAP-Default Configure the default LDAP settings. Auth. SSL Application Create SSL web application or file sharing objects. System Host Name Configure the system and domain name for PPPoE/PPTP interfaces...
... certificates. DNS Configure the DNS server and address records for user sessions, and rules to force user authentication. Setting Manage default settings for all users, general settings for the ZyWALL. Address Address Create and manage host, range, and network (subnet) addresses. Configure the default Active Directory settings. Create and manage groups of users. LDAP-Default Configure the default LDAP settings. Auth. SSL Application Create SSL web application or file sharing objects. System Host Name Configure the system and domain name for PPPoE/PPTP interfaces...
User Guide
Page 95
... it as objects. Some of the ZyWALL's features and settings. When you change an object's settings, the ZyWALL automatically updates all the firewall, application patrol, content filter, and other settings that store information used by other settings use these ZyWALL USG 2000 User's Guide 95 After you configure the trunk, you configure the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as well. (You might also...
... it as objects. Some of the ZyWALL's features and settings. When you change an object's settings, the ZyWALL automatically updates all the firewall, application patrol, content filter, and other settings that store information used by other settings use these ZyWALL USG 2000 User's Guide 95 After you configure the trunk, you configure the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as well. (You might also...
User Guide
Page 213
... the port speed and duplex setting (Full or Half). The auxiliary interface is enabled and connected. HA Status Disconnected - Zone IP Address n/a - This is either the static IP address of the interface in the virtual router. ZyWALL USG 2000 User's Guide 213 The Ethernet interface is a backup). The auxiliary interface is disabled or did not receive an IP address and subnet mask via DHCP. This field displays the status of the interface (if it is the master) or the management IP address (if...
... the port speed and duplex setting (Full or Half). The auxiliary interface is enabled and connected. HA Status Disconnected - Zone IP Address n/a - This is either the static IP address of the interface in the virtual router. ZyWALL USG 2000 User's Guide 213 The Ethernet interface is a backup). The auxiliary interface is disabled or did not receive an IP address and subnet mask via DHCP. This field displays the status of the interface (if it is the master) or the management IP address (if...
User Guide
Page 229
... interface does not provide any services to update the IP address for virtual interfaces on top of the Ethernet interfaces. Down - This is either the static IP address of the interface (if it is the master) or the management IP address (if it was last connected. Use this interface. If there is a backup). Device HA is not functioning in the virtual router. This field displays how the interface gets its IP address from the ZyWALL on the interface. DHCP Client - ZyWALL USG 2000 User's Guide...
... interface does not provide any services to update the IP address for virtual interfaces on top of the Ethernet interfaces. Down - This is either the static IP address of the interface (if it is the master) or the management IP address (if it was last connected. Use this interface. If there is a backup). Device HA is not functioning in the virtual router. This field displays how the interface gets its IP address from the ZyWALL on the interface. DHCP Client - ZyWALL USG 2000 User's Guide...
User Guide
Page 284
...; Enable and disable RIP in which direction(s) routing information is exchanged - For example, if you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. To access this screen, click an Edit icon in each direction - The ZyWALL can use Ethernet interfaces to which the interface belongs. • Override the default link cost and authentication method for the selected area. • Select in the underlying physical port or port group...
...; Enable and disable RIP in which direction(s) routing information is exchanged - For example, if you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. To access this screen, click an Edit icon in each direction - The ZyWALL can use Ethernet interfaces to which the interface belongs. • Override the default link cost and authentication method for the selected area. • Select in the underlying physical port or port group...
User Guide
Page 286
... firewall, IDP, remote management, anti-virus, and application patrol. for connecting to an external network (like the Internet). The ZyWALL automatically adds default SNAT settings for connecting to a local network. External is to WAN traffic. The ZyWALL automatically adds this if the interface is not used elsewhere. It can use this button to change this interface to which type of network you select Internal or External the rest of configuration Settings / Hide fields. It is assigned to change the corresponding LAN subnet address...
... firewall, IDP, remote management, anti-virus, and application patrol. for connecting to an external network (like the Internet). The ZyWALL automatically adds default SNAT settings for connecting to a local network. External is to WAN traffic. The ZyWALL automatically adds this if the interface is not used elsewhere. It can use this button to change this interface to which type of network you select Internal or External the rest of configuration Settings / Hide fields. It is assigned to change the corresponding LAN subnet address...
User Guide
Page 288
... the network. Gateway Check this address Select this case, the ZyWALL can assign every IP address allowed by the interface's IP address and subnet mask, except for the network. Specify the port number to use for the connectivity check. DHCP Setting These fields appear when Interface Properties is the DHCP server for the first address (network address), last address (broadcast address) and the interface's IP address. 288 ZyWALL USG 2000 User's Guide the ZyWALL does not provide any DHCP services. DHCP Relay - The ZyWALL is Internal or General. IP Pool Start Address...
... the network. Gateway Check this address Select this case, the ZyWALL can assign every IP address allowed by the interface's IP address and subnet mask, except for the network. Specify the port number to use for the connectivity check. DHCP Setting These fields appear when Interface Properties is the DHCP server for the first address (network address), last address (broadcast address) and the interface's IP address. 288 ZyWALL USG 2000 User's Guide the ZyWALL does not provide any DHCP services. DHCP Relay - The ZyWALL is Internal or General. IP Pool Start Address...
