User Guide
Page 5
...ZyWALL USG 2000 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that the information in operating systems, operating system versions, or if you received your device. About This User's Guide See http://www.zyxel....com/web/contact_us.php for your device. • Brief description of the problem and the steps you took to ensure that you installed updated firmware/software for contact information. Disclaimer Graphics in ...
...ZyWALL USG 2000 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that the information in operating systems, operating system versions, or if you received your device. About This User's Guide See http://www.zyxel....com/web/contact_us.php for your device. • Brief description of the problem and the steps you took to ensure that you installed updated firmware/software for contact information. Disclaimer Graphics in ...
User Guide
Page 28
... ...847 52.1.1 What You Can Do in this Chapter 847 52.1.2 What you Need to Know 847 52.2 The Configuration File Screen 850 52.3 The Firmware Package Screen 854 52.4 The Shell Script Screen 856 Chapter 53 Diagnostics...859 53.1 Overview ...859 53.1.1 What You Can Do in this Chapter 859... 55 Shutdown...867 55.1 Overview ...867 55.1.1 What You Need To Know 867 55.2 The Shutdown Screen ...867 Chapter 56 Troubleshooting...869 56.1 Resetting the ZyWALL ...886 56.2 Changing a Power Module 887 56.3 Getting More Troubleshooting Help 889 28 ZyWALL USG 2000 User's Guide
... ...847 52.1.1 What You Can Do in this Chapter 847 52.1.2 What you Need to Know 847 52.2 The Configuration File Screen 850 52.3 The Firmware Package Screen 854 52.4 The Shell Script Screen 856 Chapter 53 Diagnostics...859 53.1 Overview ...859 53.1.1 What You Can Do in this Chapter 859... 55 Shutdown...867 55.1 Overview ...867 55.1.1 What You Need To Know 867 55.2 The Shutdown Screen ...867 Chapter 56 Troubleshooting...869 56.1 Resetting the ZyWALL ...886 56.2 Changing a Power Module 887 56.3 Getting More Troubleshooting Help 889 28 ZyWALL USG 2000 User's Guide
User Guide
Page 42
Not doing so can cause the firmware to its default values and then reboots. It does not turn off or remove the power. The ZyWALL powers up again) occurs when you use the Reboot button in the Reboot screen or when you turn on the power A cold... command before you turn off the power to the ZyWALL. Wait for the device to network resources. 42 ZyWALL USG 2000 User's Guide Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. The ZyWALL simply turns off. Rebooting the ZyWALL A warm start occurs when you use the reboot ...
Not doing so can cause the firmware to its default values and then reboots. It does not turn off or remove the power. The ZyWALL powers up again) occurs when you use the Reboot button in the Reboot screen or when you turn on the power A cold... command before you turn off the power to the ZyWALL. Wait for the device to network resources. 42 ZyWALL USG 2000 User's Guide Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. The ZyWALL simply turns off. Rebooting the ZyWALL A warm start occurs when you use the reboot ...
User Guide
Page 58
...mail against DNS Black Lists. Filter Profile Create and manage the detailed filtering rules for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. AppPatrol General Enable or disable traffic management by application and see the status... HA global settings, and see registration and signature information. Object 58 ZyWALL USG 2000 User's Guide Common Manage traffic of each interface monitored by signature name or attributes and configure how the ZyWALL uses them. Signature Search for signatures by device HA. Content Filter ...
...mail against DNS Black Lists. Filter Profile Create and manage the detailed filtering rules for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. AppPatrol General Enable or disable traffic management by application and see the status... HA global settings, and see registration and signature information. Object 58 ZyWALL USG 2000 User's Guide Common Manage traffic of each interface monitored by signature name or attributes and configure how the ZyWALL uses them. Signature Search for signatures by device HA. Content Filter ...
User Guide
Page 60
...firmware. Firmware Package View the current firmware version and to send. See Chapter 9 on page 209 for the ZyWALL. Table 7 Maintenance Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for more information about the Dashboard screen. 60 ZyWALL USG 2000... e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files, run shell script files for an out of this document. Shell Script Manage and run diagnostics, and reboot or ...
...firmware. Firmware Package View the current firmware version and to send. See Chapter 9 on page 209 for the ZyWALL. Table 7 Maintenance Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for more information about the Dashboard screen. 60 ZyWALL USG 2000... e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files, run shell script files for an out of this document. Shell Script Manage and run diagnostics, and reboot or ...