User Guide
Page 298
... with this interface. Check Period Enter the number of seconds to wait for a response before the ZyWALL stops routing through this interface. 298 ZyWALL USG 2000 User's Guide Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with the gateway you specify to make sure it is a failure. Chapter 13 Interfaces Table 62 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Interface Parameters Egress...
... with this interface. Check Period Enter the number of seconds to wait for a response before the ZyWALL stops routing through this interface. 298 ZyWALL USG 2000 User's Guide Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with the gateway you specify to make sure it is a failure. Chapter 13 Interfaces Table 62 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Interface Parameters Egress...
User Guide
Page 303
... APN from the ISP's server. Idle timeout This value specifies the time in seconds (0~360) that you selected Device in the profile selection. APN Select Custom to configure your ISP instructed you want the cellular interface to manually input the APN (Access Point Name) provided by your service provider. Connections with a GSM or HSDPA 3G card. ZyWALL USG 2000 User's Guide 303 Chapter 13 Interfaces The following table describes...
... APN from the ISP's server. Idle timeout This value specifies the time in seconds (0~360) that you selected Device in the profile selection. APN Select Custom to configure your ISP instructed you want the cellular interface to manually input the APN (Access Point Name) provided by your service provider. Connections with a GSM or HSDPA 3G card. ZyWALL USG 2000 User's Guide 303 Chapter 13 Interfaces The following table describes...
User Guide
Page 305
... gateway. IP Address Assignment ZyWALL USG 2000 User's Guide 305 Check Method Select the method that domain name or IP address in the field next to wait for the interface. Check Timeout Enter the number of seconds to it into smaller fragments. Enter that the gateway allows. Check Port This field only displays when you can configure a policy route to the gateway the first time the gateway passes the connectivity check. Chapter 13 Interfaces Table 65 Configuration > Network > Interface > Cellular > Add...
... gateway. IP Address Assignment ZyWALL USG 2000 User's Guide 305 Check Method Select the method that domain name or IP address in the field next to wait for the interface. Check Timeout Enter the number of seconds to it into smaller fragments. Enter that the gateway allows. Check Port This field only displays when you can configure a policy route to the gateway the first time the gateway passes the connectivity check. Chapter 13 Interfaces Table 65 Configuration > Network > Interface > Cellular > Add...
User Guide
Page 314
... this to turn on this interface. Enter the maximum amount of traffic, in bytes, that was configured first. Usually, this to specify a domain name or IP address for the connectivity check. Check Timeout Enter the number of consecutive failures before the attempt is 1500. Check Fail Tolerance Enter the number of seconds to it is reserved for future use for the OPT, LAN and DMZ interfaces. 314 ZyWALL USG 2000 User's Guide Interface Parameters Egress...
... this to turn on this interface. Enter the maximum amount of traffic, in bytes, that was configured first. Usually, this to specify a domain name or IP address for the connectivity check. Check Timeout Enter the number of consecutive failures before the attempt is 1500. Check Fail Tolerance Enter the number of seconds to it is reserved for future use for the OPT, LAN and DMZ interfaces. 314 ZyWALL USG 2000 User's Guide Interface Parameters Egress...
User Guide
Page 392
... port this NAT rule supports a range of original destination ports this NAT rule supports one server supports more details. This field is available if Mapping Type is Port. For example, if you do not enable NAT loopback, this NAT rule forwards packets. Select to which translated destination IP address subnet or IP address range this NAT rule only applies to packets received on the rule's specified incoming interface. 392 ZyWALL USG 2000 User's Guide If you configure a NAT rule to forward traffic...
... port this NAT rule supports a range of original destination ports this NAT rule supports one server supports more details. This field is available if Mapping Type is Port. For example, if you do not enable NAT loopback, this NAT rule forwards packets. Select to which translated destination IP address subnet or IP address range this NAT rule only applies to packets received on the rule's specified incoming interface. 392 ZyWALL USG 2000 User's Guide If you configure a NAT rule to forward traffic...
User Guide
Page 403
... LAN IP address A ZyWALL USG 2000 User's Guide 403 Examples would be on the ZyWALL's private networks. Likewise, configuring the application patrol to use custom port numbers for SIP traffic also configures SIP ALG to use policy routing to -peer SIP calls. Configure another policy route to have H.323 (or SIP) calls from the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT...
... LAN IP address A ZyWALL USG 2000 User's Guide 403 Examples would be on the ZyWALL's private networks. Likewise, configuring the application patrol to use custom port numbers for SIP traffic also configures SIP ALG to use policy routing to -peer SIP calls. Configure another policy route to have H.323 (or SIP) calls from the WAN zone to the LAN zone. • The SIP ALG allows UDP packets with Multiple Outgoing Calls When you configure the firewall and NAT...