User Guide
Page 101
... to route them and applies destination NAT. Even with the earlier 2.1x firmware's routing table.The checking flow is from the previous version. 6.4.2 Routing Table Checking Flow Enhancements When the ZyWALL receives packets it examines the packets and determines how to Override Direct Route... use an existing configuration file from top to the other checks, for an address in one of the ZyWALL's interfaces. Figure 65 Routing Table Checking Flow Enhancements 1 Direct-connected Subnets: The ZyWALL first checks to see Section 15.1 on to bottom. ZyWALL USG 2000 User's Guide 101
... to route them and applies destination NAT. Even with the earlier 2.1x firmware's routing table.The checking flow is from the previous version. 6.4.2 Routing Table Checking Flow Enhancements When the ZyWALL receives packets it examines the packets and determines how to Override Direct Route... use an existing configuration file from top to the other checks, for an address in one of the ZyWALL's interfaces. Figure 65 Routing Table Checking Flow Enhancements 1 Direct-connected Subnets: The ZyWALL first checks to see Section 15.1 on to bottom. ZyWALL USG 2000 User's Guide 101
User Guide
Page 102
...traffic that did not match any earlier routing entries but the main routing table has been retained for backwards compatibility with the earlier 2.1x firmware's NAT table.The checking flow is from virtual server. See Chapter 15 on page 347 for dynamic IPSec rules up above the policy... interface or VPN tunnel. See Chapter 15 on page 390 for more. 4 Auto VPN Policy: The ZyWALL automatically creates these routing entries for more information. 6 Default WAN Trunk: For any of the sections, the 102 ZyWALL USG 2000 User's Guide See Section 19.2.1 on page 347 for the VPN rules.
...traffic that did not match any earlier routing entries but the main routing table has been retained for backwards compatibility with the earlier 2.1x firmware's NAT table.The checking flow is from virtual server. See Chapter 15 on page 347 for dynamic IPSec rules up above the policy... interface or VPN tunnel. See Chapter 15 on page 390 for more. 4 Auto VPN Policy: The ZyWALL automatically creates these routing entries for more information. 6 Default WAN Trunk: For any of the sections, the 102 ZyWALL USG 2000 User's Guide See Section 19.2.1 on page 347 for the VPN rules.
User Guide
Page 117
Not doing so can cause the firmware to become corrupt. MENU ITEM(S) Maintenance > Shutdown ZyWALL USG 2000 User's Guide 117 Chapter 6 Configuration Basics Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power.
Not doing so can cause the firmware to become corrupt. MENU ITEM(S) Maintenance > Shutdown ZyWALL USG 2000 User's Guide 117 Chapter 6 Configuration Basics Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power.
User Guide
Page 212
... assigned to physical port 1, the second MAC address is displayed in one MAC address. Flash Usage This field displays what percentage of each interface. 212 ZyWALL USG 2000 User's Guide Click the Detail icon to go to open the screen where you to a chart of the... displays the version number and date of both VPN and UTM. Click the Show Active Sessions icon to identify the ZyWALL on . The SEM-DUAL provides the benefits of the firmware the ZyWALL is currently being used . The SEM-VPN provides 500 Mbps VPN throughput, 2,000 IPSec VPN tunnels, and 750 SSL VPN...
... assigned to physical port 1, the second MAC address is displayed in one MAC address. Flash Usage This field displays what percentage of each interface. 212 ZyWALL USG 2000 User's Guide Click the Detail icon to go to open the screen where you to a chart of the... displays the version number and date of both VPN and UTM. Click the Show Active Sessions icon to identify the ZyWALL on . The SEM-DUAL provides the benefits of the firmware the ZyWALL is currently being used . The SEM-VPN provides 500 Mbps VPN throughput, 2,000 IPSec VPN tunnels, and 750 SSL VPN...
User Guide
Page 215
... PWR1 and PWR2. Source IP This is the current status of the license. The application of the configuration failed after firmware update - The ZyWALL was unable to apply the startup-config.conf configuration file and fell back to the system default configuration file (system-default...Fallback to system default configuration - Check the power module's connection or replace the module. Top 5 Viruses # This is the entry's rank in progress - ZyWALL USG 2000 User's Guide 215 Click the icon to pop-open a list of the users who are . See Section 9.2.6 on a single power module if one ...
... PWR1 and PWR2. Source IP This is the current status of the license. The application of the configuration failed after firmware update - The ZyWALL was unable to apply the startup-config.conf configuration file and fell back to the system default configuration file (system-default...Fallback to system default configuration - Check the power module's connection or replace the module. Top 5 Viruses # This is the entry's rank in progress - ZyWALL USG 2000 User's Guide 215 Click the icon to pop-open a list of the users who are . See Section 9.2.6 on a single power module if one ...