User Guide
Page 494
... HTTPS connection to the ZyWALL to access and log into the network through the ZyWALL. If instructed by your network administrator, you how to access the login screen. Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address of 1.6. Example screens for more information. Chapter 27 SSL User Screens System Requirements Here are shown. 494 ZyWALL USG 2000 User's Guide...
... HTTPS connection to the ZyWALL to access and log into the network through the ZyWALL. If instructed by your network administrator, you how to access the login screen. Required Information A remote user needs the following information from the network administrator to log in and access network resources. • the domain name or IP address of 1.6. Example screens for more information. Chapter 27 SSL User Screens System Requirements Here are shown. 494 ZyWALL USG 2000 User's Guide...
User Guide
Page 674
... list. Link Status This tells whether the monitored interface's connection is inactive. If this ZyWALL is the master ZyWALL's (static) IP address and subnet mask for Secure FTP when synchronizing with the specified master ZyWALL. These fields are blank if the interface is set to the backup role, enter the port number to use this port number in the same subnet as the interface's IP address (the virtual router IP address). Server Address Every interface's management IP address must use active-passive mode device HA, the ZyWALL is enabled...
... list. Link Status This tells whether the monitored interface's connection is inactive. If this ZyWALL is the master ZyWALL's (static) IP address and subnet mask for Secure FTP when synchronizing with the specified master ZyWALL. These fields are blank if the interface is set to the backup role, enter the port number to use this port number in the same subnet as the interface's IP address (the virtual router IP address). Server Address Every interface's management IP address must use active-passive mode device HA, the ZyWALL is enabled...
User Guide
Page 816
... IP addresses the access can be used to connect to the ZyWALL over SSH. 50.7.4 Configuring SSH Click Configuration > System > SSH to change your ZyWALL's Secure Shell settings. Chapter 50 System 2 Encryption Method Once the identification is verified, both the client and server must install an SSH client program on a client computer (Windows or Linux operating system) that is established between the client and the server. The SSH server is implemented on the type of encryption method to use. 3 Authentication...
... IP addresses the access can be used to connect to the ZyWALL over SSH. 50.7.4 Configuring SSH Click Configuration > System > SSH to change your ZyWALL's Secure Shell settings. Chapter 50 System 2 Encryption Method Once the identification is verified, both the client and server must install an SSH client program on a client computer (Windows or Linux operating system) that is established between the client and the server. The SSH server is implemented on the type of encryption method to use. 3 Authentication...
User Guide
Page 933
... tried to add more than the maximum number of DNS has been appended. Set timezone to %s. %s is rule number ZyWALL USG 2000 User's Guide 933 Disable daylight saving. DNS access control rule %u has been inserted. Otherwise it An administrator changed the time zone back to the default (0). If this interface is unlink/disconnect or link/connect, this log will be reapplied due to Device HA status is Active DHCP's DNS option:%s has changed the console port baud rate...
... tried to add more than the maximum number of DNS has been appended. Set timezone to %s. %s is rule number ZyWALL USG 2000 User's Guide 933 Disable daylight saving. DNS access control rule %u has been inserted. Otherwise it An administrator changed the time zone back to the default (0). If this interface is unlink/disconnect or link/connect, this log will be reapplied due to Device HA status is Active DHCP's DNS option:%s has changed the console port baud rate...
User Guide
Page 1066
... phases 442 fragmentation 445 L2TP VPN 517 local network 441 local policy 449 manual key 448 NetBIOS 448 peer 441 1066 ZyWALL USG 2000 User's Guide Index and layer-3 virtualization 278 and NAT 391 and physical ports 96, 278 and policy routes 355 and static routes 359 and VPN gateways 444 and VRRP groups 677 and zones 96, 278 as DHCP relays 333 as DHCP servers 333, 784 auxiliary, see also auxiliary interface.
... phases 442 fragmentation 445 L2TP VPN 517 local network 441 local policy 449 manual key 448 NetBIOS 448 peer 441 1066 ZyWALL USG 2000 User's Guide Index and layer-3 virtualization 278 and NAT 391 and physical ports 96, 278 and policy routes 355 and static routes 359 and VPN gateways 444 and VRRP groups 677 and zones 96, 278 as DHCP relays 333 as DHCP servers 333, 784 auxiliary, see also auxiliary interface.
User Guide
Page 1072
... users 690 user attributes 703 RADIUS server troubleshooting 882 RDP 766 real-time alert message 965 Real-time Transport Protocol, see RTP RealVNC 766 reboot 42, 865 vs reset 865 record route 582 Reference Guide, CLI 3 registration 265 and content filtering 622, 624, 626 configuration overview 104 prerequisites 104 product 1054 subscription services, see subscription services registration status anti-virus 552 application patrol 532 IDP 566 ZyWALL USG 2000 User's Guide
... users 690 user attributes 703 RADIUS server troubleshooting 882 RDP 766 real-time alert message 965 Real-time Transport Protocol, see RTP RealVNC 766 reboot 42, 865 vs reset 865 record route 582 Reference Guide, CLI 3 registration 265 and content filtering 622, 624, 626 configuration overview 104 prerequisites 104 product 1054 subscription services, see subscription services registration status anti-virus 552 application patrol 532 IDP 566 ZyWALL USG 2000 User's Guide