User Guide
Page 272
... field displays the date and time the set that the ZyWALL is defined by Kaspersky. Current Version Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to signature update e-mail notifications. This field...Update > Anti-Virus to display the following fields display information on the current signature set was released. 272 ZyWALL USG 2000 User's Guide Go to https://mysecurity.zyxel.com/ mysecurity/ to this number regularly. v2.0 has more virus signatures and offers improved nonexecutable file scan ...
... field displays the date and time the set that the ZyWALL is defined by Kaspersky. Current Version Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to signature update e-mail notifications. This field...Update > Anti-Virus to display the following fields display information on the current signature set was released. 272 ZyWALL USG 2000 User's Guide Go to https://mysecurity.zyxel.com/ mysecurity/ to this number regularly. v2.0 has more virus signatures and offers improved nonexecutable file scan ...
User Guide
Page 552
... TCP port 143. Current Version Signature Number Released Date Update Signatures Apply Reset Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to its last-saved settings. 552 ZyWALL USG 2000 User's Guide v2.0 has more virus signatures and offers improved nonexecutable file scan throughput. This...
... TCP port 143. Current Version Signature Number Released Date Update Signatures Apply Reset Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to its last-saved settings. 552 ZyWALL USG 2000 User's Guide v2.0 has more virus signatures and offers improved nonexecutable file scan throughput. This...
User Guide
Page 555
...while you download the firmware package. Click Cancel to exit this screen without saving your changes. Click the heading cell again to display the screen shown next. Figure 399 Configuration > Anti-X > Anti-Virus > Black/White List > Black List ZyWALL USG 2000 User's Guide 555 The ZyWALL cannot unzip password ...reverse the sort order. There are also limits to the number of virus file patterns. The ZyWALL classifies the firmware package as not being able to clear this option, the ZyWALL deletes ZIP files that use password encryption. Click OK to sort the table entries by that column...
...while you download the firmware package. Click Cancel to exit this screen without saving your changes. Click the heading cell again to display the screen shown next. Figure 399 Configuration > Anti-X > Anti-Virus > Black/White List > Black List ZyWALL USG 2000 User's Guide 555 The ZyWALL cannot unzip password ...reverse the sort order. There are also limits to the number of virus file patterns. The ZyWALL classifies the firmware package as not being able to clear this option, the ZyWALL deletes ZIP files that use password encryption. Click OK to sort the table entries by that column...
User Guide
Page 597
Requests for Comments) and abnormal flows such as port scanning, sweeping or network flooding. ZyWALL USG 2000 User's Guide 597 It operates at OSI layer-2 and layer-3. This is in this Chapter • Use Anti-X > ADP > General (Section 35.2 on page .... • Use Anti-X > ADP > Profile (Section 35.3 on violations of protocol standards (RFCs - Traffic anomaly rules may be updated when you upload new firmware. ADP protects against abnormal behavior while IDP packet inspection signatures are in general effective for known attacks (see Chapter 34 on page 563 for information...
Requests for Comments) and abnormal flows such as port scanning, sweeping or network flooding. ZyWALL USG 2000 User's Guide 597 It operates at OSI layer-2 and layer-3. This is in this Chapter • Use Anti-X > ADP > General (Section 35.2 on page .... • Use Anti-X > ADP > Profile (Section 35.3 on violations of protocol standards (RFCs - Traffic anomaly rules may be updated when you upload new firmware. ADP protects against abnormal behavior while IDP packet inspection signatures are in general effective for known attacks (see Chapter 34 on page 563 for information...
User Guide
Page 598
...can apply ADP profiles to traffic flowing from one zone to another. Base ADP Profiles Base ADP profiles are packets that you upload new firmware. Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder. You can activate as a set of an ADP ... See Section 34.1.2 on page 563 for IDP-related term definitions. • See Section 35.4 on page 609 for more information. 598 ZyWALL USG 2000 User's Guide Chapter 35 ADP Protocol Anomalies Protocol anomalies are templates that do not comply with several base profiles. ADP Profile An ADP profile is...
...can apply ADP profiles to traffic flowing from one zone to another. Base ADP Profiles Base ADP profiles are packets that you upload new firmware. Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder. You can activate as a set of an ADP ... See Section 34.1.2 on page 563 for IDP-related term definitions. • See Section 35.4 on page 609 for more information. 598 ZyWALL USG 2000 User's Guide Chapter 35 ADP Protocol Anomalies Protocol anomalies are templates that do not comply with several base profiles. ADP Profile An ADP profile is...
User Guide
Page 605
...the final profile screen to complete the profile. 35.3.5 Protocol Anomaly Profiles Protocol anomaly is the action the ZyWALL should take the configured action. ZyWALL USG 2000 User's Guide 605 Cancel Click Cancel to return to the profile summary page without saving any changes. Click...) LABEL DESCRIPTION Name This is the name of detected flood packets per second that causes the ZyWALL to take when a packet matches a rule. Threshold For flood detection you upload new firmware. 35.3.6 Protocol Anomaly Configuration In the Configuration > Anti-X > ADP > Profile screen, click...
...the final profile screen to complete the profile. 35.3.5 Protocol Anomaly Profiles Protocol anomaly is the action the ZyWALL should take the configured action. ZyWALL USG 2000 User's Guide 605 Cancel Click Cancel to return to the profile summary page without saving any changes. Click...) LABEL DESCRIPTION Name This is the name of detected flood packets per second that causes the ZyWALL to take when a packet matches a rule. Threshold For flood detection you upload new firmware. 35.3.6 Protocol Anomaly Configuration In the Configuration > Anti-X > ADP > Profile screen, click...
User Guide
Page 668
... for example). Legacy mode configuration involves a greater degree of the same model and firmware version can use the same device HA mode (either active-passive or legacy). You can synchronize. Synchronization Use synchronization to the same services. 668 ZyWALL USG 2000 User's Guide Active-passive mode is the master or a backup. Note: Subscribe to...
... for example). Legacy mode configuration involves a greater degree of the same model and firmware version can use the same device HA mode (either active-passive or legacy). You can synchronize. Synchronization Use synchronization to the same services. 668 ZyWALL USG 2000 User's Guide Active-passive mode is the master or a backup. Note: Subscribe to...
User Guide
Page 743
... an example. # This field displays the certificate index number. Name This field displays the name used to open the My Certificates screen. ZyWALL USG 2000 User's Guide 743 When the storage space is currently in -depth list of your certificates. Edit Double-click an entry or select it ...to open a screen that you want to remove it and click Edit to the screen where you take this screen. Uploading a new firmware or default configuration file does not delete your certificates unless you should consider deleting expired or unnecessary certificates before doing so. To remove an...
... an example. # This field displays the certificate index number. Name This field displays the name used to open the My Certificates screen. ZyWALL USG 2000 User's Guide 743 When the storage space is currently in -depth list of your certificates. Edit Double-click an entry or select it ...to open a screen that you want to remove it and click Edit to the screen where you take this screen. Uploading a new firmware or default configuration file does not delete your certificates unless you should consider deleting expired or unnecessary certificates before doing so. To remove an...
User Guide
Page 753
...was created when the PKCS #12 file was exported. When the storage space is signed by one when you specifically delete them. ZyWALL USG 2000 User's Guide 753 Table 213 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in this screen. Subsequent ...consider deleting expired or unnecessary certificates before doing so. This screen displays a summary list of these certificates. Uploading a new firmware or default configuration file does not delete your certificates unless you take this list as trusted. Cancel Click Cancel to quit ...
...was created when the PKCS #12 file was exported. When the storage space is signed by one when you specifically delete them. ZyWALL USG 2000 User's Guide 753 Table 213 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in this screen. Subsequent ...consider deleting expired or unnecessary certificates before doing so. This screen displays a summary list of these certificates. Uploading a new firmware or default configuration file does not delete your certificates unless you take this list as trusted. Cancel Click Cancel to quit ...
User Guide
Page 783
... SNMP screen (see Section 50.10 on page 823) to configure SNMP settings, including from which zones SNMP can be used to access the ZyWALL. ZyWALL USG 2000 User's Guide 783 You can also specify from which IP addresses the access can come. • Use the System > FTP screen (see ... the System > TELNET screen (see Chapter 52 on page 847 for more information about firmware and configuration files. • Your ZyWALL can come . CHAPTER 50 System 50.1 Overview Use the system screens to configure general ZyWALL settings. 50.1.1 What You Can Do in this Chapter • Use the System >...
... SNMP screen (see Section 50.10 on page 823) to configure SNMP settings, including from which zones SNMP can be used to access the ZyWALL. ZyWALL USG 2000 User's Guide 783 You can also specify from which IP addresses the access can come. • Use the System > FTP screen (see ... the System > TELNET screen (see Chapter 52 on page 847 for more information about firmware and configuration files. • Your ZyWALL can come . CHAPTER 50 System 50.1 Overview Use the system screens to configure general ZyWALL settings. 50.1.1 What You Can Do in this Chapter • Use the System >...